urlscan.io logo urlscan.io
SecurityTrails logo

heroinvesting.com Open in urlscan Pro
2600:9000:2251:400:6:1c12:bd80:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaig...
Submission: On November 22 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 94 IPs in 12 countries across 77 domains to perform 617 HTTP transactions. The main IP is 2600:9000:2251:400:6:1c12:bd80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is heroinvesting.com. The Cisco Umbrella rank of the primary domain is 216060.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 15th 2023. Valid for: a year.
This is the only time heroinvesting.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
22 2600:9000:225... 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
2 23.35.237.86 16625 (AKAMAI-AS)
6 2606:4700:303... 13335 (CLOUDFLAR...)
8 2606:4700:e2:... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
29 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 108.138.1.25 16509 (AMAZON-02)
2 38.133.127.95 22075 (AS-OUTBRAIN)
3 2001:4860:480... 15169 (GOOGLE)
2 2a02:2638:3::c 44788 (ASN-CRITE...)
1 99.86.4.30 16509 (AMAZON-02)
1 35.244.193.51 396982 (GOOGLE-CL...)
2 54.247.19.59 16509 (AMAZON-02)
2 162.19.138.120 16276 (OVH)
1 176.34.182.11 16509 (AMAZON-02)
2 2606:4700:440... 13335 (CLOUDFLAR...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
11 52.222.239.116 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
20 46.228.174.115 56396 (AMOBEE)
19 54.72.224.53 16509 (AMAZON-02)
10 2606:4700:440... 13335 (CLOUDFLAR...)
4 18 172.64.151.101 13335 (CLOUDFLAR...)
13 161.35.59.45 14061 (DIGITALOC...)
10 77.245.57.72 36057 (WEBAIR-IN...)
10 178.128.135.204 14061 (DIGITALOC...)
10 34.120.63.153 396982 (GOOGLE-CL...)
14 51.89.9.254 16276 (OVH)
10 173.237.69.68 7979 (SERVERS-COM)
10 18.196.182.172 16509 (AMAZON-02)
13 3.127.32.39 16509 (AMAZON-02)
14 216.52.2.16 30282 (AS-INAPCD...)
10 54.217.228.107 16509 (AMAZON-02)
5 16 208.93.169.131 46244 (WEBMD-IDC...)
10 18.202.39.252 16509 (AMAZON-02)
13 34.149.20.76 396982 (GOOGLE-CL...)
13 185.86.138.16 201081 (SMARTADSE...)
13 2602:803:c003... 26667 (RUBICONPR...)
16 34.236.226.253 14618 (AMAZON-AES)
10 199.212.255.179 25948 (FHMNET)
10 34.149.50.64 15169 (GOOGLE)
10 69.166.1.9 27630 (AS-XFERNET)
13 216.155.152.253 20473 (AS-CHOOPA)
10 3.126.136.176 16509 (AMAZON-02)
10 23.218.209.56 16625 (AKAMAI-AS)
3 14 145.40.97.66 54825 (PACKET)
8 54.84.92.154 14618 (AMAZON-AES)
6 213.239.211.175 24940 (HETZNER-AS)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 34.95.69.49 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 143.244.158.175 14061 (DIGITALOC...)
1 134.122.25.254 14061 (DIGITALOC...)
1 184.30.20.22 16625 (AKAMAI-AS)
22 2606:4700:e2:... 13335 (CLOUDFLAR...)
1 104.18.38.76 13335 (CLOUDFLAR...)
3 5 54.175.48.210 14618 (AMAZON-AES)
10 23.218.210.30 16625 (AKAMAI-AS)
1 172.240.155.68 7979 (SERVERS-COM)
5 67.202.105.24 32748 (STEADFAST)
3 4 76.223.111.18 16509 (AMAZON-02)
5 10 3.67.182.127 16509 (AMAZON-02)
5 8 142.250.186.130 15169 (GOOGLE)
9 12 185.89.210.46 29990 (ASN-APPNEX)
4 35.227.252.103 396982 (GOOGLE-CL...)
4 4 23.56.202.187 16625 (AKAMAI-AS)
4 185.64.190.79 62713 (AS-PUBMATIC)
1 1 35.214.146.66 15169 (GOOGLE)
2 2 44.212.103.88 14618 (AMAZON-AES)
1 178.250.1.9 44788 (ASN-CRITE...)
8 35.71.131.137 16509 (AMAZON-02)
1 2 52.46.143.56 16509 (AMAZON-02)
1 2607:ae80:192... 26558 (FREEWHEEL)
5 5 185.184.8.90 204995 (RTB-HOUSE...)
3 69.173.144.137 26667 (RUBICONPR...)
4 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2a02:fa8:8806... 41041 (VCLK-EU-SE)
3 69.166.1.66 27630 (AS-XFERNET)
8 8 46.228.174.117 56396 (AMOBEE)
2 2 2001:678:cb4:... 56396 (AMOBEE)
3 3.71.149.231 16509 (AMAZON-02)
3 54.72.113.40 16509 (AMAZON-02)
3 3.64.136.60 16509 (AMAZON-02)
2 2 81.17.55.109 60781 (LEASEWEB-...)
2 2 185.29.132.241 30419 (MEDIAMATH...)
2 2 2.19.100.239 16625 (AKAMAI-AS)
5 69.173.144.138 26667 (RUBICONPR...)
27 52.210.15.1 16509 (AMAZON-02)
2 2 3.125.12.15 16509 (AMAZON-02)
4 4 35.244.159.8 15169 (GOOGLE)
3 3 54.165.29.149 14618 (AMAZON-AES)
3 2a05:d018:d29... 16509 (AMAZON-02)
3 3 54.144.184.12 14618 (AMAZON-AES)
3 169.197.150.7 398989 (DEEPINTENT)
3 3 64.202.112.223 23352 (SERVERCEN...)
3 3 81.17.55.171 60781 (LEASEWEB-...)
4 4 37.157.2.229 198622 (ADFORM)
3 23.35.236.201 16625 (AKAMAI-AS)
3 3 124.146.153.170 2514 (INFOSPHER...)
1 2620:116:800d... 16509 (AMAZON-02)
1 185.64.190.78 62713 (AS-PUBMATIC)
2 52.39.33.138 16509 (AMAZON-02)
1 1 35.210.239.72 19527 (GOOGLE-2)
3 2606:4700:e2:... 13335 (CLOUDFLAR...)
617 94
22    2600:9000:2251:400:6:1c12:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
heroinvesting.com
1    2600:9000:223f:b600:3:6d3c:dac0:93a1 (United States)

ASN16509 (AMAZON-02, US)
adgarden.market
2    23.35.237.86 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-86.deploy.static.akamaitechnologies.com
amplify.outbrain.com
wave.outbrain.com
6    2606:4700:3034::6815:1d0d (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.heroinvesting.com
8    2606:4700:e2::ac40:8a0c (United States)

ASN13335 (CLOUDFLARENET, US)
vrl9rgsahh7mx6ndn.ay.delivery
4    2606:4700::6812:751 (United States)

ASN13335 (CLOUDFLARENET, US)
static.vidazoo.com
29    2606:4700:10::ac43:15e8 (United States)

ASN13335 (CLOUDFLARENET, US)
static.kueezrtb.com
u.kueezrtb.com
track.kueezrtb.com
gtrack.kueezrtb.com
2    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
3    108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net
c.amazon-adsystem.com
2    38.133.127.95 (Sacramento, United States)

ASN22075 (AS-OUTBRAIN, US)
tr.outbrain.com
3    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    99.86.4.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-30.fra6.r.cloudfront.net
config.aps.amazon-adsystem.com
1    35.244.193.51 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.193.244.35.bc.googleusercontent.com
lexicon.33across.com
2    54.247.19.59 (Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
d9.flashtalking.com
2    162.19.138.120 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533571.ip-162-19-138.eu
id5-sync.com
1    176.34.182.11 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-176-34-182-11.eu-west-1.compute.amazonaws.com
id.crwdcntrl.net
2    2606:4700:4400::6812:2b5a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.confiant-integrations.net
2    2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
11    52.222.239.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-239-116.fra56.r.cloudfront.net
aax.amazon-adsystem.com
2    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
20    46.228.174.115 (United Kingdom)

ASN56396 (AMOBEE, GB)
targeting.unrulymedia.com
19    54.72.224.53 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
g2.gumgum.com
rtb.gumgum.com
10    2606:4700:4400::ac40:994e (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
18    172.64.151.101 (United States)

ASN13335 (CLOUDFLARENET, US)
htlb.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
ssum.casalemedia.com
13    161.35.59.45 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebid.cootlogix.com
10    77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)
cpm.qortex.ai
10    178.128.135.204 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
brightcombid.marphezis.com
10    34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com
prebid.media.net
14    51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu
onetag-sys.com
10    173.237.69.68 (United States)

ASN7979 (SERVERS-COM, US)
colossusssp.com
10    18.196.182.172 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
tlx.3lift.com
13    3.127.32.39 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
14    216.52.2.16 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
10    54.217.228.107 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
hb.minutemedia-prebid.com
16    208.93.169.131 (United States)

ASN46244 (WEBMD-IDC1-AS, US)
bid.contextweb.com
bh.contextweb.com
10    18.202.39.252 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
hb.yellowblue.io
13    34.149.20.76 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
13    185.86.138.16 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
13    2602:803:c003:200::45 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
16    34.236.226.253 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-226-253.compute-1.amazonaws.com
pbs.nextmillmedia.com
10    199.212.255.179 (Canada)

ASN25948 (FHMNET, CA)
prebid.dblks.net
10    34.149.50.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.50.149.34.bc.googleusercontent.com
s.seedtag.com
10    69.166.1.9 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
13    216.155.152.253 (Piscataway, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 216.155.152.253.vultrusercontent.com
exchange.kueezrtb.com
10    3.126.136.176 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
grid.bidswitch.net
10    23.218.209.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-209-56.deploy.static.akamaitechnologies.com
a.teads.tv
14    145.40.97.66 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
prebid.a-mo.net
8    54.84.92.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-92-154.compute-1.amazonaws.com
report2.hb.brainlyads.com
6    213.239.211.175 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.213.239.211.175.clients.your-server.de
api.assertcom.de
3    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    2606:4700::6812:1691 (United States)

ASN13335 (CLOUDFLARENET, US)
cadmus.script.ac
2    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com
i.clean.gg
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    143.244.158.175 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.cootlogix.com
1    134.122.25.254 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.kueezrtb.com
1    184.30.20.22 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-22.deploy.static.akamaitechnologies.com
contextual.media.net
22    2606:4700:e2::ac40:8f15 (United States)

ASN13335 (CLOUDFLARENET, US)
s.0cf.io
1    104.18.38.76 (None, )

ASN13335 (CLOUDFLARENET, US)
js-sec.indexww.com
5    54.175.48.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-48-210.compute-1.amazonaws.com
cookies.nextmillmedia.com
10    23.218.210.30 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-210-30.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    172.240.155.68 (United States)

ASN7979 (SERVERS-COM, US)
sync.colossusssp.com
5    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
4    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
10    3.67.182.127 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-182-127.eu-central-1.compute.amazonaws.com
x.bidswitch.net
8    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
cm.g.doubleclick.net
12    185.89.210.46 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
secure.adnxs.com
4    35.227.252.103 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
4    23.56.202.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-202-187.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
4    185.64.190.79 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
1    35.214.146.66 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 66.146.214.35.bc.googleusercontent.com
csync.loopme.me
2    44.212.103.88 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-212-103-88.compute-1.amazonaws.com
i.liadm.com
1    178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
8    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
2    52.46.143.56 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    2607:ae80:192:1::172 (United States)

ASN26558 (FREEWHEEL, US)
ads.stickyadstv.com
5    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
3    69.173.144.137 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
prebid-server.rubiconproject.com
4    2606:4700:10::6816:37ce (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.connectad.io
sync-eu.connectad.io
3    2a02:fa8:8806:12::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)
prebid-match.dotomi.com
3    69.166.1.66 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
8    46.228.174.117 (United Kingdom)

ASN56396 (AMOBEE, GB)
sync.1rx.io
sync.targeting.unrulymedia.com
2    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
3    3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    54.72.113.40 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-113-40.eu-west-1.compute.amazonaws.com
ads.servenobid.com
3    3.64.136.60 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-136-60.eu-central-1.compute.amazonaws.com
match.sharethrough.com
2    81.17.55.109 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
ssbsync-global.smartadserver.com
2    185.29.132.241 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    2.19.100.239 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-100-239.deploy.static.akamaitechnologies.com
hbx.media.net
5    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
27    52.210.15.1 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
usersync.gumgum.com
2    3.125.12.15 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-12-15.eu-central-1.compute.amazonaws.com
pm.w55c.net
4    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
3    54.165.29.149 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-29-149.compute-1.amazonaws.com
sync.srv.stackadapt.com
3    2a05:d018:d29:3602:be7c:8786:5b47:1e53 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
3    54.144.184.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-184-12.compute-1.amazonaws.com
sync.ipredictive.com
3    169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
3    64.202.112.223 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
3    81.17.55.171 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
ssbsync.smartadserver.com
4    37.157.2.229 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
3    23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com
ads.pubmatic.com
3    124.146.153.170 (Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
1    2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
1    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    52.39.33.138 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-39-33-138.us-west-2.compute.amazonaws.com
prod.tahoe-analytics.publishers.advertising.a2z.com
1    35.210.239.72 (Brussels, Belgium)

ASN19527 (GOOGLE-2, US)
PTR: 72.239.210.35.bc.googleusercontent.com
u.ipw.metadsp.co.uk
3    2606:4700:e2::ac40:861f (United States)

ASN13335 (CLOUDFLARENET, US)
dblksync.dblks.net
Apex Domain
Subdomains		 Transfer
46 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1591
rtb.gumgum.com — Cisco Umbrella Rank: 1589
usersync.gumgum.com — Cisco Umbrella Rank: 2098
20 KB
43 kueezrtb.com
static.kueezrtb.com — Cisco Umbrella Rank: 12118
u.kueezrtb.com — Cisco Umbrella Rank: 13062
track.kueezrtb.com — Cisco Umbrella Rank: 10213
gtrack.kueezrtb.com — Cisco Umbrella Rank: 10209
exchange.kueezrtb.com — Cisco Umbrella Rank: 7864
sync.kueezrtb.com — Cisco Umbrella Rank: 7350
93 KB
35 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 513
eus.rubiconproject.com — Cisco Umbrella Rank: 602
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 969
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 776
token.rubiconproject.com — Cisco Umbrella Rank: 458
100 KB
28 heroinvesting.com
heroinvesting.com — Cisco Umbrella Rank: 216060
cdn.heroinvesting.com — Cisco Umbrella Rank: 406919
1 MB
22 0cf.io
s.0cf.io — Cisco Umbrella Rank: 11896
268 KB
22 unrulymedia.com
targeting.unrulymedia.com — Cisco Umbrella Rank: 792
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1268
3 KB
21 nextmillmedia.com
pbs.nextmillmedia.com — Cisco Umbrella Rank: 3246
cookies.nextmillmedia.com — Cisco Umbrella Rank: 2836
11 KB
20 bidswitch.net
grid.bidswitch.net — Cisco Umbrella Rank: 1165
x.bidswitch.net — Cisco Umbrella Rank: 351
6 KB
19 33across.com
lexicon.33across.com — Cisco Umbrella Rank: 1497
ssc.33across.com — Cisco Umbrella Rank: 3592
ssc-cms.33across.com — Cisco Umbrella Rank: 923
2 KB
18 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1611
ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1511
ssbsync.smartadserver.com — Cisco Umbrella Rank: 774
8 KB
18 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 511
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625
ssum.casalemedia.com — Cisco Umbrella Rank: 1451
15 KB
17 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 306
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 598
aax.amazon-adsystem.com — Cisco Umbrella Rank: 394
s.amazon-adsystem.com — Cisco Umbrella Rank: 310
76 KB
16 contextweb.com
bid.contextweb.com — Cisco Umbrella Rank: 3177
bh.contextweb.com — Cisco Umbrella Rank: 547
11 KB
16 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 984
match.sharethrough.com — Cisco Umbrella Rank: 559
2 KB
14 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 751
3 KB
14 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 683
5 KB
14 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 572
eb2.3lift.com — Cisco Umbrella Rank: 417
7 KB
14 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 746
4 KB
14 cootlogix.com
prebid.cootlogix.com — Cisco Umbrella Rank: 4723
sync.cootlogix.com — Cisco Umbrella Rank: 2264
4 KB
13 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1987
sync.go.sonobi.com — Cisco Umbrella Rank: 931
9 KB
13 dblks.net
prebid.dblks.net — Cisco Umbrella Rank: 81590
dblksync.dblks.net — Cisco Umbrella Rank: 13506
27 KB
13 media.net
prebid.media.net — Cisco Umbrella Rank: 1335
contextual.media.net — Cisco Umbrella Rank: 691
hbx.media.net — Cisco Umbrella Rank: 1337
23 KB
12 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 246
secure.adnxs.com — Cisco Umbrella Rank: 495
8 KB
12 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1523
mp.4dex.io — Cisco Umbrella Rank: 2070
28 KB
12 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 245
171 KB
11 colossusssp.com
colossusssp.com — Cisco Umbrella Rank: 1290
sync.colossusssp.com — Cisco Umbrella Rank: 1426
1 KB
10 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1462
4 KB
10 seedtag.com
s.seedtag.com — Cisco Umbrella Rank: 1735
15 KB
10 yellowblue.io
hb.yellowblue.io — Cisco Umbrella Rank: 2448
4 KB
10 minutemedia-prebid.com
hb.minutemedia-prebid.com — Cisco Umbrella Rank: 3706
4 KB
10 marphezis.com
brightcombid.marphezis.com — Cisco Umbrella Rank: 19722
2 KB
10 qortex.ai
cpm.qortex.ai — Cisco Umbrella Rank: 22266
3 KB
8 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 353
2 KB
8 pubmatic.com
image8.pubmatic.com — Cisco Umbrella Rank: 662
ads.pubmatic.com — Cisco Umbrella Rank: 534
image6.pubmatic.com — Cisco Umbrella Rank: 823
18 KB
8 openx.net
rtb.openx.net — Cisco Umbrella Rank: 695
us-u.openx.net — Cisco Umbrella Rank: 522
1 KB
8 brainlyads.com
report2.hb.brainlyads.com — Cisco Umbrella Rank: 4730
6 KB
8 ay.delivery
vrl9rgsahh7mx6ndn.ay.delivery — Cisco Umbrella Rank: 189402
313 KB
6 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 327
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492
1 KB
6 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 567
4 KB
6 assertcom.de
api.assertcom.de — Cisco Umbrella Rank: 10702
2 KB
5 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 592
2 KB
5 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1359
www.google.com — Cisco Umbrella Rank: 2
112 KB
4 adform.net
c1.adform.net — Cisco Umbrella Rank: 599
2 KB
4 connectad.io
cdn.connectad.io — Cisco Umbrella Rank: 5186
sync-eu.connectad.io — Cisco Umbrella Rank: 4363
2 KB
4 vidazoo.com
static.vidazoo.com — Cisco Umbrella Rank: 3115
118 KB
4 outbrain.com
amplify.outbrain.com — Cisco Umbrella Rank: 3022
tr.outbrain.com — Cisco Umbrella Rank: 2814
wave.outbrain.com — Cisco Umbrella Rank: 3006
9 KB
3 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1208
2 KB
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 580
927 B
3 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 1055
99 B
3 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 909
1 KB
3 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 689
3 KB
3 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 2437
871 B
3 dotomi.com
prebid-match.dotomi.com — Cisco Umbrella Rank: 2253
3 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 454
dis.criteo.com — Cisco Umbrella Rank: 597
739 B
3 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2462
326 B
2 a2z.com
prod.tahoe-analytics.publishers.advertising.a2z.com — Cisco Umbrella Rank: 2576
373 B
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 912
1 KB
2 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 1372
1 KB
2 turn.com
ad.turn.com — Cisco Umbrella Rank: 851
868 B
2 liadm.com
i.liadm.com — Cisco Umbrella Rank: 539
1 KB
2 gstatic.com
fonts.gstatic.com
173 KB
2 clean.gg
i.clean.gg — Cisco Umbrella Rank: 894
104 B
2 google.de
www.google.de — Cisco Umbrella Rank: 6862
563 B
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1481
104 KB
2 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 440
1 KB
2 flashtalking.com
d9.flashtalking.com — Cisco Umbrella Rank: 1807
12 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
158 KB
1 metadsp.co.uk
u.ipw.metadsp.co.uk — Cisco Umbrella Rank: 5190
238 B
1 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 764
154 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 566
655 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 940
286 B
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 674
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
4 KB
1 script.ac
cadmus.script.ac — Cisco Umbrella Rank: 1421
45 KB
1 crwdcntrl.net
id.crwdcntrl.net — Cisco Umbrella Rank: 2498
318 B
1 adgarden.market
adgarden.market — Cisco Umbrella Rank: 69361
8 KB
0 eu-1-id5-sync.com Failed
lb.eu-1-id5-sync.com Failed
617 77
Domain Requested by
27 usersync.gumgum.com rtb.gumgum.com
22 s.0cf.io vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
rtb.gumgum.com
22 heroinvesting.com heroinvesting.com
vrl9rgsahh7mx6ndn.ay.delivery
20 targeting.unrulymedia.com vrl9rgsahh7mx6ndn.ay.delivery
16 pbs.nextmillmedia.com vrl9rgsahh7mx6ndn.ay.delivery
cookies.nextmillmedia.com
ssum-sec.casalemedia.com
14 prebid.a-mo.net 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
14 ap.lijit.com vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
14 onetag-sys.com vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
13 exchange.kueezrtb.com vrl9rgsahh7mx6ndn.ay.delivery
13 fastlane.rubiconproject.com vrl9rgsahh7mx6ndn.ay.delivery
13 prg.smartadserver.com vrl9rgsahh7mx6ndn.ay.delivery
13 ssc.33across.com vrl9rgsahh7mx6ndn.ay.delivery
13 btlr.sharethrough.com vrl9rgsahh7mx6ndn.ay.delivery
13 prebid.cootlogix.com vrl9rgsahh7mx6ndn.ay.delivery
13 g2.gumgum.com vrl9rgsahh7mx6ndn.ay.delivery
13 gtrack.kueezrtb.com heroinvesting.com
13 track.kueezrtb.com heroinvesting.com
11 aax.amazon-adsystem.com c.amazon-adsystem.com
10 x.bidswitch.net 5 redirects ssum-sec.casalemedia.com
rtb.gumgum.com
10 eus.rubiconproject.com vrl9rgsahh7mx6ndn.ay.delivery
eus.rubiconproject.com
cookies.nextmillmedia.com
rtb.gumgum.com
10 a.teads.tv vrl9rgsahh7mx6ndn.ay.delivery
10 grid.bidswitch.net vrl9rgsahh7mx6ndn.ay.delivery
10 apex.go.sonobi.com vrl9rgsahh7mx6ndn.ay.delivery
10 s.seedtag.com vrl9rgsahh7mx6ndn.ay.delivery
10 prebid.dblks.net vrl9rgsahh7mx6ndn.ay.delivery
10 hb.yellowblue.io vrl9rgsahh7mx6ndn.ay.delivery
10 bid.contextweb.com vrl9rgsahh7mx6ndn.ay.delivery
10 hb.minutemedia-prebid.com vrl9rgsahh7mx6ndn.ay.delivery
10 tlx.3lift.com vrl9rgsahh7mx6ndn.ay.delivery
10 colossusssp.com vrl9rgsahh7mx6ndn.ay.delivery
10 prebid.media.net vrl9rgsahh7mx6ndn.ay.delivery
10 brightcombid.marphezis.com vrl9rgsahh7mx6ndn.ay.delivery
10 cpm.qortex.ai vrl9rgsahh7mx6ndn.ay.delivery
10 htlb.casalemedia.com vrl9rgsahh7mx6ndn.ay.delivery
10 mp.4dex.io vrl9rgsahh7mx6ndn.ay.delivery
8 match.adsrvr.org ssum-sec.casalemedia.com
s.0cf.io
rtb.gumgum.com
8 ib.adnxs.com 5 redirects
8 cm.g.doubleclick.net 5 redirects rtb.gumgum.com
8 report2.hb.brainlyads.com heroinvesting.com
8 vrl9rgsahh7mx6ndn.ay.delivery heroinvesting.com
vrl9rgsahh7mx6ndn.ay.delivery
6 sync.1rx.io 6 redirects
6 rtb.gumgum.com s.0cf.io
rtb.gumgum.com
6 bh.contextweb.com 5 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
6 api.assertcom.de vrl9rgsahh7mx6ndn.ay.delivery
6 cdn.heroinvesting.com heroinvesting.com
vrl9rgsahh7mx6ndn.ay.delivery
5 token.rubiconproject.com eus.rubiconproject.com
5 creativecdn.com 5 redirects
5 ssc-cms.33across.com vrl9rgsahh7mx6ndn.ay.delivery
cookies.nextmillmedia.com
s.0cf.io
5 cookies.nextmillmedia.com 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
cookies.nextmillmedia.com
4 c1.adform.net 4 redirects
4 us-u.openx.net 4 redirects
4 secure.adnxs.com 4 redirects
4 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
4 image8.pubmatic.com cookies.nextmillmedia.com
s.0cf.io
4 secure-assets.rubiconproject.com 4 redirects
4 rtb.openx.net cookies.nextmillmedia.com
s.0cf.io
4 eb2.3lift.com 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
4 static.vidazoo.com heroinvesting.com
static.vidazoo.com
vrl9rgsahh7mx6ndn.ay.delivery
3 dblksync.dblks.net s.0cf.io
3 tg.socdm.com 3 redirects
3 ads.pubmatic.com rtb.gumgum.com
3 ssbsync.smartadserver.com 3 redirects
3 b1sync.zemanta.com 3 redirects
3 match.deepintent.com rtb.gumgum.com
3 sync.ipredictive.com 3 redirects
3 pr-bh.ybp.yahoo.com rtb.gumgum.com
3 sync.srv.stackadapt.com 3 redirects
3 match.sharethrough.com s.0cf.io
3 ads.servenobid.com s.0cf.io
3 ups.analytics.yahoo.com s.0cf.io
3 sync.go.sonobi.com s.0cf.io
3 prebid-match.dotomi.com s.0cf.io
3 cdn.connectad.io s.0cf.io
3 prebid-server.rubiconproject.com s.0cf.io
3 fundingchoicesmessages.google.com vrl9rgsahh7mx6ndn.ay.delivery
3 region1.google-analytics.com www.googletagmanager.com
3 c.amazon-adsystem.com heroinvesting.com
c.amazon-adsystem.com
2 prod.tahoe-analytics.publishers.advertising.a2z.com c.amazon-adsystem.com
2 pm.w55c.net 2 redirects
2 hbx.media.net 2 redirects s.0cf.io
2 sync.mathtag.com 2 redirects s.0cf.io
2 ssbsync-global.smartadserver.com 2 redirects s.0cf.io
2 sync.targeting.unrulymedia.com 2 redirects
2 ad.turn.com 2 redirects
2 ssum.casalemedia.com 2 redirects s.0cf.io
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 i.liadm.com 2 redirects
2 ssum-sec.casalemedia.com 1 redirects cookies.nextmillmedia.com
2 fonts.gstatic.com heroinvesting.com
fonts.googleapis.com
2 i.clean.gg cadmus.script.ac
2 www.google.de heroinvesting.com
2 www.google.com heroinvesting.com
2 googleads.g.doubleclick.net vrl9rgsahh7mx6ndn.ay.delivery
2 script.4dex.io vrl9rgsahh7mx6ndn.ay.delivery
script.4dex.io
2 cdn.confiant-integrations.net vrl9rgsahh7mx6ndn.ay.delivery
cdn.confiant-integrations.net
2 id5-sync.com vrl9rgsahh7mx6ndn.ay.delivery
2 d9.flashtalking.com vrl9rgsahh7mx6ndn.ay.delivery
d9.flashtalking.com
2 gum.criteo.com vrl9rgsahh7mx6ndn.ay.delivery
2 tr.outbrain.com amplify.outbrain.com
2 securepubads.g.doubleclick.net heroinvesting.com
securepubads.g.doubleclick.net
2 www.googletagmanager.com heroinvesting.com
www.googletagmanager.com
2 static.kueezrtb.com heroinvesting.com
static.kueezrtb.com
1 u.ipw.metadsp.co.uk 1 redirects
1 image6.pubmatic.com ads.pubmatic.com
1 cms.quantserve.com rtb.gumgum.com
1 sync-eu.connectad.io cdn.connectad.io
1 ads.stickyadstv.com ssum-sec.casalemedia.com
1 dis.criteo.com ssum-sec.casalemedia.com
1 csync.loopme.me 1 redirects
1 sync.colossusssp.com vrl9rgsahh7mx6ndn.ay.delivery
1 js-sec.indexww.com vrl9rgsahh7mx6ndn.ay.delivery
1 contextual.media.net vrl9rgsahh7mx6ndn.ay.delivery
1 sync.kueezrtb.com vrl9rgsahh7mx6ndn.ay.delivery
1 sync.cootlogix.com vrl9rgsahh7mx6ndn.ay.delivery
1 fonts.googleapis.com
1 cadmus.script.ac vrl9rgsahh7mx6ndn.ay.delivery
1 id.crwdcntrl.net vrl9rgsahh7mx6ndn.ay.delivery
1 lexicon.33across.com vrl9rgsahh7mx6ndn.ay.delivery
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 u.kueezrtb.com static.kueezrtb.com
1 wave.outbrain.com amplify.outbrain.com
1 amplify.outbrain.com heroinvesting.com
1 adgarden.market heroinvesting.com
0 lb.eu-1-id5-sync.com Failed vrl9rgsahh7mx6ndn.ay.delivery
617 124

This site contains no links.

Subject Issuer Validity Valid
*.heroinvesting.com
Amazon RSA 2048 M02		 2023-02-15 -
2024-03-16		 a year crt.sh
*.adgarden.market
Amazon RSA 2048 M01		 2023-02-08 -
2024-03-08		 a year crt.sh
*.outbrain.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-09 -
2024-02-11		 a year crt.sh
heroinvesting.com
E1		 2023-10-27 -
2024-01-25		 3 months crt.sh
ay.delivery
GTS CA 1P5		 2023-10-28 -
2024-01-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
kueezrtb.com
GTS CA 1P5		 2023-10-18 -
2024-01-16		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2023-12-23		 3 months crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02		 2023-02-20 -
2024-03-20		 a year crt.sh
lexicon.33across.com
GTS CA 1D4		 2023-10-01 -
2023-12-30		 3 months crt.sh
tag.device9.com
Go Daddy Secure Certificate Authority - G2		 2023-07-19 -
2024-08-19		 a year crt.sh
*.id5-sync.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M02		 2023-10-08 -
2024-11-06		 a year crt.sh
confiant-integrations.net
GTS CA 1P5		 2023-11-19 -
2024-02-17		 3 months crt.sh
script.4dex.io
Cloudflare Inc ECC CA-3		 2023-10-23 -
2024-10-22		 a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-16 -
2024-03-08		 a year crt.sh
*.targeting.unrulymedia.com
Sectigo RSA Domain Validation Secure Server CA		 2023-05-10 -
2024-05-10		 a year crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com
Amazon RSA 2048 M01		 2023-07-17 -
2024-08-14		 a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3		 2023-05-21 -
2024-05-20		 a year crt.sh
*.cootlogix.com
Sectigo RSA Domain Validation Secure Server CA		 2023-10-19 -
2024-11-17		 a year crt.sh
qortex.ai
R3		 2023-11-14 -
2024-02-12		 3 months crt.sh
*.marphezis.com
Sectigo RSA Domain Validation Secure Server CA		 2023-01-03 -
2024-01-03		 a year crt.sh
prebid.media.net
GTS CA 1D4		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-28 -
2024-01-28		 a year crt.sh
*.colossusssp.com
Go Daddy Secure Certificate Authority - G2		 2023-09-08 -
2024-10-09		 a year crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2023-04-13 -
2024-05-11		 a year crt.sh
*.sharethrough.com
Amazon RSA 2048 M01		 2023-06-14 -
2024-07-12		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2023-05-06 -
2024-05-04		 a year crt.sh
*.minutemedia-prebid.com
Amazon ECDSA 256 M01		 2023-04-18 -
2024-05-16		 a year crt.sh
*.contextweb.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-10 -
2024-05-09		 a year crt.sh
*.yellowblue.io
Amazon ECDSA 256 M02		 2023-04-19 -
2024-05-17		 a year crt.sh
ssc.33across.com
GTS CA 1D4		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-21 -
2024-01-23		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
pbs.nextmillmedia.com
Amazon RSA 2048 M01		 2023-06-13 -
2024-07-12		 a year crt.sh
*.dblks.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-15 -
2024-08-14		 a year crt.sh
*.seedtag.com
Sectigo RSA Domain Validation Secure Server CA		 2023-03-29 -
2024-04-15		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2022-12-06 -
2024-01-07		 a year crt.sh
*.kueezrtb.com
Sectigo RSA Domain Validation Secure Server CA		 2023-08-17 -
2024-09-14		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2023-03-23 -
2024-03-23		 a year crt.sh
teads.tv
R3		 2023-11-03 -
2024-02-01		 3 months crt.sh
*.a-mo.net
R3		 2023-11-07 -
2024-02-05		 3 months crt.sh
report2.hb.brainlyads.com
R3		 2023-10-22 -
2024-01-20		 3 months crt.sh
api.assertcom.de
R3		 2023-10-15 -
2024-01-13		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
script.ac
E1		 2023-10-31 -
2024-01-29		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
i.clean.gg
GTS CA 1D4		 2023-11-14 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.media.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-10 -
2024-02-18		 a year crt.sh
indexww.com
Cloudflare Inc ECC CA-3		 2023-09-05 -
2024-09-03		 a year crt.sh
cookies.nextmillmedia.com
Amazon RSA 2048 M02		 2023-06-13 -
2024-07-11		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-06 -
2024-09-30		 a year crt.sh
*.openx.net
RapidSSL TLS RSA CA G1		 2023-08-18 -
2024-08-18		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2023-04-20 -
2024-05-20		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
*.ads.stickyadstv.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-19 -
2024-05-19		 a year crt.sh
connectad.io
Cloudflare Inc ECC CA-3		 2023-03-16 -
2024-03-15		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2023-08-15 -
2024-09-15		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-03 -
2024-01-24		 6 months crt.sh
ads.servenobid.com
Amazon RSA 2048 M01		 2023-04-29 -
2024-05-27		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-29 -
2024-02-21		 6 months crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-11-30 -
2024-01-01		 a year crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon RSA 2048 M02		 2023-02-08 -
2024-02-15		 a year crt.sh
prod.tahoe-analytics.publishers.advertising.a2z.com
Amazon RSA 2048 M01		 2023-02-21 -
2024-03-21		 a year crt.sh
dblks.net
GTS CA 1P5		 2023-10-21 -
2024-01-19		 3 months crt.sh

This page contains 110 frames:

Primary Page: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Frame ID: 1FE010B14351AE8F6EE5148CD235D8BA
Requests: 433 HTTP requests in this frame

Frame: https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: E704D35843F85E391BD719882BA7C578
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1700668108515
Frame ID: 7CD10410A390C2397B5486B0E7ABE013
Requests: 1 HTTP requests in this frame

Frame: https://sync.kueezrtb.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: B1F6F0D76401218452673F82CB52D59D
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUK6VG18&prvid=2012%2C2034%2C2033%2C2055%2C2031%2C2030%2C3020%2C251%2C175%2C450%2C2009%2C178%2C233%2C2028%2C3018%2C2027%2C3017%2C214%2C236%2C237%2C117%2C459%2C70%2C97%2C55%2C99%2C77%2C38%2C2022%2C3012%2C3010%2C141%2C262%2C461%2C222%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C9%2C508&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 84593D7C98CAD87D4CA580ED4C157CDE
Requests: 1 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: A0D79375C27F6EED0EBFD7050083D52C
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Frame ID: 06E1CC61E328E544D14CCE97AEBB6B01
Requests: 5 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13530234
Frame ID: 278B409E881866637DC628D085F14615
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 4E7DC40E13D1625201216EF3DBBC90F6
Requests: 1 HTTP requests in this frame

Frame: https://cookies.nextmillmedia.com/sync?type=iframe
Frame ID: 8AC2A8FEBC508350BA063CA28D085371
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: 69E6E355DE6A76CDB4499E358807825D
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: D3A1021D9D978FDC2CBD8B7575E214BE
Requests: 3 HTTP requests in this frame

Frame: https://sync.colossusssp.com/iframe?pbjs=1&coppa=0
Frame ID: 73172C97ABC5C0D26055F3ED57E1ABF8
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dUOeOqXmSr7AmkrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined&gpp=&gpp_sid=
Frame ID: 1F459C9C5DD16E1C0FABF12B493AE998
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 9722D7028EBE525882E5C3F2E0554D88
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1545443793795039788
Frame ID: C9C286AC948D0173C3CDAB4AFE4C0CF6
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D33XUSERID33X&id=zzz000000000002zzz
Frame ID: 5FF0A83252829D25835FF975990AFDBC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dopenx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Frame ID: 2D11466CE45E58133FC283CAD3FE5004
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Frame ID: 96398927D7186D99EA4B6C21C6E8D66C
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Frame ID: C799D94C0FF5505B496E5574EB9CFCBB
Requests: 3 HTTP requests in this frame

Frame: https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Frame ID: D8DED8256B627923B384C6592917588C
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%23PMUID
Frame ID: 5F510EAAD1158AE329C39FBE9C289D15
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=b4b334b1-8d89-428f-b3c8-45ad5dcdc43e
Frame ID: 58574CD9BD4FF0DB77F8E5BB8DC7F948
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: BBB7E1EA7797C7B58CF6B51CFAC6D8F5
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: C749BCD42085139E30DAE5A8F3F54C90
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D10%26uid%3D
Frame ID: 738F74E185394A6E406CA42996C4ADE1
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Frame ID: 010FD4F3706D2C3CB894AC49580A997D
Requests: 11 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 0A71CEC47D6EAE90E05CA4C508A81115
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: 84C66AB4DA2255ECCE405F677555C705
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D25%26uid%3D%24UID
Frame ID: C1B1587CA9C3FF932D4B0AE3D0AF9E10
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D26%26uid%3D%5BUID%5D
Frame ID: 2540F04AEDB9B9B165F2E1B2F19127D3
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: A8BB3D57A5311E12EADF78B5F7931AA1
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=9392916d6cd9d2477%26uid%3D
Frame ID: C0DEEB69C7110FA495F396CC287058D2
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: BCC985CDBEF6E0A77C531320307DFA97
Requests: 5 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: 29EEC39BDA11AF167F42A44E9E9C0E9A
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D1%26uid%3D33XUSERID33X
Frame ID: 09992EFA2739DDC6918AA60DD439C7A8
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: 3E26EB148B7423C08B2F6C94A8F22D7D
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 268CA2B79F1BE562A7E0B998D3EA57D9
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: 0D046E5789DA0E60EAC213516095C282
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: E001CB914BADB35ACC8617724C994621
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Frame ID: F645493088E9415DE90516969E5447BB
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: CE18B917166B40E105D4E4DE9F62C9C9
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: A33B85353485A6F9E6146EB445B5726F
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Frame ID: D2ABE944D7DA99D027FB1D46CEDBF1F0
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yYmNkMjI3OC1hNzU2LTQ2ZTAtYjNkOC0yZDcyZGVmMGQ1NjQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 953A155E51DB41F4A20B70C40C9709EE
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: 0C6A80341421D76C880126AFF15F9F45
Requests: 2 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: 4BF9E7FE2FE92C7FC101E0E7AC434FC6
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4iz8Co8YUAAAwSZa0AAAAA
Frame ID: 78DB0422001264AF5FDECC48978A50CC
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Frame ID: D6C9617DE26B3D537B860348309192B6
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 94B02351F7B931B37D1A4AD20A89E99B
Requests: 3 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 45D21B2BA957B4181BE5A85BA89E5C7A
Requests: 1 HTTP requests in this frame

Frame: https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 95D981317458EAE29EBE8F8BB0BD6347
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: F0CD451F30F8839826C04FD4D941E52A
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: A5CC5CF254CB288AA591BC5B4F8024E9
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D10%26uid%3D
Frame ID: 41991B51E75478CFD99E63A45D334364
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Frame ID: F7EC80D71A935BAFFC916BEFA3F454AB
Requests: 11 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: ABF833C8C91FD3EDDC090806BF6D432A
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: 1E7C4611B420F353799EA8A27CD63976
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D25%26uid%3D%24UID
Frame ID: 72B50E210019782E530A84FD2A4815BA
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D26%26uid%3D%5BUID%5D
Frame ID: 3C208CC93B3804D2755D2C88F6D9EBC1
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 0128D2ED00B009F756CEB4BEFF02560E
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=9392916d6cd9d2477%26uid%3D
Frame ID: 1C8C3D2DFC06989880F7586CE8FE7E3F
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: D4FBE34D6F819CAAFAD0BF999D9E8B03
Requests: 5 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: 23592B83B28D4B24A7FF129127CAE8D3
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D1%26uid%3D33XUSERID33X
Frame ID: 75D23C01BF02DED5DC4D719BBB9918FD
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: EBD9CBFB5830D26C32B68335FA213EBB
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: D8A638606B7DB75B5D063FCDBD3EA6F4
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: AF0A9BD1F591123ED06A4B2F9F77BCA6
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: A0A7A29E313D9EEF820F86B01E686C88
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Frame ID: 2BD50500657131A94AD6F45202C188EA
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: CD936270BE7EED5CBFD916649BEF13AB
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: A0EBD145DECCD80F7170348F0B8971CB
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Frame ID: 7D0D4555145D5E0C266422AB57115165
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yYmNkMjI3OC1hNzU2LTQ2ZTAtYjNkOC0yZDcyZGVmMGQ1NjQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: D7C081F2CE586DD837E44F19AE9B0BE9
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: E327DAB4882F494D41F52D4B324C5BC4
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: F496259AD5D17F18FE58AD479FD0E58D
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8X0AABYOYAkAAAAA
Frame ID: F3B8C0B0C159F1163B0A0E95BE24D9A9
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Frame ID: 6B3D915B853B24A68AB0A8CBC8BA74D7
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 1C7E6AAD721DD28467543F114628F1C1
Requests: 3 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 07B63DEA9484CB55860C8CFDC78D0630
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D76%26uid%3D%24UID
Frame ID: ADB9BA779B146CDDFF9F0B3393AC5733
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 23E7E3A1CBA129595BED5456B89C6B13
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D10%26uid%3D
Frame ID: DCDB1D8A6E3652FDF30B6CA165247817
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Frame ID: 7F91FC496A6B8335AC21235AFD37226F
Requests: 11 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D74%26uid%3D
Frame ID: B7B28B4A886A58586A1361DC26F01CD8
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: 7F0BA84CEB4E5C34DF0F88C632BD4173
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D25%26uid%3D%24UID
Frame ID: D7FFCCA74E060BBE7438271EBFD1A283
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D26%26uid%3D%5BUID%5D
Frame ID: 92AD8BF9281CA3C4C90B60CECB50519C
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4581832920
Frame ID: 2837C3C8B8B3F85B534523D033BD1411
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=9392916d6cd9d2477%26uid%3D
Frame ID: 6B4DEF171179C4368EE47073FE9E505C
Requests: 1 HTTP requests in this frame

Frame: https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D81%26uid%3D
Frame ID: C4CF8D7324B60FD206DB860E597C3A0A
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: 7153C03381080AA4D4A9C18D6A8366E9
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D1%26uid%3D33XUSERID33X
Frame ID: 05F91915B84C3625205B6DBE3C9E3B10
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: DC4CDE154B3C855B44469AB5DFD3B242
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D21%26uid%3D%25%25VGUID%25%25
Frame ID: 0618E0868CBF884FEF3ADC0F4191F065
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: F6166089A43734D407E28619B6D33FD4
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D82%26uid%3D%5Bssb_sync_pid%5D
Frame ID: FCADFFD526A26B7172BA08FFA14292A1
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Frame ID: C99D2F42475B516D6CD397BF0A3B91D8
Requests: 1 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D61%26uid%3D%5BMM_UUID%5D
Frame ID: 8DA81BCC0764924229331ADD479121E3
Requests: 1 HTTP requests in this frame

Frame: https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D88%26uid%3D%3Cvsid%3E
Frame ID: 00999A3303C952EE3A71C2F33E921121
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Frame ID: 7B757D4649FFB6200398686FA987EA59
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yYmNkMjI3OC1hNzU2LTQ2ZTAtYjNkOC0yZDcyZGVmMGQ1NjQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: A7EC8FE235065E044AB8BB5ED80DAC6F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: EE78A9182752166555C2474FADC5F422
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: 341CCB8EA63F8AD42F5CF63E195F59F9
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8YUAAAwSZb4AAAAA
Frame ID: D3F29E9E954C16061FFFC8CDDC2F087B
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Frame ID: A848EC318B69EF56337D8491DABC3502
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: DA4D39D0BFC8968B103334CCBD33F166
Requests: 3 HTTP requests in this frame

Frame: https://dblksync.dblks.net/dblksync/
Frame ID: 57A7967CEFCBF81332FEB0B1B8E5032E
Requests: 1 HTTP requests in this frame

Frame: https://dblksync.dblks.net/dblksync/
Frame ID: 41AE1666931199A0BADF9BBC8F9B1CCF
Requests: 1 HTTP requests in this frame

Frame: https://dblksync.dblks.net/dblksync/
Frame ID: 349EE4EFA0BBD2DB0A181E69338FD3E6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Big Brands Hidden Behind Costco Kirkland

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

617
Requests

93 %
HTTPS

26 %
IPv6

77
Domains

124
Subdomains

94
IPs

12
Countries

3238 kB
Transfer

8173 kB
Size

62
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 454
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0&google_hm=M2M2MDJiYTgtOTVmZi00NTIzLWJkOWUtOGIyYmViYmNlNmIw HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESELHBaQSAgPZSJZaBb8JmRXo&google_cver=1&ssp=sonobi&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
Request Chain 457
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dappnexus%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fcookies.nextmillmedia.com%252Fsetuid%253Fbidder%253Dappnexus%2526nmuid%253D%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526uid%253D%2524UID HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=appnexus&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=1545443793795039788 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1545443793795039788
Request Chain 460
  • https://ssum-sec.casalemedia.com/usermatch?s=194648&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Request Chain 461
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17888&endpoint=us-east&nmuid= HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Request Chain 462
  • https://prebid.a-mo.net/cchain/0?gdpr=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Request Chain 464
  • https://csync.loopme.me/?pubid=11364&gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dloopme%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%7Bviewer_token%7D HTTP 307
  • https://cookies.nextmillmedia.com/setuid?bidder=loopme&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=b4b334b1-8d89-428f-b3c8-45ad5dcdc43e&gdpr_consent=null&gdpr=null HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=b4b334b1-8d89-428f-b3c8-45ad5dcdc43e
Request Chain 465
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=c195c7c3553349cc8713a834ab961e15 HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Request Chain 466
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZV4izjN8SKKPnqYi3Ijq6QAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKi5uL3ZCKBMTKxEmQ2WeVQ&google_cver=1
Request Chain 468
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4izjN8SKKPnqYi3Ijq6QAADHYAAAIB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4izjN8SKKPnqYi3Ijq6QAADHYAAAIB&gpp=&gpp_sid=&dcc=t
Request Chain 470
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=1545443793795039788
Request Chain 472
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4izjN8SKKPnqYi3Ijq6QAA%263190 HTTP 302
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&tc=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&tc=1
Request Chain 473
  • https://cookies.nextmillmedia.com/setuid?bidder=ix&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=ZV4izjN8SKKPnqYi3Ijq6QAA%263190 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4izjN8SKKPnqYi3Ijq6QAA&3190
Request Chain 474
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 475
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D76%26uid%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D76%26uid%3D%24UID HTTP 302
  • https://s.0cf.io/
Request Chain 481
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D74%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 485
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmphb?zcc=1&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D&cb=1700668111198 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=4351327927 HTTP 302
  • https://sync.1rx.io/usersync/turn/3980184783441111379?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3DRX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003 HTTP 302
  • https://s.0cf.io/
Request Chain 487
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D81%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 492
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D21%26uid%3D%25%25VGUID%25%25 HTTP 302
  • https://s.0cf.io/
Request Chain 494
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D82%26uid%3D%5Bssb_sync_pid%5D HTTP 302
  • https://s.0cf.io/
Request Chain 495
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=9392916d6cd9d24&dbid=9392916d6cd9d24 HTTP 302
  • https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Request Chain 496
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D61%26uid%3D%5BMM_UUID%5D HTTP 302
  • https://s.0cf.io/
Request Chain 497
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D88%26uid%3D%3Cvsid%3E HTTP 302
  • https://s.0cf.io/
Request Chain 500
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
Request Chain 501
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://pm.w55c.net/ping_match.gif?st=bidswitch&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D79%26user_id%3D_wfivefivec_%26expires%3D30%26ssp%3Dgumgum2%26bsw_param%3D3c602ba8-95ff-4523-bd9e-8b2bebbce6b0 HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&st=bidswitch&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D79%26user_id%3D_wfivefivec_%26expires%3D30%26ssp%3Dgumgum2%26bsw_param%3D3c602ba8-95ff-4523-bd9e-8b2bebbce6b0 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=79&user_id=7cDW6F0b1R5PsP5&expires=30&ssp=gumgum2&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
Request Chain 502
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
Request Chain 503
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Request Chain 505
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=ab8388f9-d33a-4930-8378-1e22658249d4
Request Chain 507
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 508
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=SCwo1gnItI5o&ev=1&pid=558355
Request Chain 509
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
Request Chain 510
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Request Chain 514
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4iz8Co8YUAAAwSZa0AAAAA
Request Chain 515
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Request Chain 516
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 520
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 521
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D76%26uid%3D%24UID HTTP 302
  • https://s.0cf.io/
Request Chain 527
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D74%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 531
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=7343032643 HTTP 302
  • https://sync.1rx.io/usersync/turn/3908127189403183443?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3DRX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003 HTTP 302
  • https://s.0cf.io/
Request Chain 533
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D81%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 538
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D21%26uid%3D%25%25VGUID%25%25 HTTP 302
  • https://s.0cf.io/
Request Chain 540
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D82%26uid%3D%5Bssb_sync_pid%5D HTTP 302
  • https://s.0cf.io/
Request Chain 541
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=9392916d6cd9d24&dbid=9392916d6cd9d24 HTTP 302
  • https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Request Chain 542
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D61%26uid%3D%5BMM_UUID%5D HTTP 302
  • https://s.0cf.io/
Request Chain 543
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D88%26uid%3D%3Cvsid%3E HTTP 302
  • https://s.0cf.io/
Request Chain 544
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
Request Chain 545
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://cms.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=gumgum2&gdpr=0&gdpr_consent=0
Request Chain 546
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
Request Chain 547
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Request Chain 549
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e
Request Chain 551
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 552
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=RgdjzAZh7JkH&ev=1&pid=558355
Request Chain 553
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
Request Chain 554
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Request Chain 558
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8X0AABYOYAkAAAAA
Request Chain 560
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Request Chain 561
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 567
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 578
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4581832920
Request Chain 588
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=9392916d6cd9d24&dbid=9392916d6cd9d24 HTTP 302
  • https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Request Chain 592
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
Request Chain 593
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_user_id=${BSW_USER_UD}&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0&gdpr=0&gdpr_consent=0&gdpr_pd=&us_privacy= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
Request Chain 594
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
Request Chain 595
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Request Chain 597
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e
Request Chain 599
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 600
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=d7WzTRoR6pNl&ev=1&pid=558355
Request Chain 601
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
Request Chain 602
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Request Chain 606
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8YUAAAwSZb4AAAAA
Request Chain 607
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Request Chain 608
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum

617 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/ 		203 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
2d1ff3976b3b7aa422dbb426f453a7a2932a9b7ae033b0803910922f4bbb17ef

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
none
age
48
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 22 Nov 2023 15:47:36 GMT
etag
"32c37-wq86/fITZ2dBFskFceb28HxYWXs"
server
nginx/1.20.2
vary
Accept-Encoding
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
x-amz-cf-id
iJVPKVVrNqlIXr3c9yb8GfEbx4nmizFXwcwQO0rZfSxEo8NU9GwJ9A==
x-amz-cf-pop
FRA60-P3
x-cache
Hit from cloudfront
adgarden.js
adgarden.market/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adgarden.market/js/adgarden.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:b600:3:6d3c:dac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
56939e06ab2cb38895d26a98e53f13e4fa8507be612ac0d2537b7f1c68988087
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:25 GMT
strict-transport-security
max-age=15768000
via
1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 17:19:53 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA56-P5
etag
W/"1dc4-65394e39.79a4fa5"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
7620
x-amz-cf-id
qySqdLILz0r6j6KhyPEvqTZRyRsj4RknLhw5xHnfCbBEewNUWn_0Fg==
fe5ac4e.js
heroinvesting.com/_nuxt/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/fe5ac4e.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
12c2c5879869f4df381804a5ce8d962523039494efae426ee339bb18d136d331

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 05:05:48 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
470557
etag
W/"1019-18bda302e33"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
Y9xaSsZlJAqk1FJ_rLqxB65I4wETwBjQ6ABqdfMQZOd4RZer08VsRg==
18f6c11.js
heroinvesting.com/_nuxt/ 		191 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/18f6c11.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
a8f81ae29f4f064b09f32197200198492754cd553979c148f3955b9cb31f819f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"2fa61-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
0e2p0-zf-rEwoHnnsd7ZWeOaVPezeQyiHn_cx4iGbDvrO7-4nJXlgg==
8484dd0.js
heroinvesting.com/_nuxt/ 		401 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/8484dd0.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
5a99612d9b5cb97ad873c0c0ad6bb9a28cdb71e035d4c817e974714e734c585d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"6439c-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
XsRLsPynScY74OTdH2BnIs8ZC7r6trJG_ZdXJfCrCjzlTLKkkBexxg==
f132adf.js
heroinvesting.com/_nuxt/ 		123 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f132adf.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0ffcdfacfa747ec1af447e1e5602e8be7d8d168c1b065845e77a67ffba77b594

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"1eaf0-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
jwFhR9c9mwdIZsN3ruN2UmDhWqTOh3Fed__6yXI1pqZzsXkLwgTyFQ==
f7c01dd.js
heroinvesting.com/_nuxt/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f7c01dd.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
5a6922d6039706cf85aa18ce219860d4a1146ec59157edf6f4e06fed8cac88c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"149d-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
vCfiM-ydV13QCkcDxd8f1oHtFNXo39nWTV-StLRFY6S0PIdrnEMo8g==
ef5d8ca.js
heroinvesting.com/_nuxt/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/ef5d8ca.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
02b6a4cea9e3cb9cae8bc6e8823137f630bc4bba3034e991aad496a143f9607e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:58 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"97a-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
KmqB4AfXLOfIluPfWB6c3CtTilSPfoCGjWBdkcaKWctJmar-VhJukA==
2c54a23.js
heroinvesting.com/_nuxt/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/2c54a23.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
b74c57956156cfdb6ea1f2b5442d62bfd3d771a122de72133859f318f4b2d6c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"1397-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
gJ82XxmBmWrTXy2ZRSf21bYoYtW0voNT-oCduo5PACeWebQCAsZz2A==
6263ac0.js
heroinvesting.com/_nuxt/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/6263ac0.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
ebe674facbc5b1f5e8060915b29d1ddccfecfbbc5fa6ae9098da9a4231377e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:58 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"397d-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
VgaqWG3_g67H8yG2NGQfBhORwDtgxCNZ-kuhFJKWMVIgm13kc1PbQw==
06c426e.js
heroinvesting.com/_nuxt/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/06c426e.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
e6a1fae9b9c1045cde15a1cd74704fb037ddc78c4f375ebbc5f197a6db64678b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"6fa-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
yWjUV6ru2uCQMi-lgKSxQ5oKV9h0rApdPmYzuF-Re_u7t2uzWFpeqA==
75a7d47.js
heroinvesting.com/_nuxt/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/75a7d47.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
83e4fecbbe3938653edd82602b3e3a0bd98509c5f8e50a8cd82b393695a1b9bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"fa4-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
jTccNxAzvBnXlSSTkPQE97vioI_HXBKZtMsml8-gqfJagLni2tWjxA==
d590592.js
heroinvesting.com/_nuxt/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/d590592.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
77177ed004787a92ed9c83e7abd219b55425dff8d70d1e93a261f2ea7c01efdb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"bb1-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
lA5ZeEpA1vo15dJKbbvopym8JVffrqwDiZVlXTaFeK0uppWzZ7i1Xg==
obtp.js
amplify.outbrain.com/cp/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-86.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
011461c1c6f5df3ae6c896f8337fd8313df8e1cc3138edd02f35616758d0e875

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:25 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Nov 2023 12:14:17 GMT
Server
AkamaiNetStorage
ETag
"66c44dc573436975fc0e331ffa027e25:1698844090.885364"
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-RG
EU
Cache-Control
max-age=1200
X-CC
DE
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7738
Expires
Wed, 22 Nov 2023 16:08:25 GMT
f9718382f4ac8b8ecab5d3b19d3da446.svg
heroinvesting.com/_nuxt/ 		13 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f9718382f4ac8b8ecab5d3b19d3da446.svg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
a9b5d62445d48f75234b683670ffd3f95f5c7240decae3146a38f0d19abd76dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:04:54 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 18:50:11 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
593011
etag
W/"355c-18bd451c7a1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
TEhLh3MJ20fAKTehnMWbU5_TzFGil-La-6Fp3lY4Cnn5oY8pKHcRsg==
heroinvesting.61dbeee.png
heroinvesting.com/_nuxt/img/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heroinvesting.com/_nuxt/img/heroinvesting.61dbeee.png
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
288d1aff6b40d91889a5f0efc906a5316d3f732641f32462f2ec4dd854f55981

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 04:54:14 GMT
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
557651
etag
W/"5b89-18bd47e18a9"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
23433
x-amz-cf-id
J4veS1gIBQ6gbV2USDv4tqY7-9Zx7-qW1pyrafzmef4UsvIfT57kPg==
Costco.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		109 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Costco.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
43bf60671c41e18a46c4b12077ddf6e7982cd0700ce49bbc7158619a2a3e49b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
111784
last-modified
Tue, 12 Apr 2022 18:21:28 GMT
server
cloudflare
etag
W/"1b4a8-1801f025743"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NOeV2TksLFwKv63PwUsRf%2FXdoaCveDhb%2BtdcUkd1YTxxda2xgU5yUZzbHEyiIWdGvt4bxjdyIbuFDNkVLCXM4p%2FufGvJNqb46m7gG4NE9nlNPP4zLhfD%2B%2BVdbHmcHIPAMjma1S2ckO5mnpur7Q0MD6zI95w%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a2510c9dac925b-FRA
x-proxy-cache
EXPIRED
roboto-v29-latin-700.woff2
heroinvesting.com/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/fonts/roboto-v29-latin-700.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Request headers

Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 03:07:01 GMT
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Thu, 17 Mar 2022 00:04:00 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
45684
etag
W/"3dd4-17f95303b8f"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
content-length
15828
x-amz-cf-id
GElLIWWvTmfHiaaZw6da0_JTRl5LDk7dfd8zhot_FTbnBGT-z7C2JA==
roboto-v29-latin-regular.woff2
heroinvesting.com/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/fonts/roboto-v29-latin-regular.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Request headers

Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 03:07:01 GMT
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Thu, 17 Mar 2022 00:04:00 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
45684
etag
W/"3d48-17f95303b93"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
content-length
15688
x-amz-cf-id
rRHsdVEyGeVEdu2BRs2xYAMWoeLPBB6Jjf3IaiNc_WgtfHaWR46Lpg==
Kirkland-Signature-Coffee-and-Starbucks-1.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		147 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Kirkland-Signature-Coffee-and-Starbucks-1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
be21c68151947530567dcb15dcf4aa169621e4ec3d2a9ef8c71ba3590e5e35cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
150880
last-modified
Wed, 20 Apr 2022 22:44:04 GMT
server
cloudflare
etag
W/"24d60-18049259fb8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ddUbr%2B6LXKDL%2B4pXdL5ywaPPSx%2BfL9cLGqL5VNea67jOCFlH2rwFvZaVgx8kDBD%2BnNzy6RMLF3UXibIK0w8RtZgo0FP6SVyYGxadew%2BPxyRSD69rdd9zHPRXLziHVQsef9X%2BAF7juCr%2FrRrKRFg6tUyyUDU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a2510c9dae925b-FRA
x-proxy-cache
EXPIRED
Kirkland-Signature-Organic-Creamy-Peanut-Butter-and-Jif.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		153 KB
154 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Kirkland-Signature-Organic-Creamy-Peanut-Butter-and-Jif.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b698f4535cf67b7d888113bc09693d430652d57e20d67a4a31f5c8e5e3c24330

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
156833
last-modified
Tue, 12 Apr 2022 23:09:18 GMT
server
cloudflare
etag
W/"264a1-1802009db68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=svGThBp7e0mBYsdiONHHQUMV6RPtiFT%2FB8b3%2B%2BkM3oLUHj0kIYfMZIy1DqfD%2FNCjOKHdyL0%2FBh15N3rvfys8NgoaeBj5ubKIZn3OjFT4AIKF%2FL%2BijxPqdCorUxk31mGeowMkhP0xla3fSS9aardM4YQ7Le0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a2510c9daf925b-FRA
x-proxy-cache
EXPIRED
vRL9rGsaHH7Mx6NDN
vrl9rgsahh7mx6ndn.ay.delivery/manager/ 		744 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager/vRL9rGsaHH7Mx6NDN
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c06cb54fd77979d1bfcde9cc23f061ea3e9a379ce3d5f6f6b69f18d1918e9a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:25 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"618080fa3647e52d79c7df21"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4C5IlWA3VSyfzGOtogtXxdlvauYYxKueEsrLtzxOxANJNbCeCjNAE1fP24pjzdPkdjJFQOdL4cZKjhK9rvPKghN%2FY%2BK7WyFIRwVffIdqYMsxA9iiVT7FxHDv5vGPisVnQypTgk1Tqc1%2BahOr7NWpxgyD9pxbF7iEDItewg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=900, stale-while-revalidate=3600
cf-ray
82a2510caad13c8f-CDG
link
<https://securepubads.g.doubleclick.net/tag/js/gpt.js>; rel=preload; as=script, <https://vRL9rGsaHH7Mx6NDN.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod>; rel=preload; as=script, <https://c.amazon-adsystem.com/aax2/apstag.js>; rel=preload; as=script, <https://vRL9rGsaHH7Mx6NDN.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD>; rel=preload; as=script
alt-svc
h3=":443"; ma=86400
vwpt.js
static.vidazoo.com/basev/ 		229 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/vwpt.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:751 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e605414c5d690913c053ec344fd3fd58b19ecd5f111fb05e4e912bc52a77fa66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:25 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
FYK9C5AE9F0Z392J
age
36551
x-amz-server-side-encryption
AES256
content-length
56429
x-amz-id-2
067WgrQU5db2illwymlJ7atxaQdMorRuXVWUX5PuqsRWQJ0E9Gx93En/SztSVSlVQittdORRyDw=
last-modified
Tue, 07 Nov 2023 11:26:12 GMT
server
cloudflare
etag
"576a1e0bb56226dbd3a2a239a03e01ae"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a2510c9d6a194d-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 15:48:25 GMT
latest.js
static.kueezrtb.com/ 		439 B
758 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.kueezrtb.com/latest.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fbee40d848d6df79b375ca87bdb53f4e97bfb3c6dc2a1d03cb8fd74a395eca4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:25 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
K1C9WW1PX6JKCN4V
age
271195
x-amz-id-2
j8r4IgoQXg26IPalPl1f1kcWS1/RmO6/Hpe4X+9Z0s7MjoOU/qTl10D84+0AUIQiO3olPcX3qoY=
last-modified
Sun, 08 Oct 2023 15:41:30 GMT
server
cloudflare
etag
W/"f89c5fc5dc377ecc028df3e7a69bce1d"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-access-control-allow-origin, x-amz-meta-access-control-allow-methods
cache-control
max-age=31536000
cf-ray
82a2510cae6e3809-FRA
f6a658f.js
heroinvesting.com/_nuxt/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f6a658f.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
f54aed9527ac229c6a5b15e49f73aa17cdf8224171095ef9c65ccd10ecd5af49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"445e-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
Oxl_Qrt36n_MIyMqBBBPBvLLZCf0XhSkIL6ezw23-kHCaOB2398zSw==
js
www.googletagmanager.com/gtag/ 		243 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/8484dd0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cc752e0109ced57fdeac5fe874ae634b6e09ca1c032c178e8341f4d15d1eae19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:25 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85931
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:25 GMT
040379a.js
heroinvesting.com/_nuxt/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/040379a.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
650c82476c4211d9c7dcab13c023c507bdb5f3e2364d3a4446d67dc5c5566918

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 05:37:58 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
468628
etag
W/"5bbc-18bda302e2f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
NJx1VMsIqqQjbbSmY28rKdlHNz-rx84yulWs94_Zuermsur6U1v2pQ==
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		101 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4179753210f3180e55005cb0fe6a6de0bce044cb3871265ae6de254fd885af35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31648
x-xss-protection
0
server
cafe
etag
803 / 19683 / m202311090101 / config-hash: 16204867678510254442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 22 Nov 2023 15:48:26 GMT
yield-manager-script-v2.2.8-prod
vrl9rgsahh7mx6ndn.ay.delivery/manager-script/ 		99 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0e50db0d6679dac85be85bf1cc2c0d12725b403a32d8d33f0bc45c676be8978

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UaAAbuWl2vy6YkMA9GNIaaa8yYrUOysyJ0LTbFQMEDFJBnyABX7qq%2FVD20J2yLJQRo87llf9Fjfwim2ZwSG38MinAo%2BqUY%2FhXWDaG%2Bn00I1lijgeYe195A1T%2Fm0oc6QOIQZPOYr9XV9ISOI1IDPTko8WdrQZlPiSAw6fNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a2510faf503c8f-CDG
alt-svc
h3=":443"; ma=86400
apstag.js
c.amazon-adsystem.com/aax2/ 		267 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-1-25.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:43:51 GMT
content-encoding
gzip
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront), 1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront)
last-modified
Mon, 13 Nov 2023 20:18:45 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, FRA56-P6
age
276
x-amz-server-side-encryption
AES256
etag
W/"2d08dd94de483579c1dc3f3783c06f6e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
C1K7ru6bRIGWLtSMH6iiObrHs-wGfxVlbzhy4xUC70kTHH4GMEQ_Tw==
vRL9rGsaHH7Mx6NDN.deploy
vrl9rgsahh7mx6ndn.ay.delivery/manager-script/ 		565 KB
169 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b952ae1a582910bbfd4efa3b03c3dd91b903fc474d62dbbda8db0729f34ea02c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUcZ8TdyI%2FLyyHkd08g2WYBVSBvDZYWf%2FBpawJ9SuSq23xuSKR93NhOnRA3t4yBUDgDd3pBdei07H%2BNZkb2YLRV0vQJGPpzKJNn94jzap%2BvQfIccoWT9N044pAkoSvLFovqZJ9zc%2FbHxxqM9fgcPlvqiCH1dCWQX2KMYQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a2510faf533c8f-CDG
alt-svc
h3=":443"; ma=86400
cmp.js
static.vidazoo.com/basev/cmp/1.0.1/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/cmp/1.0.1/cmp.js
Requested by
Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vwpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:751 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b70b5ab26a51f7829a43fa74bbb2abc2fab541d5842d7c481274f9aaa239a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
THJ8PTYHWNR62A0S
age
37348
x-amz-server-side-encryption
AES256
content-length
1392
x-amz-id-2
/bCLEw/0kRRPQPdG4ohjpi77LgtNI7GMeVKACN7safN2h0QZjIhXIq5liCAeT70yL1BkmtvzJ1E=
last-modified
Tue, 26 Sep 2023 11:15:59 GMT
server
cloudflare
etag
"ae30727db9cee5c3bcee5965142f5f72"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a251105a81194d-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 15:48:26 GMT
tcf.js
static.vidazoo.com/basev/tcf/1.0.2/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/tcf/1.0.2/tcf.js
Requested by
Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vwpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:751 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e602d10aeab60c205781599d1dd4e46d615c1938e62f66d5752fb08ad800fa2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
X9DEPEY3ZD7WC8CF
age
25788
x-amz-server-side-encryption
AES256
content-length
5069
x-amz-id-2
XVKZIQDeAoA9/5VercFEUpxFK7X0eJyOX6QD95DNYGtnG/73VBxEiNDDnbMv3WpwWChWrVGpgXBol3Lr0tBHmSyK98yB+fb/dPwjL+PzeEA=
last-modified
Thu, 27 Jul 2023 14:01:24 GMT
server
cloudflare
etag
"ccd7d1f71f0b08742cb487f337f006fb"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a251105a86194d-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 15:48:26 GMT
latest.js
static.kueezrtb.com/js/ 		203 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.kueezrtb.com/js/latest.js?_=1700668106282
Requested by
Host: static.kueezrtb.com
URL: https://static.kueezrtb.com/latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2414badced0e65e0d68b7fbe36506f936f39d76ac7506e9a3fc3480a7ce652a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 09 Nov 2023 16:06:41 GMT
server
cloudflare
x-amz-request-id
NXG411988A5CSAGY
age
271198
etag
W/"42940e383bd2f06e3d801c6872fec418"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-access-control-allow-origin, x-amz-meta-access-control-allow-methods
cf-ray
82a251106b5c3809-FRA
x-amz-id-2
u522r4YIJyU8+87zs+20NIjd46biWn/FCckSvyD/tUdL/BEeRBJDn87jUYR945BjzxeoT6FBYZg=
unifiedPixel
tr.outbrain.com/ 		53 B
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/unifiedPixel?optOut=false&bust=0893821951843103&referrer=&marketerId=00a660d3b681963628076d3f1e67fce8b6&name=PAGE_VIEW&dl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&g=0&obApiVersion=1.1&obtpVersion=2.0.5&ob_click_id=v4-4EyY2w7-1079981226
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
38.133.127.95 Sacramento, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
Software
/
Resource Hash
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:26 GMT
Cache-Control
no-cache
content-encoding
br
X-TraceId
28235ea9a258493d6ab9af24cce6cd36
Content-Length
54
Content-Type
image/gif;
00a660d3b681963628076d3f1e67fce8b6
wave.outbrain.com/mtWavesBundler/handler/ 		2 B
443 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wave.outbrain.com/mtWavesBundler/handler/00a660d3b681963628076d3f1e67fce8b6
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-86.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:26 GMT
Content-Encoding
gzip
ob-sent-time
1700649241539
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
X-RG
EU
Cache-Control
max-age=60
X-CC
DE
Connection
keep-alive
X-TraceId
65b17ac6af7d6f4a679ec82f48c182c2
Content-Length
22
Expires
Wed, 22 Nov 2023 15:49:26 GMT
js
www.googletagmanager.com/gtag/ 		206 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10887832869&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9855f0a7b6d58838d0664ea23a93fee9910d2d5ce7ebbdfa52d76a61cb628f2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75306
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 Nov 2023 15:48:26 GMT
collect
region1.google-analytics.com/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PNTYD12RWN&gtm=45je3b81v879042239&_p=1700668105787&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1290701813.1700668106&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=post-number&dp=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&dl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sid=1700668106&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1882
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
e42621d.js
heroinvesting.com/_nuxt/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/e42621d.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
842180c49522c1ce242d5d89bb09ea1e539e5ce7ac90d0969bc1ca4e495ab5f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 20:00:00 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"84a-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
wtVSKaK_VBAXW4xnQ8Qb7bDiV9KspwT6qEIalvW2tKSeZa-qSaYL2Q==
eb360d4.js
heroinvesting.com/_nuxt/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/eb360d4.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
05bf2ab251381493728b17ba51a3c902bd50938b723cadcbb035041f8fd684a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"c36-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
0VpchXIfFjuSuCW5Cd6yZ0OD6N0eLrVyMZhAwpWe-0xzb6SEsGIG8A==
14c5a00.js
heroinvesting.com/_nuxt/ 		766 B
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/14c5a00.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0dbb50b756fea5b251ca8c20be90a5b8e08869bebdec3fdd1ff5da14bb6879f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589706
etag
W/"2fe-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
QGlrUIkN2XG2KImKqlqdO3rtRQL1fV8LKxzCimDBo8hWhzTXWIZfHg==
Kirkland-Signature-Organic-Creamy-Peanut-Butter-and-Jif.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		153 KB
154 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Kirkland-Signature-Organic-Creamy-Peanut-Butter-and-Jif.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b698f4535cf67b7d888113bc09693d430652d57e20d67a4a31f5c8e5e3c24330

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
0
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
156833
last-modified
Tue, 12 Apr 2022 23:09:18 GMT
server
cloudflare
etag
W/"264a1-1802009db68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64wKXU%2BPvMBg6sGLxiNlFOyIRiEG2DV57EczyywGg%2FNG1Iuz9NRF9FAub1kE1CklntjCdiF1e72Ri7xiW6Azt988lFaH4LW7JJJCv2afPj9q1Uxl%2Fas7oJQmGBWTQhh55m0%2FgvfZGWbLdC%2Fy9rt0FBGsKME%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a251125ad3925b-FRA
x-proxy-cache
EXPIRED
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-1-25.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
date
Wed, 22 Nov 2023 08:49:47 GMT
x-amz-cf-pop
FRA56-P6
age
25120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
IJo_pF6Z68-_pGmWJ_JE7Tad8cBNup6m4HOuFXD6LC5TIjEMb9aK-w==
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/ 		429 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:38:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
18589
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137535
x-xss-protection
0
server
cafe
etag
18342593356503948095
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Thu, 21 Nov 2024 10:38:37 GMT
fpd
u.kueezrtb.com/ 		272 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://u.kueezrtb.com/fpd?_=1700668106860&yv=1c7f31a
Requested by
Host: static.kueezrtb.com
URL: https://static.kueezrtb.com/js/latest.js?_=1700668106282
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4456d4d062177410840e8973cdeea16c0abc7efcf253027241042363f590e2ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
cf-ray
82a2511438893809-FRA
content-length
242
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:init&_=1700668106858
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a25114388f3809-FRA
dye
gtrack.kueezrtb.com/ 		0
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:init&_=1700668106858
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511408523809-FRA
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:fpdr&_=1700668106860
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511438913809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:fpdr&_=1700668106860
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511408563809-FRA
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fheroinvesting.com%2F&domain=heroinvesting.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 22 Nov 2023 15:48:26 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
212048
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
d34c3868-1544-44a2-9899-167326b5d575
config.aps.amazon-adsystem.com/configs/ 		537 B
813 B 		Script
General
Check archive.org
Download Go to
Full URL
https://config.aps.amazon-adsystem.com/configs/d34c3868-1544-44a2-9899-167326b5d575
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-30.fra6.r.cloudfront.net
Software
CloudFront /
Resource Hash
7ab3ebae891a75d2dfbc5dd36107f16a0b9ba271694c40f5b55279b4d69c9d53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:23:03 GMT
via
1.1 d07eabeb1ed60c06da1457f35fb5c8c4.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA6-C1
age
1523
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
content-length
537
x-amz-cf-id
9Dj89ZRS_TstDw1P_UfEtK-kCSRjePIyzQGGLQXDJcUCCnh6U0IFpA==
config
c.amazon-adsystem.com/cdn/prod/ 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fheroinvesting.com&pubid=d34c3868-1544-44a2-9899-167326b5d575
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-1-25.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:34:01 GMT
via
1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P6
age
18865
x-cache
Hit from cloudfront
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
3WNIUbS7Y14MqBCQBiYmRbNE5CO3GyLop6EhUKYKRNGXa3fkxeEP5A==
envelope
lexicon.33across.com/v1/ 		49 B
251 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lexicon.33across.com/v1/envelope?pid=0015a00003Ek3OWAAZ&gdpr=0&src=pbjs&ver=8.20.0&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.193.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
51.193.244.35.bc.googleusercontent.com
Software
/
Resource Hash
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
via
1.1 google
vary
origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
private, must-revalidate, max-age=28800
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
json
gum.criteo.com/sid/ 		2 B
376 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fheroinvesting.com%2F&domain=heroinvesting.com&cw=1&lsw=1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:26 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
245771
expires
0
d9core
d9.flashtalking.com/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/d9core
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.19.59 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.52 () OpenSSL/1.0.2k-fips /
Resource Hash
3da0774b26e32f75fc189c078198bd462d2b376f6b9dac000f8ca1f62da4350e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:26 GMT
Server
Apache/2.4.52 () OpenSSL/1.0.2k-fips
ETag
5bc31bf7d4a298e1bef9d35fce222bfc
transfer-encoding
chunked
Access-Control-Allow-Methods
GET,POST,SERVER
P3P
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Access-Control-Allow-Origin
d9.flashtalking.com
Content-Type
application/javascript;charset=utf-8
Cache-Control
private, must-revalidate, proxy-revalidate, max-age=172800
Access-Control-Allow-Credentials
true
Connection
keep-alive
prebid
id5-sync.com/api/config/ 		136 B
419 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
0c945aa0bb5ba5a939754f316628f652efd88279fdba1fda70102f12984e7c9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:26 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
id
id.crwdcntrl.net/ 		43 B
318 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
176.34.182.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-176-34-182-11.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
x-server
10.45.25.88
access-control-allow-credentials
true
content-length
43
expires
0
config.js
cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/ 		89 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/config.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23af93c9b164275cac4f0854507fbd3cf31ae07b91538cad58d49ed8fabe443a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 22 Nov 2023 13:09:14 GMT
server
cloudflare
x-amz-request-id
TJSPBM1A9J3702YF
etag
W/"d8bbb9b8f6f8af77aa1625ec018c7114"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a25114ce9839c8-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
3Nbg4Qv5koOQ5aN2OnPr1CrqRtItawhHfz+NF7baTQy8mGM3FM1Ah1VlXZzwje0iK1JOK9X44oY=
client-v2.js
vrl9rgsahh7mx6ndn.ay.delivery/ 		90 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68c17e743f229f07f1375bd906669e46147d13fd2c92be22317bd3d4e505b5e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:26 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 22 Nov 2023 14:32:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6OLJlXP%2BGzqjd3%2F5rxXtb9oR%2F3o9kklM2GsqQb3Hl5RVJEQVJeFTBG5SXj%2FKAUZrSuQQRkBmv%2BiDENDLkqCkumk8uHErwgw%2FQRNx6CLPDcMbub7PvDyfdLywH92eFVJQHh3Vkb59FKRevOUYbJSPLk8enVXH5jwglOmeGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cf-ray
82a2511469c137ca-FRA
alt-svc
h3=":443"; ma=86400
localstore.js
script.4dex.io/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8264bf30b0dfc41d19bf53d2c63a8fc9326b427cf3ea9cd9b6be2696fc55b118

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:27 GMT
Content-Encoding
br
CF-Cache-Status
HIT
Last-Modified
Mon, 06 Nov 2023 14:13:09 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Age
896698
ETag
W/"e90435520cec1363a82b67d8298d79a8"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bb7z%2BT9%2B34tQCyYBWKo77oDm7yKeVNcBsPsFQqHVrMzo15rFbZa657oaPVQhTaG%2FlGvtJFDw9mRh%2FwxkNfgAMjHUdeQ1O52suM1nSZxXIcs6ycUOyogsRdomM615zRGA2HdPu4kmss6IrIGG"}],"group":"cf-nel","max_age":604800}
Cache-Control
public, max-age=1800
Connection
keep-alive
CF-RAY
82a251152f7c19af-FRA
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
465 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=0&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_sticky__ayManagerEnv__1%22%2C%22s%22%3A%5B%22728x90%22%2C%22980x120%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_sticky%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_ic_1-side__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_r1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22300x250%22%2C%22160x600%22%2C%22300x600%22%2C%22320x50%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_r1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_l__ayManagerEnv__1%22%2C%22s%22%3A%5B%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_l%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
GXCNQREMCAZX0PTH70BK
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
caGrbldZ5SZYof8cIYVSX0dCGmR-wAQyDdVsMRtdEg9yn1wwQMMyJg==
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=1&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_leaderboard__ayManagerEnv__1%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_leaderboard%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
VVAEXVG4W868CSTR4YAT
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
5F__l-AoyHc2B6bYAAjuVo1jlhxw6l5W-3T_8UODzVsO5hvSnIbcsw==
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=2&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1-2__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
TYM42M5R49D8RPBN9J1N
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
gYaqQR0IaoJid8OSSgVG5zYJp3Ws66NfY4IVqzjbo264GBtRoS7Ujw==
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=3&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1-3__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
PQXBVYWRWCC43WEWFQAN
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
jxy3ElS4sK06GddIExE6YNoJZxq6ea_zSJm5hd0n176Dd2BArmrgNg==
Kirkland-Signature-Coffee-and-Starbucks-1.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		147 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Kirkland-Signature-Coffee-and-Starbucks-1.jpg
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:1d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
be21c68151947530567dcb15dcf4aa169621e4ec3d2a9ef8c71ba3590e5e35cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
150880
last-modified
Wed, 20 Apr 2022 22:44:04 GMT
server
cloudflare
etag
W/"24d60-18049259fb8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ruzyy2%2BSCFm7TzqhUUidnele5t1FpQO7Hid%2F2%2FTZoQ8BW8nvEYa%2BXK5eGyl24bCDzEifHlZ8SYcnZk8qxxkhc4Uid8L1B%2FmJ70FsoChnbElBjZzX8yJWoPwy3Pc%2Fjtj7jF7w25Zp7s1Z8HkxrytKWIASGSM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a251160f0818e0-FRA
x-proxy-cache
HIT
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=4&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_leaderboard__ayManagerEnv__2%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_leaderboard%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
2FGRAV3D44RCEZ57Z8F2
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
bU98gOY4I5A8kX_wHF5TWA4cPD10LIUJg9LWv4zWoqi7jOiCBzdVKw==
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=5&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1-2__ayManagerEnv__2%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
111041158b9290ae7cc0c6da69d7c4f5600e8a73b4c7399d675df7f15ba7b063
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
10RWSSRGE6ND07V3B44D
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
ruNs6PQrLxQtNB7ITl_-IlS1u_zwXA8IUhJ8kA2YjuaEJhFY0ItySg==
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=6&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1-3__ayManagerEnv__2%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
0cff03129f16a73a8ff89d06578b0b1a1127bddb582fd05f0ab62f8ccc6b62f7
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
3BPNJ7H0J0YZB3CW9QQN
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
U_eeFCqrlhL7BcNOV-XWy6syh4kKJKwMrYgsJhP_RltkLXvw6ukPzQ==
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=7&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_leaderboard__ayManagerEnv__3%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_leaderboard%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
8ec3cdfcdc79223ee04ed060812314854cb3b3d9d1914390c755934366fc3693
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
1MQB6CZW7P5JQJ2DSXKQ
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
1tS_u_5G-R_12qUtQL8buQNY1XRbmVE-H5jiAREBgH8bsbGxx4gSzg==
%7B%22_tl%22%3A%22aps-tag%22%2C%22_type%22%3A%22featureUsage%22%2C%22src%22%3A%22kraken%22%2C%22pubid%22%3A%22d34c3868-1544-44a2-9899-167326b5d575%22%2C%22p%22%3A%5B%7B%22cat%22%3A%22log%252Flibrar...
aax.amazon-adsystem.com/x/px/p/PH/ 		43 B
417 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/x/px/p/PH/%7B%22_tl%22%3A%22aps-tag%22%2C%22_type%22%3A%22featureUsage%22%2C%22src%22%3A%22kraken%22%2C%22pubid%22%3A%22d34c3868-1544-44a2-9899-167326b5d575%22%2C%22p%22%3A%5B%7B%22cat%22%3A%22log%252Flibrary%252FdidError%22%2C%22feat%22%3A%22started%22%7D%5D%2C%22u%22%3A%22https%253A%252F%252Fheroinvesting.com%252Fentertainment%252Fbig-brands-hidden-behind-costco-kirkland%252F%253Futm_source%253Dob%2526utm_medium%253Dcpc%2526utm_campaign%253Dhi_cos_6-01_an_c_3%2526utm_term%253D0061df1e37acfb75f995365418e6af2098%2526extid%253Dv4-4EyY2w7-1079981226%2526dicbo%253Dv4-4EyY2w7-1079981226%22%2C%22lv%22%3A%2223.1108.2350%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 a2cac9c5f0e90f8b7fede4ac9aca75ca.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
E2ZRPST5ZNBYXEJ9HEFA
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
no-cache
content-length
43
x-amz-cf-id
j-2RXfX9AdwmckrfixFv8NmqibkVTNtVDGLQLOeTUFlZmH_K2mOpcQ==
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=8&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1-2__ayManagerEnv__3%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
c905a799c91593b68a840f7aae0bd411b7f0d2d475c8f5f5a780d54018fb61b8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
V3QA43A6DMV305WGPFRW
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
whzG4MPBs4r-DUf3Ez95SMBHEF-VL8dcroR8ftdnn8n7_nwqdeSxhg==
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=jCDQK64JzzUat&cb=9&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1-3__ayManagerEnv__3%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.239.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-239-116.fra56.r.cloudfront.net
Software
Server /
Resource Hash
4b8f230af668f20a7b50021f1edb1fac1c96cab1aa576933a2064e5d7807179b
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P4
x-amz-rid
QSE6X5N2WETMMFNRXFDQ
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
NcSo_vQ2HFHdLhp8nDhsEcggK_HRhxiog27TfiugGMuR2_a18imNpQ==
Kirkland-Signature-Pistachios-and-Wonderful-almonds-and-pistachios.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		174 KB
174 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Kirkland-Signature-Pistachios-and-Wonderful-almonds-and-pistachios.jpg
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:1d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
21a1d627f87cdf503961420c198b2bcc9993f88235210d85186824b823e96d0d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
177699
last-modified
Tue, 12 Apr 2022 23:08:27 GMT
server
cloudflare
etag
W/"2b623-18020091477"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHiS%2BLo1PpLs1ewAQ%2Buh79lr8pWe5eUYV3UdWL7D78NVx2SLr5jyUhHWk3KPKJu1KnBcS7Vg3ffXfZm2Eg%2BdyQU%2B4M%2BGG83xnQ5zutyUW9eZcqmySdCiZdmy3gNO%2BUIy27hrY94yI%2BRS8pzeCaSj4BDM9gU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a25116e82118e0-FRA
x-proxy-cache
EXPIRED
23331d4.js
heroinvesting.com/_nuxt/ 		1 KB
1006 B 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/23331d4.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
e0625a022bd3b199157833e0338f4eae7eb814ad18da77a4f315851c3e0d2e57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 20:00:00 GMT
content-encoding
gzip
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589707
etag
W/"47e-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
t7wrziUqk8B2uUmdQwzrjuyCxRPZfPa3JSW_dwharVlIzVgena0Ozg==
vwpt.js
static.vidazoo.com/basev/ 		229 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/vwpt.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:751 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e605414c5d690913c053ec344fd3fd58b19ecd5f111fb05e4e912bc52a77fa66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
FYK9C5AE9F0Z392J
age
36553
x-amz-server-side-encryption
AES256
content-length
56429
x-amz-id-2
067WgrQU5db2illwymlJ7atxaQdMorRuXVWUX5PuqsRWQJ0E9Gx93En/SztSVSlVQittdORRyDw=
last-modified
Tue, 07 Nov 2023 11:26:12 GMT
server
cloudflare
etag
"576a1e0bb56226dbd3a2a239a03e01ae"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a251174c97194d-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 15:48:27 GMT
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:fpdrd&_=1700668107394
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a251175cec3809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:fpdrd&_=1700668107394
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a251175ced3809-FRA
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/?random=1700668107460&cv=11&fst=1700668107460&bg=ffffff&guid=ON&async=1&gtm=45be3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&hn=www.googleadservices.com&frm=0&auid=1665848943.1700668107&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&rfmt=3&fmt=4
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
170bc11af226a2e78686313edbf778bcdf619ecf852713be07feb599bac44bb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1419
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:27 GMT
imp
g2.gumgum.com/hbid/ 		673 B
828 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668107558&to=-60&aun=if_ay_dsk_sticky__ayManagerEnv__1&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=if_ay_dsk_sticky__ayManagerEnv__1&t=notmta6c&pi=2&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
025075bd3dbbe75bb70124872c67e8ed13f5654e21aefe42e50e7c9587bf18d5

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
prebid
mp.4dex.io/ 		60 B
488 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

x-version
3.0.0-gcp-ams
date
Wed, 22 Nov 2023 15:48:27 GMT
x-err
Shapings: no adunits with size and seat and mapping
via
1.1 google
cf-cache-status
DYNAMIC
content-encoding
gzip
x-warn
Process Floors. 1 inventory rules not found for mediatype: banner and adUnitCode: if_ay_dsk_sticky__ayManagerEnv__1
pragma
no-cache
server
cloudflare
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a25118aace65cc-FRA
expires
0
pbjs
htlb.casalemedia.com/openrtb/ 		8 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974243
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6da768623690c30a2d0665dc7ccb17fcf9b39f82dab4f57bdde60738142d8427

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vsjn0uDEWa7ZKDV8qrBMw8psxQx%2BRoKERfcPqUx0aM8oxvgc9k8uz1LZpx%2FK4tZCq4oTMkwiq3UvPJa8TcHPYORE8Ki%2F5QXg5oH%2BqYIsg9JYQpqmN0F4d9I%2BO6XoZxxlM9ZnleN9"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a25118d8ce39e0-FRA
alt-svc
h3=":443"; ma=86400
expires
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
289 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:27 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
prebid
prebid.media.net/rtb/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
150acbeb902a9852750f36ea1f7762fdfcff6787c6f4cfc5be83b93f0aeb97b5

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
213
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:27 GMT
prebid-request
onetag-sys.com/ 		15 B
414 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
/
colossusssp.com/ 		2 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
auction
tlx.3lift.com/header/ 		19 B
592 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
accept-ch
sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch
x-auction-status
29, 29, 29, 29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
v1
btlr.sharethrough.com/universal/ 		0
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
bid
ap.lijit.com/rtb/ 		95 B
505 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
14d22863f81913af3ca2a5898aa24ed30986b97fb5a7f981e6e26c0c7140a139

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:27 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
hb-mm-multi
hb.minutemedia-prebid.com/ 		84 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
b3074090d27e92eb95b0263ddcada4f3efca261ebe7cc915cb352d2f04d5006d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
84
ortb
bid.contextweb.com/header/ 		0
797 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211,22/4211,22/4211,22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-stage-0
hb-multi
hb.yellowblue.io/ 		84 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
bd44dba9ed6aec762bb17a7cc0b9a25455bc0489208b368f3b3dccf0ddbd542d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
11
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
84
hb
ssc.33across.com/api/v1/ 		65 B
148 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
73502f11344a519fa549eeb80ce66ca81ead39a65b81fbeb5fff64966f8e965c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		65 B
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
73502f11344a519fa549eeb80ce66ca81ead39a65b81fbeb5fff64966f8e965c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		65 B
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
73502f11344a519fa549eeb80ce66ca81ead39a65b81fbeb5fff64966f8e965c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		65 B
330 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
73502f11344a519fa549eeb80ce66ca81ead39a65b81fbeb5fff64966f8e965c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		572 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=2&alt_size_ids=31&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=if_ay_dsk_sticky__ayManagerEnv__1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=a643e405-21ce-417d-9d9e-80616f2a2f40&l_pb_bid_id=84a9566fc3b3e87&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=7cb0cbf3-08e1-43f6-af1b-5123dc31cc49&rp_maxbids=1&slots=1&rand=0.6221994880722941
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
30721f4eb0aa9abccd13ec57b290ae8a0dfbc97b6ea72ae13e1175141f3ef1a0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
572
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		17 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=if_ay_dsk_ic_1-side__ayManagerEnv__1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=a643e405-21ce-417d-9d9e-80616f2a2f40&l_pb_bid_id=85f0e558addfb6c&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=41c35285-d949-4e48-8a85-f24cc91881f0&rp_maxbids=1&slots=1&rand=0.6652302386409825
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
589cadcfe87dd8185d54edd03100abce6060abaf18cf67f67b6d5f3d778b8c7e

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		13 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=9%2C10%2C43&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=if_ay_dsk_side_r1__ayManagerEnv__1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=a643e405-21ce-417d-9d9e-80616f2a2f40&l_pb_bid_id=86c3257d352ccd7&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=e6881985-85b6-4481-b6e8-0725b52645e7&rp_maxbids=1&slots=1&rand=0.22250927144106125
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
3b7dc91e90632be200cdd0735d6e5dc7f2dee5738a8bba4d6ee2f606d6a7df33

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		13 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=9&alt_size_ids=8&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=if_ay_dsk_side_l__ayManagerEnv__1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=a643e405-21ce-417d-9d9e-80616f2a2f40&l_pb_bid_id=872c68bc3f5100e&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=db179ad0-f5b2-4ff0-9f18-fa5f8ef74b47&rp_maxbids=1&slots=1&rand=0.25654027754728426
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
206a96a2f91f0f9af16833e871fe5adbfa19bbc0b6f26ee88a913828dfd3c5c8

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
a1c5270055c21f509389976ec7529f13c35a04ec3bcf5ad86cdddbb6cac15ce5

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
416a6f6464b03d7a55e7016dc90d90b112abfbd4480895ac36aca9e98ac196d9

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
632 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
f4de63f60a94037dfeb1ce51fe5a5ec12984810a9896f1eb5b3a225d871357f9

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
632 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
5ba39309991e2cef0269b415fa3bed2a10a502037ece266ad49eb66050206808

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
/
prebid.dblks.net/openrtb/ 		158 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
28fb716e83da311b8a144812eb1f79f885745346c61ddb9e0994757c5f81ac01

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9e-OYZVZOFs1QP6/0bVAOM8lU0qaVg"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
158
bid
s.seedtag.com/c/hb/ 		13 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
d27cdac5329bccadc64959b42caabe7bccdd31b072a0fe2a6bb55ac1cadd6073

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
imp
g2.gumgum.com/hbid/ 		471 B
685 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668107643&to=-60&aun=if_ay_dsk_ic_1-side__ayManagerEnv__1&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=if_ay_dsk_ic_1-side__ayManagerEnv__1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
277605817a73bc3b4cf9f806d43e1c94bfa4906f49162cb62fb15a3d79275d34

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		471 B
686 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668107645&to=-60&aun=if_ay_dsk_side_r1__ayManagerEnv__1&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=if_ay_dsk_side_r1__ayManagerEnv__1&t=notmta6c&pi=3&maxw=300&maxh=600&si=1008719&bf=300x250%2C160x600%2C300x600%2C320x50&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1b5c06cadd765897bf56be7c472bc60b5c8e5e6e5d2bb480be593c4f25dd0e6c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		471 B
686 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668107646&to=-60&aun=if_ay_dsk_side_l__ayManagerEnv__1&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=if_ay_dsk_side_l__ayManagerEnv__1&t=notmta6c&pi=3&maxw=160&maxh=600&si=1008718&bf=120x600%2C160x600&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a849c2e832c63f895bc7ba31d6576eb5560e4253bc2e6fe1a6ab64bf660fed99

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
trinity.json
apex.go.sonobi.com/ 		270 B
993 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2211330d24838cf3d%22%3A%225110ae0368112018ce37%7C728x90%2C980x120%7Cgpid%3Dif_ay_dsk_sticky__ayManagerEnv__1%2Cc%3Dd%2C%22%2C%221140968d769d2834%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3Dif_ay_dsk_ic_1-side__ayManagerEnv__1%2Cc%3Dd%2C%22%2C%22115d96a25c1a14c9%22%3A%22ab18e1366d6110b8df97%7C300x250%2C160x600%2C300x600%2C320x50%7Cgpid%3Dif_ay_dsk_side_r1__ayManagerEnv__1%2Cc%3Dd%2C%22%2C%22116da829e1500091%22%3A%22b73b2d5a888130b1e9b1%7C120x600%2C160x600%7Cgpid%3Dif_ay_dsk_side_l__ayManagerEnv__1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=5daf1e64-e4d0-4834-acf1-ba9b7d5ed944&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22a643e405-21ce-417d-9d9e-80616f2a2f40%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
6e9b6d7b9ec3d1a1def4462c86be80e2f142c7192ad81cf2e2ef93bd242ba56e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
225
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
289 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ea73d43e6e9a44c7ef1b83fc89d751d2e7863145631b9bcbb4bf0cc8166a12f9

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:27 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:27 GMT
c
prebid.a-mo.net/a/ 		0
357 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:26 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
31
server
envoy
vary
origin, Accept-Encoding
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=bidRequested&bidder=nextMillennium&source=pbjs&groups=1220;1214;1217;1216
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668107654&bidder=kueezrtb&at=display&v=4
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a251191f633809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668107654&bidder=kueezrtb&at=display&v=4
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a251191f653809-FRA
v1
lb.eu-1-id5-sync.com/lb/ 		0
0
/
api.assertcom.de/ 		0
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.239.211.175 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.213.239.211.175.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
hash
vrl9rgsahh7mx6ndn.ay.delivery/ 		4 B
587 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/hash?e=vRL9rGsaHH7Mx6NDN&k=%257B%2522utm_source%2522%253A%2522ob%2522%252C%2522utm_medium%2522%253A%2522cpc%2522%252C%2522utm_campaign%2522%253A%2522hi_cos_6-01_an_c_3%2522%252C%2522utm_term%2522%253A%25220061df1e37acfb75f995365418e6af2098%2522%257D%7C295&v=5000
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba8b61671c5a1344acefbc986cb110f88f924b2367852345131717c3ff1f19a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
4
last-modified
Wed, 22 Nov 2023 15:48:27 GMT
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkPgn%2FG0IKuqMgclSAVA0ZHgfbemiljBeeYfkBJ5IRZ6fQV3cIhv6KpGBFsLDf%2F3Ip4pIBcks9%2Fq6GyzNJoGzRomCF5jO0A0uoYZd0is3%2BJjKdAypGGG%2BcF1eZROpuwlXDXGSOzhjgEuRQ0bp4mk1gKd9XDH9Q9VMZ9ylA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=1800
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
82a2511988d29c10-FRA
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
pageview
api.assertcom.de/ 		0
309 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/pageview
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.239.211.175 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.213.239.211.175.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
linreg.min.js
vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers
error
api.assertcom.de/ 		0
310 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/error
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.239.211.175 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.213.239.211.175.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
linreg_da.min.js
vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/ 		187 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg_da.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b76b819a56cefc5344fabd9df41fdab467b1038d63992c2cabe70ab71d44c8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 20 Nov 2023 12:49:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"655b55df-2ebee"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVOiJnHOFg%2F0rQr4%2Ba7Hoz4CWnEXLWl9k59fqWgIVxaafFrX03lQ%2BYr2tbURr7idkA8k7lHH3ghEgxwKzY0A4%2FJArh7ZyqshmK7jwQtbc7C5%2BqRutr6ndAD%2F%2F4uwoYOjxZ9ATk4tT7v03OPKomatv9Ti5p8mMTyvb0fl0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a25119692c37ca-FRA
alt-svc
h3=":443"; ma=86400
forest.min.js
vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/forest.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers
22890879159
fundingchoicesmessages.google.com/i/ 		161 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/22890879159?ers=3
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7dc5277ba585373d4d4a12835a2034882cba58915950cdfbcb50ac6a7d8e610c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-XC3MRuLgNByzuGfK_JD-vg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-security-policy
script-src 'report-sample' 'nonce-XC3MRuLgNByzuGfK_JD-vg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
script.js
cadmus.script.ac/dahhc4ozyvjm6/ 		129 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1691 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf9a23b3505b601a9de91a953c462d670e5b13fbbed92e0be549822cdd2af34a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
gzip
last-modified
Wed, 22 Nov 2023 15:20:46 GMT
server
cloudflare
age
0
etag
W/"70843787a6a2466cec2e9aa1ded631605944cd27"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
cf-ray
82a2511aac825d4e-FRA
adagio.js
script.4dex.io/ 		77 KB
24 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61496aa1a9c3d26cfc292b41fc451a597a47468117c1fb258226a57296390433

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:27 GMT
Content-Encoding
br
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
1314781
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 06 Nov 2023 14:13:08 GMT
Server
cloudflare
ETag
W/"ccc354615ffb5b4afd96268bab4a6502"
Vary
Origin, Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOc5QC5dgI6z6IiN2K3FT5oE4pzDgj7Xx1YAgDChnY9SU%2BnXrbH1aRExt3wn5hGYf2CBJeWmBG7YTs6J1OU26NrDJhAXumXZg2V1ZUnuX%2BhfLD0Vb5YQMPJD1U1XecxQINe2OeDomtIEg0hb"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
public, max-age=1800
CF-RAY
82a2511a7f4d65c1-FRA
lgc
d9.flashtalking.com/ 		147 B
756 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/lgc
Requested by
Host: d9.flashtalking.com
URL: https://d9.flashtalking.com/d9core
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.19.59 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.52 () OpenSSL/1.0.2k-fips /
Resource Hash
8cb55f8c45774132203fdddd5da3007c4377df88c44505c87669dbc7c700d789

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Wed, 22 Nov 2023 15:48:27 GMT
Server
Apache/2.4.52 () OpenSSL/1.0.2k-fips
Access-Control-Allow-Methods
GET,POST,SERVER
P3P
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Access-Control-Allow-Origin
https://heroinvesting.com
Content-Type
application/json;charset=ISO-8859-1
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
147
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202310231203/ 		264 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202310231203/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Oct 2023 16:04:16 GMT
server
cloudflare
x-amz-request-id
1A4EHPD39F41F6QA
age
1195607
etag
W/"866ce4ef9ef41c261f6060e4f642bb88"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
82a2511a4d2e39c8-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
GjOIvZG9k9tEvLHaTchQufVH9UuOlAv+bfBUOZrovMafl2oMDGasRZ1QEyF87q0qOWaKHZQaofQ=
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:28 GMT
bid
s.seedtag.com/c/hb/ 		11 B
77 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
64490d9f43dde1d328822e5fda86b0c17fa12a974df28a6fa75e5ad3bb9a8cd4

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
prebid
mp.4dex.io/ 		60 B
161 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a2511cafc665cc-FRA
expires
0
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
trinity.json
apex.go.sonobi.com/ 		205 B
829 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221502213ad9428a95%22%3A%22339eef0ffc50a90ea04b%7C728x90%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_leaderboard%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=f1dc6091-d544-453a-bc21-385a495ac692&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22f8e803eb-10d3-4f77-8bb8-18ea21abe287%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
4175372abfb2196ceebaf65ea4b8b1934574adc959908c81516b683683fee8a3
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
190
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		95 B
505 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
b200ac3d3bf008f2ce310df1c78c2df72dbf8861b8681a68acb3e40fe51eb4ed

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
hb
ssc.33across.com/api/v1/ 		67 B
141 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c09bf620e023ccd1045f79a8745041314f2dbbccd870dbbeec496ffe698ab65

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb-mm-multi
hb.minutemedia-prebid.com/ 		85 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
67837bc7a7ebf39b40b6fac84e0fd64ff503780f51039ee0373b7432ccd98afb

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
imp
g2.gumgum.com/hbid/ 		471 B
686 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668108258&to=-60&aun=if_ay_dsk_leaderboard__ayManagerEnv__1&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&t=notmta6c&pi=3&maxw=728&maxh=90&si=1008717&bf=728x90&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
60e91bda361fc74879d0ac95ad7c1b342e4963e780934e53b07cb2163180db99

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		250 B
548 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
be125b657cb6690d3d60409a100996700907573c637ab7b4c3f36837d28f7d79

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
250
expires
0
unruly_prebid
targeting.unrulymedia.com/ 		0
165 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		577 B
634 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=2&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_leaderboard&tk_flint=pbjs_lite_v8.20.0&x_source.tid=f8e803eb-10d3-4f77-8bb8-18ea21abe287&l_pb_bid_id=164d89794a8ad04c&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=efcbd506-9699-402a-84e7-f79946d22cd5&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&slots=1&rand=0.9267822504713621
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
26a2294cc71f66729c948706153dbabad32ef2bf12083f8c21b600c0d4086c28

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
577
expires
Wed, 17 Sep 1975 21:32:10 GMT
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
341 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974238
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5293e0d94eff2837b1797ecb43e000b9e8249c4a4e6e316963248a2d4b87127

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nlXwLpYmX2%2BUquQ%2B7s1%2Fa0V6sOlUdvX0kajjY5tvLobSAdXdXUrQ0zdpT0WSY0YspE8Vs0c99ANefVP4zak5mFLuZ35vlw1uCkv6B03vIw%2FmPO%2F7ePtsm1vKF%2Bq3DEgJugXiv%2FgH"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a2511cddf239e0-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
c
prebid.a-mo.net/a/ 		0
237 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
11
server
envoy
vary
origin, Accept-Encoding
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:28 GMT
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
/
prebid.dblks.net/openrtb/ 		159 B
423 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
25fb834c2128d55a8db065e813c0fbc3fc7b49799c3e46e5d787a6de2819762c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-F4EQbUISOzMyd+F6dGzBKlKaS4o"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
hb-multi
hb.yellowblue.io/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
be21405eb0f240e306b4b9cb3cca010b7f7ed6762a8d58c9bb3e5bfff2aefeef

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
10
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
accept-ch
sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-48522
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
f31feb8d925261995f163714672276641e30b4ab72de413b70fc93918bb5ce9d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
97
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:28 GMT
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=bidRequested&bidder=nextMillennium&source=pbjs&groups=1215
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
dye
track.kueezrtb.com/ 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108291&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511cfced3809-FRA
dye
gtrack.kueezrtb.com/ 		0
30 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108291&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511cfcee3809-FRA
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:28 GMT
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
6522e64ab5ed9c2d96aa46ca6e5b576488db3c275f4c33466a975db91f6fda36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
546 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
008820dd4613fc0396d7eaf2a17ca272ffa9f10636a72c2534f4de50e34ac8f2

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
imp
g2.gumgum.com/hbid/ 		471 B
685 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668108304&to=-60&aun=if_ay_dsk_ic_1-2__ayManagerEnv__1&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dbc7becdd2e8bf2ac758ccfe5930afbb2c242ecbaf6cc425fb73e02c0497704c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
trinity.json
apex.go.sonobi.com/ 		205 B
828 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%222042cc0bf6a020de%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=6f3cc2a3-ff86-4c5a-a328-3840f685f3fe&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22758e381f-9e15-4f24-9e5e-9d84ba873579%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
ea47381f277c3c846c154b4b2d214ee378430ef883dbbd34817a11e0a772b6f5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
189
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
5d9b4f914e5242e51a1fbbbf42d9e45d2739b8a3b1c36164c2546d1af072264e

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
114
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:28 GMT
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:28 GMT
c
prebid.a-mo.net/a/ 		0
213 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
14
server
envoy
vary
origin, Accept-Encoding
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
accept-ch
user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bid
ap.lijit.com/rtb/ 		95 B
505 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
c33e2d26ff93f304c12ee1ac5165ac2f56e86e53acee8fec5701e72951e8a1e4

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-5vtp6
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
hb-mm-multi
hb.minutemedia-prebid.com/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
6b08e11012fca89020fef6f7f406f703755d47e5f3bd20d26d6cfbbafa4a9fb3

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
27
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
bid
s.seedtag.com/c/hb/ 		13 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
f04922ebea4b067db85d03916ff10a7691c8acdec1a6df9a97348508aea72c96

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
482 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c67a54238bf42a58220827c3acfccaeda7322f795c3851d5953f3607280a6250

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2F8bpqCqjjLMdpVeRTXFwFuroip0jukwuioONc2NEhFzR8YfV4ZewnD04UQqTPpxH6CiMX5OU0m2jUVbntMAiMoMiCq1El9w0gna29ZoWRXJSdo6K%2BJsltdACCBmm0qtnhjfJEx0"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a2511d2fea380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
90062375ddadeb5f2165be6e6ffcd441184829374c4766bd724e20b09606c8c7

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
fastlane.json
fastlane.rubiconproject.com/a/api/ 		595 B
629 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=758e381f-9e15-4f24-9e5e-9d84ba873579&l_pb_bid_id=23606268b17fcd93&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=a2696815-48cc-42b3-a6df-cb56068741fd&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.7228038533799714
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
5447a4b923e58e64495179de1ced10a1ffca416eaad7617e39fe1ce02976e42e

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
595
expires
Wed, 17 Sep 1975 21:32:10 GMT
/
prebid.dblks.net/openrtb/ 		159 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
bd9dfac701991124e81aad87a2ef66f798b6985950b51f6456cd94386e03ad34

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-JZg/swtEnXyUINt59eTE8baYr1g"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
hb-multi
hb.yellowblue.io/ 		85 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
c73221984a8df331a14c8ceee7fc232e93eff6e9fa74fd72ed40d34da73c0a0a

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
prebid
mp.4dex.io/ 		60 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a2511d489a65cc-FRA
expires
0
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108299&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511d4d513809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108299&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511d4d533809-FRA
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=bidRequested&bidder=nextMillennium&source=pbjs&groups=1214
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:28 GMT
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
b9ffdb10a2d93c63fb1d77e3db4d51d7cf132177aea3ab148e4f80cc367ee5bd

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:27 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
106
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:28 GMT
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:28 GMT
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
546 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
5e9f4133696f0e582243141fe88a05702ea60f984211abb480d9a2ecbb716441

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
prebid
mp.4dex.io/ 		60 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a2511d58ae65cc-FRA
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		595 B
629 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=9b0379ec-47bf-4ac0-a848-b6fc26a0b968&l_pb_bid_id=258ce82ae5578c87&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=6f40782f-9951-4b5e-9c24-658a150a7585&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.7323538806429342
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
113fa3cd708b6186a2e7356cc0f7cc8294276095ab899e62cbce5ac560f7921b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
595
expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
hb-mm-multi
hb.minutemedia-prebid.com/ 		85 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
a15de4e30a474b4bd36d8d1989cd4e8acb32de8dd8f2ae29d66db3c0bb51b1a4

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
hb-multi
hb.yellowblue.io/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
6c9cdd6715e32ba9b632a95591192b46cafdfd67fe6180b6b53c73015598c231

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
53
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
527 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa0b33ee90a69b6de3660103153ea0a3ce5988cc09b54cd126e3d7f67a960582

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VoEI%2Be4MgfDPMadk3FBWSOu%2F4McGi8zIaLWqGU1qFzdsh4ETd%2BDjDUh%2BUsO1eyFQCz8XAmIMh6vkUJ48ju6nmViAe4Wx8MwPTiSMP71%2FXSspenwTVjiNux%2BX9ENz2ZetJBcy9bxi"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a2511d7852380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
/
prebid.dblks.net/openrtb/ 		159 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
b514f02bcd5b090edf30e218136c9ed1ec47445946a4ed61f391faaefc7707ab

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-OMdacd/Munqb8dCuUT34Oe+pJiA"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-ckq9x
trinity.json
apex.go.sonobi.com/ 		205 B
829 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22274ea7009baa146c%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=62fbb530-150b-4978-9852-a45e37f127f3&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%229b0379ec-47bf-4ac0-a848-b6fc26a0b968%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8aae1da2d06b49c8b2aebbcb9828fafc038488d988cc92dcd66a6f8faca59122
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
190
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
c
prebid.a-mo.net/a/ 		0
213 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:27 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
12
server
envoy
vary
origin, Accept-Encoding
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
imp
g2.gumgum.com/hbid/ 		471 B
684 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668108407&to=-60&aun=if_ay_dsk_ic_1-3__ayManagerEnv__1&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e226b210b4b9bee553da225bd9be2c495c2918ceb5d23cc2998ed82a8d4191a6

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
accept-ch
sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bid
ap.lijit.com/rtb/ 		95 B
503 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
e885af5b5df46e9eedd6358e61a43197f3c3d3822ea98537b7129096c57ad36f

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
bid
s.seedtag.com/c/hb/ 		11 B
29 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
v1
prg.smartadserver.com/prebid/ 		171 B
564 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
hb
ssc.33across.com/api/v1/ 		67 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
d833164d6f79ca24d732c7c183ada6c241c66401d01f176960a1e35f96d45600

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
28f0a3dd6e172f63928f58dd1153842750e3696f9f5375e123a54aa3cd706c0f

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108416&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511dee3a3809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108416&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2511dee3d3809-FRA
/
www.google.com/pagead/1p-user-list/10887832869/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10887832869/?random=1700668107460&cv=11&fst=1700665200000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&frm=0&data=event%3Dpage_view%3Bpage_path%3D%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&fmt=3&is_vtc=1&cid=CAQSGwDICaaN6UaqVieZFIwHY0dyG_Qozm-hE8PbJg&random=2672015071&rmt_tld=0&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10887832869/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10887832869/?random=1700668107460&cv=11&fst=1700665200000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&frm=0&data=event%3Dpage_view%3Bpage_path%3D%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&fmt=3&is_vtc=1&cid=CAQSGwDICaaN6UaqVieZFIwHY0dyG_Qozm-hE8PbJg&random=2672015071&rmt_tld=1&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
error
api.assertcom.de/ 		0
309 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/error
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.239.211.175 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.213.239.211.175.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
unifiedPixel
tr.outbrain.com/ 		53 B
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/unifiedPixel?optOut=false&bust=03729740254151539&referrer=&marketerId=00a660d3b681963628076d3f1e67fce8b6&name=PAGE_VIEW&dl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&g=0&obApiVersion=1.1&obtpVersion=2.0.5&ob_click_id=v4-4EyY2w7-1079981226
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
38.133.127.95 Sacramento, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
Software
/
Resource Hash
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Cache-Control
no-cache
content-encoding
br
X-TraceId
fd6ca662d757c5a07ef47e6fdbc3c8f3
Content-Length
54
Content-Type
image/gif;
pageview
api.assertcom.de/ 		0
309 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/pageview
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.239.211.175 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.213.239.211.175.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
pageview
api.assertcom.de/ 		0
309 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/pageview
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.239.211.175 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.213.239.211.175.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/?random=1700668108576&cv=11&fst=1700668108576&bg=ffffff&guid=ON&async=1&gtm=45be3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&hn=www.googleadservices.com&frm=0&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&auid=1665848943.1700668107&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%5C%3Dob%26utm_medium%5C%3Dcpc%26utm_campaign%5C%3Dhi_cos_6-01_an_c_3%26utm_term%5C%3D0061df1e37acfb75f995365418e6af2098%26extid%5C%3Dv4-4EyY2w7-1079981226%26dicbo%5C%3Dv4-4EyY2w7-1079981226&rfmt=3&fmt=4
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
87f41d9c4f569039a589601ac5215f1482d21d7ed08caa59686783e27c4be3d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1457
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1220
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1214
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1217
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1216
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
1a
i.clean.gg/ 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
via
1.1 google
server
nginx/1.21.6
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
1a
i.clean.gg/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=utf-8
date
Wed, 22 Nov 2023 15:48:28 GMT
server
nginx/1.21.6
via
1.1 google
AGSKWxU1KM9Eo8RfQllMPd66O5iugTILPrn19QhGmO16J8rXghjsLO5CDAws2cNN21T04JeU-sLsF3tEW7S3cVb4bPvYaMgSvUXvxrY93nngUAzZY9n2DgSvlbJhtcObXjJWwefFb393kA==
fundingchoicesmessages.google.com/f/ 		363 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxU1KM9Eo8RfQllMPd66O5iugTILPrn19QhGmO16J8rXghjsLO5CDAws2cNN21T04JeU-sLsF3tEW7S3cVb4bPvYaMgSvUXvxrY93nngUAzZY9n2DgSvlbJhtcObXjJWwefFb393kA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAwNjY4MTA4LDcwMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9oZXJvaW52ZXN0aW5nLmNvbS9idXNpbmVzcy9iaWctYnJhbmRzLWhpZGRlbi1iZWhpbmQtY29zdGNvLWtpcmtsYW5kLyIsbnVsbCxbWzgsIk50czVMdllJb2JrIl0sWzksImRlIl0sWzE5LCIxIl0sWzE3LCJbMF0iXV1d
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f2f74210d06d83f9e7c3f190df1f0496ab4b7cb703222e0e9e4edd10f584aa53
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-BLZsVX9TBwGdyWmDIEs7kQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-BLZsVX9TBwGdyWmDIEs7kQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:28 GMT
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8feeb2af07dabc3f7e51dd0524004bb6049727e0fbd6378e8dc64aa4144d6db5

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
hb-mm-multi
hb.minutemedia-prebid.com/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
86749c09ba3f21d87f2b883fb9ca5b3391ce10df049a5608f88e7e8751b8ad62

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
118
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
ac71e58314929073cdb7b99d7503d9b71bddbd9d54cccac326a65ec65dbe2c1d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
134
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:28 GMT
hb
ssc.33across.com/api/v1/ 		67 B
106 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c072ccd28b198cee370b4feae3f50c01fd6ac5369126da4541e7a8257d5bbed

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
auction
pbs.nextmillmedia.com/openrtb2/ 		249 B
548 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
4bb2d0d2c2a9d562c03c36576a3c24757628ff6d587c6e031146cb514e3e5a76

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
249
expires
0
c
prebid.a-mo.net/a/ 		0
236 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
server
envoy
vary
origin, Accept-Encoding
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-48522
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:28 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
bid
ap.lijit.com/rtb/ 		95 B
503 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
853aac09e698b5cc90b45abdac04da4b9f834228dc29bdfc057e2133a2f24461

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
imp
g2.gumgum.com/hbid/ 		471 B
684 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668108846&to=-60&aun=if_ay_dsk_leaderboard__ayManagerEnv__2&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&pv=86356039-c5df-42d2-b0d9-2ae7bb113364&t=notmta6c&pi=3&maxw=728&maxh=90&si=1008717&bf=728x90&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c635e5911388386f55ff0903a75b9e5fb813c5b9fa8605792a71eb770d604b7d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:28 GMT
prebid
mp.4dex.io/ 		60 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a251206c5665cc-FRA
expires
0
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
487 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974238
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b5d8ead7d1f2243f295c5a0a476b5ed4ffe047193426bf28c3cca2d6396dc21

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=85YtxrxGhd1ntWpQDu8SJvmldbJdIHXPAEOwjeAXZJRQWlD2GCXW%2BcAvUOCEvbuG38itvWzEncLxW%2B61b5bXV8kO4ooEOEE%2B5pJ9TfTQIySVrNwGNvXKOfr8kabV1Jyyx3CUWnzF"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a251206bce380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
trinity.json
apex.go.sonobi.com/ 		205 B
727 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22340914759bb25def%22%3A%22339eef0ffc50a90ea04b%7C728x90%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_leaderboard%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=dd4e535d-63ab-49f8-8205-4f651788a04d&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22dbfcb8e1-8566-486b-843e-d3d6db383e8f%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
02179f1c89392189425d4158903d82f95820bdc26d27126f39fc59c8c0e4d31d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
190
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		577 B
634 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=2&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_leaderboard&tk_flint=pbjs_lite_v8.20.0&x_source.tid=dbfcb8e1-8566-486b-843e-d3d6db383e8f&l_pb_bid_id=342496db6e7b1883&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=d45cde22-299d-49f6-9c29-e46335db94a9&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&slots=1&rand=0.47978201087336303
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
33a9bbbf2ffab477f4e007d757dec2d21c5130a1ab5103eae0cc1afbb1b15130

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
577
expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
accept-ch
sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
hb-multi
hb.yellowblue.io/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
1d333415854e443becadf60ae01de769b5ec13d0f76c7d5c4ae811f110df35a4

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
42
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
/
prebid.dblks.net/openrtb/ 		159 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
f94fb6d995e6263bddbd2e7aa9fdcb1eb1a93d7ae8dc6a8ea3fa16d8ad5638e5

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-VgrItBmmpwgl23WJbvTqnOX2hEM"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
bid
s.seedtag.com/c/hb/ 		11 B
29 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108858&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2512089c53809-FRA
dye
gtrack.kueezrtb.com/ 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108858&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2512089c73809-FRA
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:28 GMT
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:28 GMT
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
imp
g2.gumgum.com/hbid/ 		471 B
684 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668108879&to=-60&aun=if_ay_dsk_ic_1-2__ayManagerEnv__2&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&pv=86356039-c5df-42d2-b0d9-2ae7bb113364&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c635e5911388386f55ff0903a75b9e5fb813c5b9fa8605792a71eb770d604b7d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		595 B
629 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=f7e5f9ca-9fa8-4cc2-a2e3-ea7909bf7ed7&l_pb_bid_id=36428d36285028b2&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=2b700ab7-4aa5-4ab5-b318-f1edeabce136&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.5227609633291512
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
9d5f3b72a1218741a49be31bb07a03c5365e1daab85ffcd544824d68f4080655

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
595
expires
Wed, 17 Sep 1975 21:32:10 GMT
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
trinity.json
apex.go.sonobi.com/ 		205 B
727 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2236865f9ff803ef22%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=bd816fb1-56ee-4ab3-9d96-1d0d882e0403&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22f7e5f9ca-9fa8-4cc2-a2e3-ea7909bf7ed7%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
2d6a5472471dd20b6d598cfee114748ab11db7f5962bca9854cf92b21b96db49
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
190
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
accept-ch
sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-ckq9x
bid
ap.lijit.com/rtb/ 		95 B
503 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
edce001abb992b5cf69d0fed80c386f93eef3466ff84a35280d70e928d836bc6

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:28 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
hb-multi
hb.yellowblue.io/ 		85 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
f2daeb2829868142889b221813c0a36b68761319ec6cd6358d02883ab189ea44

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
hb-mm-multi
hb.minutemedia-prebid.com/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
2444153f4032d2809300408111c8f486abea4c15033ebf33eb81d2c1903cc206

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
14
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
bid
s.seedtag.com/c/hb/ 		11 B
29 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
2d4ab63b0c59a3ced8c7f036bb3263425b15847610dcb238c913e8c8da57cf06

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
221
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:28 GMT
prebid
mp.4dex.io/ 		60 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a25120acb965cc-FRA
expires
0
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9f5933a3d6d103d80585826dea98b19ce974d7b44aa4c8cfb3d717697772ff5b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
493 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db3fcb13513ab0df8d771965eba1469ddd88f0d0fcdd8fce4ddbeb01cacd242f

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KIux0Bl6lahvyIz9cpQLCH8lSrksc2z%2FHsxs%2FoGyqufh6WQ3s3%2B0xKTU%2BgDWPM%2BQ8KyMkqkwQ%2FVnU3e%2FZvxf5bAOfV%2FU%2FrptaebADbmFrukq5hwDVxrnGzE6MhveDFerg6F1gbRR"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a25120bc20380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
/
prebid.dblks.net/openrtb/ 		160 B
422 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
ab5083387398d67868ad529a89f770c4ebab6f25dc06ab91f76ca2b9d1bbd392

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"a0-AKN5x481PX9l9uYujPKKiSEfRec"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
160
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
c
prebid.a-mo.net/a/ 		0
213 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
73
server
envoy
vary
origin, Accept-Encoding
auction
pbs.nextmillmedia.com/openrtb2/ 		249 B
548 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
55e7020aff7ecee94b80c84a6a58eeda72ee12d405c155e165a27568b643b7ca

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
249
expires
0
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:29 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
hb
ssc.33across.com/api/v1/ 		67 B
106 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
6f61c306ec0f36d49ce62d99490f13885bc80a7948b6a83f35d2149f1c0c44ee

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
dye
track.kueezrtb.com/ 		0
30 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108892&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a25120ca2c3809-FRA
dye
gtrack.kueezrtb.com/ 		0
30 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668108892&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a25120ca2e3809-FRA
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1215
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
/
www.google.com/pagead/1p-user-list/10887832869/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10887832869/?random=1700668108576&cv=11&fst=1700665200000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&frm=0&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%5C%3Dob%26utm_medium%5C%3Dcpc%26utm_campaign%5C%3Dhi_cos_6-01_an_c_3%26utm_term%5C%3D0061df1e37acfb75f995365418e6af2098%26extid%5C%3Dv4-4EyY2w7-1079981226%26dicbo%5C%3Dv4-4EyY2w7-1079981226&fmt=3&is_vtc=1&cid=CAQSKQDICaaNsHEBSXqlwNpfjsAeGpeb9Q1SZtXTmMIRE5pWWwGVmXgHNWNx&random=2029595550&rmt_tld=0&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10887832869/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10887832869/?random=1700668108576&cv=11&fst=1700665200000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&frm=0&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%5C%3Dob%26utm_medium%5C%3Dcpc%26utm_campaign%5C%3Dhi_cos_6-01_an_c_3%26utm_term%5C%3D0061df1e37acfb75f995365418e6af2098%26extid%5C%3Dv4-4EyY2w7-1079981226%26dicbo%5C%3Dv4-4EyY2w7-1079981226&fmt=3&is_vtc=1&cid=CAQSKQDICaaNsHEBSXqlwNpfjsAeGpeb9Q1SZtXTmMIRE5pWWwGVmXgHNWNx&random=2029595550&rmt_tld=1&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ 		69 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans:regular,medium|Material+Icons|Google+Symbols|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMx-VBI7cufk83j17-qyMs5NHKqYbA/m=web_iab_tcf_v2_wall_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c4cb7ee295b14fe670ced1e8271273041990ca3d5af39accf8e960c227148eab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 15:48:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 22 Nov 2023 15:48:29 GMT
c
prebid.a-mo.net/a/ 		0
210 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
server
envoy
vary
origin, Accept-Encoding
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:29 GMT
hb-multi
hb.yellowblue.io/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e2aad8d4a6ea8d798229b0966e3902855bdec1998ad5487434e7da4c921719e7

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
65
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
bid
ap.lijit.com/rtb/ 		95 B
505 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
d145f0a5ecf309f2c57dffccd50122e835a8d490602bb6e35c96c738618994f9

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
484 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf6e4ad9998b4828a05e5f827edd9dd961f439ee0fa7f11825a08a90bfa382e8

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lpm4A2NXlKBiLYtnNdNgslcV5QIAmQ%2BLZovsuussrqJ1uMsAz1eeqMzseXlpdYzArhx6HOlSW7JanUwYuqAz4UT6T47KjHrDapwaWok%2FomH6r0ZJXGMiEkDPAPcF2YV%2FU6eHVHNi"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a251222de4380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
547 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
8c20a5c73dd63fdb72a8ebc6f6794afa53d292f2915afc3be02367848b203803

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
2829996a9003e519fa88c9a1908659d2de54325da2c645141b28119d4e213dfd

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
196
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:29 GMT
hb-mm-multi
hb.minutemedia-prebid.com/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
904ec3cf49608e24b4f667e6c8e629938dc7637a654fa03f3d165514de667f48

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
22
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
accept-ch
sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
trinity.json
apex.go.sonobi.com/ 		205 B
803 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%224302f2b7089f0d9e%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=1f61be58-2fa6-4fe1-ac91-188e5d20948c&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22d6e6f578-c07c-4b3e-84df-34663389d936%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
aa93ed4eb86c0ab48ce506b80bef916beceef4927ca58879862b75badcc360e7
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
190
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
mp.4dex.io/ 		60 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a251223ec265cc-FRA
expires
0
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
hbjson
grid.bidswitch.net/ 		24 B
368 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a3d477219de2bc775bdf051ed6497f56393934e3738ad8d6c39cf3458fda9986

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
49
fastlane.json
fastlane.rubiconproject.com/a/api/ 		595 B
629 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=d6e6f578-c07c-4b3e-84df-34663389d936&l_pb_bid_id=438a43845887bbdf&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=6c65c476-c346-4348-b072-4af43b16cb47&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.6874098629945009
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
446a71d5cee8d0114e6c2d5bc54b3edf3c2a0aa78fd21c34e33616343b75a546

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
595
expires
Wed, 17 Sep 1975 21:32:10 GMT
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
hb
ssc.33across.com/api/v1/ 		67 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
fba0ea0c63c5284f98875d5db1b155d9d2798648e64681b3f5a8bbda95635865

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-ckq9x
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
bid
s.seedtag.com/c/hb/ 		11 B
29 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
imp
g2.gumgum.com/hbid/ 		471 B
685 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668109162&to=-60&aun=if_ay_dsk_ic_1-3__ayManagerEnv__2&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&pv=b53ea53c-d12e-4de0-aef8-17f469da9dd5&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dbc7becdd2e8bf2ac758ccfe5930afbb2c242ecbaf6cc425fb73e02c0497704c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
/
prebid.dblks.net/openrtb/ 		159 B
422 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
5daf5a67b0195adb249daf8be3beba954aa26b72bface0a88322a51e66c9c9c0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-/GRnbm//jS7V6KeRvVIIoVW+aRg"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:29 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668109158&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a251226cbf3809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668109158&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a251226cc33809-FRA
fastlane.json
fastlane.rubiconproject.com/a/api/ 		577 B
611 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=2&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_leaderboard&tk_flint=pbjs_lite_v8.20.0&x_source.tid=dd0e6c30-1bdc-4521-8914-91c0a12abbd9&l_pb_bid_id=4641fd776a16a9de&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=644c679b-4afb-4c47-a6a7-7b9a344a1c2a&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&slots=1&rand=0.854926286811722
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
eaea340fc9c06732833561ee4fabd14573a35d83c744d9d16ab8fa210d98a911

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
577
expires
Wed, 17 Sep 1975 21:32:10 GMT
hb-mm-multi
hb.minutemedia-prebid.com/ 		84 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
822c2b1fbd85dc0f3bf079ffabd40dde19d0d572515d59ee7da6c68b00d84029

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
16
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
84
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
auction
pbs.nextmillmedia.com/openrtb2/ 		249 B
548 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
5f618b9e850e817799045418cb4d6baf1935f9085654f860cf286b8f14d65b48

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
249
expires
0
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:29 GMT
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
8255cd81a570e59fc7e3ffe7540821f28c10211377465826801a7398f88da85c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
297
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:29 GMT
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
hb-multi
hb.yellowblue.io/ 		85 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
42a43730d8f510b4afac0dca3146fd88f1cd96bcf3ea75813c710e68d765761d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-5vtp6
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
imp
g2.gumgum.com/hbid/ 		471 B
685 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668109194&to=-60&aun=if_ay_dsk_leaderboard__ayManagerEnv__3&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&pv=b53ea53c-d12e-4de0-aef8-17f469da9dd5&t=notmta6c&pi=3&maxw=728&maxh=90&si=1008717&bf=728x90&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dbc7becdd2e8bf2ac758ccfe5930afbb2c242ecbaf6cc425fb73e02c0497704c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
accept-ch
sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
prebid
mp.4dex.io/ 		60 B
162 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a251229f4965cc-FRA
expires
0
c
prebid.a-mo.net/a/ 		0
210 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
11
server
envoy
vary
origin, Accept-Encoding
bid
ap.lijit.com/rtb/ 		95 B
503 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
a0f64f969e63efef1892ac224772d364dce3bd89ca4aa6e2fbd44f458af4a540

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
70c311ea097cbc672faa7f9325356ef749fbe6a1a729412e24ece30fc973d457

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
bid
s.seedtag.com/c/hb/ 		11 B
29 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
trinity.json
apex.go.sonobi.com/ 		205 B
803 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22506a0041087bd58b%22%3A%22339eef0ffc50a90ea04b%7C728x90%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_leaderboard%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=7ceccf22-b8aa-4626-917b-e11bc59a5cc9&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22dd0e6c30-1bdc-4521-8914-91c0a12abbd9%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
5296373e00b7bf940079974c8621fda422dd1406bfc1a55c28defa64c5718d97
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
190
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
/
prebid.dblks.net/openrtb/ 		159 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
4d8a1333caa093ff4face975ecd4e42cbc366c70f2c4540e536f92b34d561db3

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-JfdYr9wOWonUu/cqAPCu3wdGcg4"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
hb
ssc.33across.com/api/v1/ 		67 B
106 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
679af1410a90367c05aa33c79c163c5cf21b727bfbf24a9af7638bd5652020be

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
479 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974238
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71452118f362fb13df5ca8297190a2b26506f8062c0a4b5ef7980a06c9addbea

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSL44SaT8wcaCKu8lQemRaPdiMJeujUoKu4pACxe2gTxyvsLmNeH9iGZd71TyCnhSeJOHa8kx60DQsbvqwdn82aNucNiDItwRYK2XE8LK9In4Afmldjkp8n37cUkNzZ12wZGhFjq"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a25122beb2380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:29 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668109193&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a25122bd373809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668109193&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a25122bd3a3809-FRA
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ 		125 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 03:53:37 GMT
x-content-type-options
nosniff
age
474892
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Tue, 07 Mar 2023 19:51:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 16 Nov 2024 03:53:37 GMT
AGSKWxWd1mco1fsUUXEoz9nDRmmAaXOZVhHdojGH-VjQgvT6WaLDSTzQlV4X5aFhRANtWE4jKQc8oPLy_SsbnF_jaBGl9y5FcP6P5uwbQjH5UVwLCPTg9Mm6_Q9PniyW2_ihzyObG7vkHw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWd1mco1fsUUXEoz9nDRmmAaXOZVhHdojGH-VjQgvT6WaLDSTzQlV4X5aFhRANtWE4jKQc8oPLy_SsbnF_jaBGl9y5FcP6P5uwbQjH5UVwLCPTg9Mm6_Q9PniyW2_ihzyObG7vkHw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/am=CAM/d=1/rs=AJlcJMyTmwD9vZzPw60_wPGGncvG1CmM1A/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-WgwzHdRGLJm4z0_xMTMUyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-WgwzHdRGLJm4z0_xMTMUyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:29 GMT
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:29 GMT
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-5vtp6
hb-mm-multi
hb.minutemedia-prebid.com/ 		85 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
00891c993c2349ad44c776c5c315a0f22f29852822e53d3ce5fea26491126990

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
hb
ssc.33across.com/api/v1/ 		67 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
5f64ebf6b2977ec7e3b26b80f2a1b44d54217614fa904f4662040f6d260f5ef3

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
prebid
mp.4dex.io/ 		60 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a25124a9d565cc-FRA
expires
0
trinity.json
apex.go.sonobi.com/ 		205 B
727 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22528301349d98b44a%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=ba78650b-bb21-4d3f-9de6-8000a81a604c&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%223aed3033-5802-47a6-bcae-2483135012ad%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
a227723172e3fad5dbc834f16eb5ace23b0fa9626853936c394f69f7ae7ada78
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
190
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		595 B
629 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=3aed3033-5802-47a6-bcae-2483135012ad&l_pb_bid_id=5328f26c66932751&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=d862f461-762d-40e9-9408-dbe382a58a34&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.5255447481499151
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
2bdd5e9e7a67f74ba55a535f222fb309b1062022241c1c3c5253b94192d6ac8e

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
595
expires
Wed, 17 Sep 1975 21:32:10 GMT
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
45566141c9bd03e314c3d7249582d6d7669512384d4c55bbce5ce1da4400cf2e

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
/
prebid.dblks.net/openrtb/ 		159 B
422 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
9ed3b9da2e59b0e5a376ec2af91c6786ff3e3fbb4d8b5dc1dd81c9355c8f3662

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-I6EQiu1kYWVFsU9WWnFIV2VvukI"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
547 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
afa871bc9b82f151da5e18d35859a6a78d0f0190f01b2ed8b08fb9ffa6d13216

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
c
prebid.a-mo.net/a/ 		0
236 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
6
server
envoy
vary
origin, Accept-Encoding
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:29 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
bid
s.seedtag.com/c/hb/ 		11 B
29 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
hb-multi
hb.yellowblue.io/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
b7c90e57a0c403e014dacfe79a37c367f6f5a7145f68e9387a4cdc14a59b0b46

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
20
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:29 GMT
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
736bbd8dc168253ee743187c338aa794a66ea301a0ccc4c3f1e3ced911d9c9c1

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
314
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:29 GMT
bid
ap.lijit.com/rtb/ 		95 B
505 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
d51190b1aad415b12f661f7a7c6070f7a2567c09406dd505fe0c8f75d3f4d756

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
491 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a101fef36d1bec286041b198d47b15ca6c26ef251731f05fe9511cc3d9b68b12

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oy9u11VLumUP%2BbXtcCiRHBHTF6t7y7fHMQ2l%2B%2Bv7M0wZ0yYLyTD5ErbTuKm22zJV%2FBmHbZBgRH3r%2BscGKWpk8YwXYYgKMWr2GNYRUIfWeL%2BlBg7NlafvQMed516GLAJTNns2UroP"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a25124e9f5380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
accept-ch
sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
imp
g2.gumgum.com/hbid/ 		471 B
684 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668109559&to=-60&aun=if_ay_dsk_ic_1-2__ayManagerEnv__3&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&pv=86356039-c5df-42d2-b0d9-2ae7bb113364&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c635e5911388386f55ff0903a75b9e5fb813c5b9fa8605792a71eb770d604b7d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668109529&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a25124f8223809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668109529&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a25124f8233809-FRA
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:29 GMT
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PNTYD12RWN&gtm=45je3b81v879042239&_p=1700668105787&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1290701813.1700668106&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&dp=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sid=1700668106&sct=1&seg=1&dl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&dt=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&en=page_view&_ee=1&_et=2060&tfd=4990
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
486 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3154dc04519eb8701d1eef9e10ccee5447f52d600dfbabeb1d4cafaf54e28963

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aHjjApNDvviGOdQP7LbNJalQZTufo2ufAi5nwCoU25ojp5UecEHqGWyCTQNlZgSFEpP8csN34G%2Foo3EjMJacKJO87kqjLp5FzrfKU6DYA1zDGgXLHXfDuvic%2FwNygfXZP6AFjCCz"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a251253a73380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
38
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		595 B
629 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_pubcid.org=b332c82c-c394-48c5-9023-425000943a4f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=9411b99e-bb0d-4c0c-b5d2-a27e8a379dcf&l_pb_bid_id=5747a17aa5ba24eb&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=e58d31b8-dddf-46fc-b3e4-d7f04979ea29&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.9399264107829943
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
f6629b195dc3ff1541c5f9e6251060ebd2d6508cc80e45da3046422473604f4f

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
595
expires
Wed, 17 Sep 1975 21:32:10 GMT
imp
g2.gumgum.com/hbid/ 		471 B
684 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668109626&to=-60&aun=if_ay_dsk_ic_1-3__ayManagerEnv__3&pubcid=b332c82c-c394-48c5-9023-425000943a4f&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&pv=86356039-c5df-42d2-b0d9-2ae7bb113364&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c635e5911388386f55ff0903a75b9e5fb813c5b9fa8605792a71eb770d604b7d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:48:29 GMT
hb-mm-multi
hb.minutemedia-prebid.com/ 		85 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.217.228.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-228-107.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
69af23110413b775aa6f388c5984cad1566a5f579847cde65c925fa8547fd9d1

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
82
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
auction
tlx.3lift.com/header/ 		19 B
543 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.182.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-182-172.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
accept-ch
sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width
x-auction-status
29
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
8ee4ef0958a69118b85a99f3dc63981d71e9d027c2bfe51d498e637f18697682

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:28 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
113
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:48:29 GMT
prebid
mp.4dex.io/ 		60 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a251255ade65cc-FRA
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		249 B
548 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
55d2acbe82a59663ebe78e8b99136f5e303d911b2526f42c8727c6cf9eac16e9

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
249
expires
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.155.152.253 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
216.155.152.253.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-5vtp6
hb-multi
hb.yellowblue.io/ 		85 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
d57ae76616cbe8151bf9bbe2eef3a4b7a336bee7ad0ffb3891948bc36da153cf

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
hbjson
grid.bidswitch.net/ 		25 B
369 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.136.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-136-176.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dfb2cc791fb07ef797283ad41a90dad96d540c4fe49c52ad5e5a0c6113efe5ee

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
bid
ap.lijit.com/rtb/ 		95 B
505 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
896188604699d1d7f6e4f1b032d0eb93471e509bc4f51cecff028c74904b0545

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:48:29 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
prebid-request
onetag-sys.com/ 		15 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
/
prebid.dblks.net/openrtb/ 		159 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.179 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
7b6f7190fe9fab27d6cdca11e9c4e626b4e04b71f3402f4527fe42fde3a44d90

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-JZHSugJe4EZKcmKV0YIf075SK60"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
c
prebid.a-mo.net/a/ 		0
210 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:28 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
server
envoy
vary
origin, Accept-Encoding
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
161.35.59.45 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:29 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
/
colossusssp.com/ 		2 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.32.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-32-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
bid
s.seedtag.com/c/hb/ 		11 B
29 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
v1
prg.smartadserver.com/prebid/ 		171 B
564 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
unruly_prebid
targeting.unrulymedia.com/ 		0
164 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
hb
ssc.33across.com/api/v1/ 		67 B
106 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
7ee72de7d82e24f58a41717ca2cae9271a0fe5a137f76ee830ff8a31fa2b2a5f

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
trinity.json
apex.go.sonobi.com/ 		205 B
727 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2262417767e8efe8c5%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=639fe1e6-e8c3-4413-ba95-336d26ea9e56&pv=8ba387ca-09f8-4452-9546-5b9a8e42e265&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22e0f7d6fa-d0b1-4933-89c2-78028d57fd20%22%2C%22pcidDate%22%3A1700668107652%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%229411b99e-bb0d-4c0c-b5d2-a27e8a379dcf%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b332c82c-c394-48c5-9023-425000943a4f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
07d5e648328ba8af5efd5fde054c7189c38c18449c31945553cba0745f2f9131
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:29 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
190
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668109644&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a2512599093809-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=65552ea84d382961&sid=c2b73fd4824f7c1a&pvi=aacd29d367fcaa9e&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668109644&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a25125990c3809-FRA
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:48:29 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans:regular,medium|Material+Icons|Google+Symbols|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:16:19 GMT
x-content-type-options
nosniff
age
509530
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48432
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:40:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 18:16:19 GMT
/
sync.cootlogix.com/api/sync/iframe/ Frame E704 		109 B
422 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
143.244.158.175 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods
GET, HEAD, OPTIONS, POST
access-control-allow-origin
*
content-length
109
content-type
text/html
date
Wed, 22 Nov 2023 15:48:30 GMT
p3p
CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
/
onetag-sys.com/usync/ Frame 7CD1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1700668108515
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
strict-transport-security
max-age=15552000
/
sync.kueezrtb.com/api/sync/iframe/ Frame B1F6 		109 B
422 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.kueezrtb.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
134.122.25.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods
GET, HEAD, OPTIONS, POST
access-control-allow-origin
*
content-length
109
content-type
text/html
date
Wed, 22 Nov 2023 15:48:30 GMT
p3p
CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
checksync.php
contextual.media.net/ Frame 8459 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUK6VG18&prvid=2012%2C2034%2C2033%2C2055%2C2031%2C2030%2C3020%2C251%2C175%2C450%2C2009%2C178%2C233%2C2028%2C3018%2C2027%2C3017%2C214%2C236%2C237%2C117%2C459%2C70%2C97%2C55%2C99%2C77%2C38%2C2022%2C3012%2C3010%2C141%2C262%2C461%2C222%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C9%2C508&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.20.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-22.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
99dc6efbb92e8a11bdaefa83dd1a518c6a015455f0c6ff5c6ef218a562755573
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8418
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:48:30 GMT
expires
Fri, 24 Nov 2023 15:48:30 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
isyn
prebid.a-mo.net/ Frame A0D7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
date
Wed, 22 Nov 2023 15:48:30 GMT
server
envoy
vary
Accept-Encoding
x-envoy-upstream-service-time
1
/
s.0cf.io/ Frame 06E1 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
MISS
cf-ray
82a2512a0d2a2c45-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:30 GMT
expires
Wed, 22 Nov 2023 16:18:30 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vzrmI%2BNT9g7icohBSqqr1Va694wA7ECYWlZydTP0PeSGZxh1OtPpdruZ3i6RELdyZl%2FmZS%2F0XH8MIvg%2FiF8XNdOrVKRvNwW9zBUBapLhayozErJMUmHCDYgjVRNww1kqWXm3UQz%2B%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
beacon
ap.lijit.com/ Frame 278B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13530234
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Wed, 22 Nov 2023 15:48:30 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap3ams1
ixmatch.html
js-sec.indexww.com/um/ Frame 4E7D 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
998
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
82a2512a1fe24d9e-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:48:30 GMT
expires
Wed, 22 Nov 2023 19:48:30 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
sync
cookies.nextmillmedia.com/ Frame 8AC2 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cookies.nextmillmedia.com/sync?type=iframe
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.48.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-48-210.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash
11c4d847faa1a75d75f0ce42414094da93d3fe370b3a245f32d47b67e49d53d2

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
1891
content-type
text/html
date
Wed, 22 Nov 2023 15:48:30 GMT
server
fasthttp
visitormatch
bh.contextweb.com/ Frame 69E6 		27 B
650 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bh.contextweb.com/visitormatch
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
ec2f44e7dbd2ebb1268ac7e7a0602ec2106bc7fd9da17b9012db81be55cbd485
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
content-type
text/html;charset=iso-8859-1
cw-server
bh-deployment-6b57df6cd5-dxwg5
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
usync.html
eus.rubiconproject.com/ Frame D3A1 		281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:48:30 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
iframe
sync.colossusssp.com/ Frame 7317 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.colossusssp.com/iframe?pbjs=1&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.240.155.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/plain
Date
Wed, 22 Nov 2023 15:48:30 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
/
ssc-cms.33across.com/ps/ Frame 1F45 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dUOeOqXmSr7AmkrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined&gpp=&gpp_sid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP005 /
Resource Hash

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
server
33XP005
x-33x-status
2000208
sync
eb2.3lift.com/ Frame 9722 		37 B
140 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:30 GMT
sync
x.bidswitch.net/ 		43 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=themediagrid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.182.127 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-182-127.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
sync
x.bidswitch.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0&google_hm=M2M2MDJiYTgtOTVmZi00NTIzLWJkOWUtOGIyYmViYmNlNmIw
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESELHBaQSAgPZSJZaBb8JmRXo&google_cver=1&ssp=sonobi&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESELHBaQSAgPZSJZaBb8JmRXo&google_cver=1&ssp=sonobi&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
Protocol
H2
Server
3.67.182.127 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-182-127.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:30 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESELHBaQSAgPZSJZaBb8JmRXo&google_cver=1&ssp=sonobi&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
359
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
9.gif
id5-sync.com/s/441/ 		43 B
921 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/s/441/9.gif?puid=&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 15:48:30 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
usync.js
eus.rubiconproject.com/ Frame D3A1 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:30 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28098
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:48 GMT
setuid
pbs.nextmillmedia.com/ Frame C9C2
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dappnexus%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fcookies.nextmillmedia.com%252Fsetuid%253Fbidder%253Dappnexus%2526nmuid%253D%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526u...
  • https://cookies.nextmillmedia.com/setuid?bidder=appnexus&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=1545443793795039788
  • https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1545443793795039788
86 B
395 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1545443793795039788
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1545443793795039788
server
fasthttp
/
ssc-cms.33across.com/ps/ Frame 5FF0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D33XUSERID33X&id=zzz000000000002zzz
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP009 /
Resource Hash

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
server
33XP009
x-33x-status
2000208
prebid
rtb.openx.net/sync/ Frame 2D11 		43 B
245 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dopenx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:30 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
usermatch
ssum-sec.casalemedia.com/ Frame 9639
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=194648&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_pri...
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=19...
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9b8a60c49479edc7ddbe834930108a336c68d6d9206b8f9fd2121d464b0151a

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a2512cdcb7380e-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:30 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ghZIQquHK%2Frm4SjADZEytU8fgmhhk8ka74GVFE1uPgNrs5v0ALzxqBlgBDXyByyM66qszvNlq8jO5H1YjOvvMtIB6U%2Bfmq7z6iHU4FaGpOr47UkyxzEO9BHC0BDfK3w4oIQn5oDT%2Br3U6g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a2512c7a0139e0-FRA
content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zh4sTe5I3rT%2BSTjIzEmeTv2mniyq%2B5C08XM7ugLgohv9f3c%2Bjk%2BjfDcPBfhjqZjWCTdJUEo%2Ff%2F2U5Ud5buRUzYQk0OLGz5iYmv2RUCncxNjpHmAGgNWEux5xWsIz%2BlH%2FnUz1MqKv9ESYxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame C799
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17888&endpoint=us-east&nmuid=
  • https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:48:30 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
location
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
server
AkamaiGHost
setuid
cookies.nextmillmedia.com/ Frame D8DE
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D
  • https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.48.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-48-210.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
server
fasthttp

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:48:29 GMT
location
https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
server
envoy
x-envoy-upstream-service-time
1
ImgSync
image8.pubmatic.com/AdServer/ Frame 5F51 		0
42 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%23PMUID
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
setuid
pbs.nextmillmedia.com/ Frame 5857
Redirect Chain
  • https://csync.loopme.me/?pubid=11364&gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dloopme%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%...
  • https://cookies.nextmillmedia.com/setuid?bidder=loopme&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=b4b334b1-8d89-428f-b3c8-45ad5dcdc43e&gdpr_consent=null&gdpr=null
  • https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=b4b334b1-8d89-428f-b3c8-45ad5dcdc43e
86 B
414 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=b4b334b1-8d89-428f-b3c8-45ad5dcdc43e
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=b4b334b1-8d89-428f-b3c8-45ad5dcdc43e
server
fasthttp
usersync.aspx
dis.criteo.com/dis/ Frame 9639
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=c195c7c3553349cc8713a834ab961e15
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
43 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:30 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
162753
expires
Wed, 22 Nov 2023 00:00:00 GMT

Redirect headers

Location
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Date
Wed, 22 Nov 2023 15:48:31 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
3
crum
dsum-sec.casalemedia.com/ Frame 9639
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZV4izjN8SKKPnqYi3Ijq6QAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKi5uL3ZCKBMTKxEmQ2WeVQ&google_cver=1
43 B
732 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKi5uL3ZCKBMTKxEmQ2WeVQ&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fy8kLNIBLpOU7CPB8Sokc3Mqpmus1oOQuDnCleI5kmW6wrbZjqHQ%2BJlQHu09ud7%2FKrHX4czZZAz1P00VmNegoZJ1uAWCmSco5IfsW4zliv6GiRtyrE%2FRqwwBVwg9scGHcWmtA77Wb8Thaw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a2512dbe41380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:30 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKi5uL3ZCKBMTKxEmQ2WeVQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 9639 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
server
Kestrel
content-length
70
content-type
image/gif
dcm
s.amazon-adsystem.com/ Frame 9639
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4izjN8SKKPnqYi3Ijq6QAADHYAAAIB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4izjN8SKKPnqYi3Ijq6QAADHYAAAIB&gpp=&gpp_sid=&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4izjN8SKKPnqYi3Ijq6QAADHYAAAIB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
96M1YXF2396SRTWGVJ05
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
DFPS4GZYMMG7ME7X1H4Q
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4izjN8SKKPnqYi3Ijq6QAADHYAAAIB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
x.bidswitch.net/ Frame 9639 		43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=index
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.182.127 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-182-127.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
crum
dsum-sec.casalemedia.com/ Frame 9639
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=1545443793795039788
43 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=1545443793795039788
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:30 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VOEAcjtyctLDxHBeLgZSL5wx6E2k8sBv0Kqdc8hNqovwFOnbGHkSyO%2Fk78TkKf1ja6LZ1Fumeb9fklUkRFn2UJIKQiySHmpVt0rDBMa4eGnn5dYE44wCQIKIamhPAjaHbu9IgxrW%2FCUpSA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a2512d7dd4380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:30 GMT
an-x-request-uuid
230ef285-4355-4e80-b09b-355219bb500f
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=1545443793795039788
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
user-registering
ads.stickyadstv.com/ Frame 9639 		43 B
655 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=1025&userId=ZV4izjN8SKKPnqYi3Ijq6QAADHYAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2607:ae80:192:1::172 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
x-sticky-vk
1700668111018071-408
crum
dsum-sec.casalemedia.com/ Frame 9639
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4izjN8SKKPnqYi3Ijq6QAA%263190
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&tc=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&tc=1
43 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&tc=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fuitl4n%2BhiDO410ukDksHgHc3U7HlZwTcJXUGsq7RghuMPrbFnsO5TIwHXK3qi2pt%2BP7GVNif8CIJy%2FaPC83tqefE6fmeMcP8F%2FCBF0NjhtueUoY3KjCyq2YzVWLXrM6Jp9P10%2F8JsrtyA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a2512eaf9e380e-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4izjN8SKKPnqYi3Ijq6QAA%263190&tc=1
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT, Wed, 22 Nov 2023 15:48:31 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
setuid
pbs.nextmillmedia.com/ Frame 9639
Redirect Chain
  • https://cookies.nextmillmedia.com/setuid?bidder=ix&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=ZV4izjN8SKKPnqYi3Ijq6QAA%263190
  • https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4izjN8SKKPnqYi3Ijq6QAA&3190
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4izjN8SKKPnqYi3Ijq6QAA&3190
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
34.236.226.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-226-253.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type
text/html
pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
vary
Origin
expires
0

Redirect headers

location
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4izjN8SKKPnqYi3Ijq6QAA&3190
date
Wed, 22 Nov 2023 15:48:30 GMT
server
fasthttp
content-length
0
getuidj
ib.adnxs.com/ Frame 06E1
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/getuidj
29 B
702 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
73d29c9519e905d7ba4306bed124c06d94d698dd41ebf193b37e8661e72b6c0d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:30 GMT
an-x-request-uuid
6991f659-6d61-43d0-8f75-cfdc48aaf9d3
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:30 GMT
an-x-request-uuid
c52b0ccc-4716-4c17-a47d-8ee8c82f1f97
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
s.0cf.io/ Frame BBB7
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D76%26uid%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D76%26uid%3D%24UID
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512db8ab68eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NCVPvZ88qJpE2qsdoZyId6maMIYFPJKoO5Izfybf8ADPDIpXl1cyAzZS9V7aPLfO3KGlB3x8YUOC9iLyf0fUdlv5RyfjUzD%2Bas6cJG%2BT7JkfJEmFOD3PVHrr18MNNxsEje7CTAlBqA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=76&uid=2315706245701678289416
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
getuids
prebid-server.rubiconproject.com/ Frame 06E1 		44 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
c7ecaf3e8b86eb8637e07d0cc3d12ad7a6e3babd9d5f852bf685b7a4549c160f

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
70
Expires
0
rid
match.adsrvr.org/track/ Frame 06E1 		63 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
98c8bb7e8194f77206d2ea852f11d568c8336cbb94a1c8c3f894de190bc02f59

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 15:48:31 GMT
connectmyusers.php
cdn.connectad.io/ Frame C749 		1 KB
864 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1810
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a2512dcee8383d-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:48:31 GMT
last-modified
Wed, 22 Nov 2023 15:18:21 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame 738F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame 010F 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ebe260bcdc10b7d665d6854b47acb9da92aa3ab41f3d0009b144d2c30146ed8a

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 15:48:30 GMT
etag
W/"07996bc0798b021a126ca6c537467866e"
server
nginx
timing-allow-origin
*
/
s.0cf.io/ Frame 0A71
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D74%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5166
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512da89c68eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:30 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ckThS0RMiPBwT2ilvEx6lDbROnk1YM52z3MsbvzAQZD2HgKU%2B5WtPlFSPrK6g8BgpE3NLqOSbH54cL%2BmdVpJZ%2B%2FhJC5mbncD1exht1bIJdeHIICMsHehtv%2B6tz1l2YAW2bCyTfcDsw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a2512d5b0c39e0-FRA
content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
expires
0
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=74&uid=ZV4izjN8SKKPnqYi3Ijq6QAA%263190
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sFWot9DCabvbLh77wYDTZzvFKViL%2Fq6eXVVzh1ZeiHDLQgbvZKgcVOhtuhnT0B1ATz9Cgc7qugxemgsWmtD6SyCvLSdT%2FzJnPNRJ1vMxLJJBkW3bNvR0IobPIWOWNxQI1vTU3POt"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
prebid
rtb.openx.net/sync/ Frame 84C6 		43 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:30 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame C1B1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 15:48:30 GMT
X-Sovrn-Pod
ad_ap3ams1
us.gif
sync.go.sonobi.com/ Frame 2540 		49 B
369 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.66 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
x-xss-protection
0
/
s.0cf.io/ Frame A8BB
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmphb?zcc=1&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D&cb=1700668111198
  • https://ad.turn.com/r/cs?pid=45&rndcb=4351327927
  • https://sync.1rx.io/usersync/turn/3980184783441111379?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3DRX-fc3d5993-8717-4bad...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5168
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a25134280068eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:32 GMT
expires
Wed, 22 Nov 2023 16:18:32 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1sYlQ4O7VsYrMmev5CrDNL75uWAq9LmotWRLH8oiSeK5XJ8LT7ItRgj81W%2FP6IA4wW89rlZ9ijXxtiLtBHi9TrT3W3lDfrwt7F%2FkxTTYWmhN2Oq6TmZxZTy4HO8wOCu0f6MIT1lLg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
etag
RXfc3d599387174badb92cb0d7c209b021003
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=22&uid=RX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
occ
ups.analytics.yahoo.com/ups/58448/ Frame C0DE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=9392916d6cd9d2477%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 15:48:31 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
/
s.0cf.io/ Frame BCC9
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D81%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5166
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512da89768eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:30 GMT
expires
Wed, 22 Nov 2023 16:18:30 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uQnIFTfy9%2F2kW5Ud4GVPVL3uZ6%2B8SagOl0R1zzKwKrPqlTka3QRapa86ObYh1%2Ft3vyoh%2BsXH9jXbjLjDufS%2BjMZXqU0rufGWLEU7qJqIi7PMmus4ZY3eYErwCXA7eGji3Qv%2Foum0kw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=81&uid=?gdpr=0&gdpr_consent=0
server
envoy
x-envoy-upstream-service-time
1
/
onetag-sys.com/usync/ Frame 29EE 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame 06E1 		9 B
291 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.113.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-113-40.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame 0999 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP008 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
server
33XP008
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame 3E26 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
/
s.0cf.io/ Frame 268C
Redirect Chain
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D21%26uid%3D%25%25VGUID%25%25
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512db8b468eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7YuOHv25slOOIQiOoGvKFMEgspytOv34g8wlmbBNIiIlZpSrYpEmLolg5m7hmeIPfRXch42OglCg2ZVvNIw2UaClpMnQFkEo8xWkak6%2B4IK0gPC%2FZAUVESXb9Wohy8L%2BrgrUi9kVRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
cw-server
bh-deployment-6b57df6cd5-dxwg5
expires
-1
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=21&uid=DT2zZN36uCNP&ev=1&pid=561205
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
v1
match.sharethrough.com/universal/ Frame 0D04 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.64.136.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-136-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
/
s.0cf.io/ Frame E001
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D82%26uid%3D%5Bssb_s...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512efa5568eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nJ1D9dhTmVRnNXj3AQyXp%2BS%2FVqg8bKb6kjM4wDnypFa%2FVd7bl1GHxzJoXqiL7hta8P6gLYxaRDTYglMWQlcXPbdGgFgV8nc7SwN62SqowODA2j6c9%2FBZdnDOHNjR8EUa%2FPX8%2B4jfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=82&uid=6287856822224999641
/
s.0cf.io/ps/ Frame F645
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=9392916d6cd9d24&dbid=9392916d6cd9d24
  • https://s.0cf.io/ps/?dbid=9392916d6cd9d24
2 B
487 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
MISS
cf-ray
82a2512e393968eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOqsBor1RMTjjraJ3RDdLpuHRPeVkmqxrttqLF91nFgr3UoNVmTQa%2BDGuZitca12nPB0dWYJ%2BVRzapW0Cd2hvl4QWJzDAjCy3lLNlUU6Heyf1%2B3951buCkZ0zCjqoyGcL%2Bbh3bdzZA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
315
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=9392916d6cd9d24#ps=true&id=666&uid=CAESEM99tN-hM8KH1-Q_njPR5d8&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
/
s.0cf.io/ Frame CE18
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D61%26uid%3D%5BMM_UUID%5D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512e999e68eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XjZpc8loaJIhToglXP2hyiIYdeedyz%2Fk7riHTchXL84iIYgPxYw8DylVihUgNfvOedoP%2BSS8F8%2FbNO0M9WKofAl93qh%2BIK8DCdyMigBDKbQMtsCloNEM7JhgHQ9J5RaTQhXyOyoX9g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:48:31 GMT
Expires
Wed, 22 Nov 2023 15:48:30 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 1143 599e619 master zrh zrh-pixel-x5 config_version:"941"
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=61&uid=b7c8655e-22d0-4a00-83cd-c438716ad67b&gdpr=0&gdpr_consent=0
/
s.0cf.io/ Frame A33B
Redirect Chain
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a251305bc568eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cCK%2F4UOeRbL91CKBWM4G1ckfaUjHSHX1T2Awq3%2Bfvt2LsfrElHwH0Rq0H6Q0a%2B6fxgw8VKDGJbMnuboKvZk%2F8B1eStYnWR4t4kgMDaKcSh38xMwwk6nNsFP2wPu4PP%2FCSBqli9C4%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
154
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 15:48:31 GMT
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=88&uid=0000EEA
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
pragma
no-cache
server
Apache
strict-transport-security
max-age=86400 ; includeSubDomains max-age=604800
x-mnet-hl2
E
usync.js
eus.rubiconproject.com/ Frame C799 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:30 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28098
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:48 GMT
khaos.json
token.rubiconproject.com/ Frame D3A1 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
5b959e9b7aef6dd90a6fa539ca64ac62
Expires
0
usersync
usersync.gumgum.com/ Frame 010F
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
an-x-request-uuid
ce8e144f-796d-416c-87db-a6f94ac32a10
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame 010F
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=
  • https://pm.w55c.net/ping_match.gif?st=bidswitch&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D79%26user_id%3D_wfivefivec_%26expires%3D30%26ssp%3Dgumgum2%26bsw_param%3D3c602ba8-95ff-4523-bd9e-8b2bebb...
  • https://pm.w55c.net/ping_match.gif?scc=1&st=bidswitch&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D79%26user_id%3D_wfivefivec_%26expires%3D30%26ssp%3Dgumgum2%26bsw_param%3D3c602ba8-95ff-4523-bd9e-8...
  • https://x.bidswitch.net/sync?dsp_id=79&user_id=7cDW6F0b1R5PsP5&expires=30&ssp=gumgum2&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=79&user_id=7cDW6F0b1R5PsP5&expires=30&ssp=gumgum2&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Server
3.67.182.127 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-182-127.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:30 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-091a6d662d9a132c7@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location
https://x.bidswitch.net/sync?dsp_id=79&user_id=7cDW6F0b1R5PsP5&expires=30&ssp=gumgum2&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
usersync
usersync.gumgum.com/ Frame 010F
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 15:48:31 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame 010F
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Date
Wed, 22 Nov 2023 15:48:31 GMT
Connection
keep-alive
Content-Length
127
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 010F 		43 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:be7c:8786:5b47:1e53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame 010F
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=ab8388f9-d33a-4930-8378-1e22658249d4
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=ab8388f9-d33a-4930-8378-1e22658249d4
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=ab8388f9-d33a-4930-8378-1e22658249d4
Date
Wed, 22 Nov 2023 15:48:31 GMT
Connection
keep-alive
X-CI-RTID
c569722d-aa8e-422c-9b08-c0b1b2bcfb3c
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame 010F 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
content-length
0
server
a
usersync
usersync.gumgum.com/ Frame 010F
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame 010F
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=SCwo1gnItI5o&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=SCwo1gnItI5o&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=SCwo1gnItI5o&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-dxwg5
expires
-1
usersync
usersync.gumgum.com/ Frame 010F
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
date
Wed, 22 Nov 2023 15:48:30 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame D2AB
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame 953A 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yYmNkMjI3OC1hNzU2LTQ2ZTAtYjNkOC0yZDcyZGVmMGQ1NjQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0C6A 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=97683
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Thu, 23 Nov 2023 18:56:34 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 4BF9 		70 B
149 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame 78DB
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4iz8Co8YUAAAwSZa0AAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4iz8Co8YUAAAwSZa0AAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:48:31 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 15:48:31 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4iz8Co8YUAAAwSZa0AAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
2
X-SO-Cluster-ID
0
X-SO-HostName
a-ad40024.dc2p.scaleout.jp
X-SO-IP
84.19.175.183
X-SO-Key
ZV4iz8Co8YUAAAwSZa0AAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4iz8Co8YUAAAwSZa0AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40024"}
X-SO-LB-Hostname
m-tgng33.dc4p.scaleout.jp
X-SO-Upstream-ID
a-ad40024
usersync
usersync.gumgum.com/ Frame D6C9
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:48:31 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT Wed, 22 Nov 2023 15:48:31 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame 94B0
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:48:31 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
/
s.0cf.io/ Frame 45D2 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512e292068eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDs%2B3uQqiuPcP2NTPDyQcJLr6xSvfevxGx3XoUKGcIRAa9%2BxpLDWuf4%2BdjlfV7zOEBI7oShL011JPFQ68LeFlFmbR9fX9XS7D0rOZbS5GOc3tQavchaFR4t85Vzb1pqS1HaHET3w6A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
1
sync-eu.connectad.io/syncer/ Frame 95D9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: cdn.connectad.io
URL: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://cdn.connectad.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
82a2512e5fd3383d-FRA
date
Wed, 22 Nov 2023 15:48:31 GMT
server
cloudflare
usync.js
eus.rubiconproject.com/ Frame 94B0 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:31 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28097
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:48 GMT
getuidj
ib.adnxs.com/ Frame BCC9
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/getuidj
29 B
701 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
73d29c9519e905d7ba4306bed124c06d94d698dd41ebf193b37e8661e72b6c0d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
an-x-request-uuid
0f02b5b1-a099-4eb1-b1ca-1c8376c33598
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
an-x-request-uuid
9f880d0c-d425-4342-8ff3-114137f4569b
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
s.0cf.io/ Frame F0CD
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D76%26uid%3D%24UID
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512f6ad568eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wjDz4zq6wycWYdhkN1W33%2FxJaDJTmWjmfs9RjjJhznMRz40VGyduoPKUZV5tCXToAGl0ykXqXT9b99Zt2P6AiauFS7xGipCg4t0vWfwEzkVA7cuWvEHR2ozTDFnOx0nUEGqc%2BsTAPg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=76&uid=2315706245701678289416
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
getuids
prebid-server.rubiconproject.com/ Frame BCC9 		44 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
c7ecaf3e8b86eb8637e07d0cc3d12ad7a6e3babd9d5f852bf685b7a4549c160f

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
70
Expires
0
rid
match.adsrvr.org/track/ Frame BCC9 		63 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
98c8bb7e8194f77206d2ea852f11d568c8336cbb94a1c8c3f894de190bc02f59

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 15:48:31 GMT
connectmyusers.php
cdn.connectad.io/ Frame A5CC 		1 KB
715 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1810
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a2512f28e1383d-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:48:31 GMT
last-modified
Wed, 22 Nov 2023 15:18:21 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame 4199 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame F7EC 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ebe260bcdc10b7d665d6854b47acb9da92aa3ab41f3d0009b144d2c30146ed8a

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 15:48:31 GMT
etag
W/"07996bc0798b021a126ca6c537467866e"
server
nginx
timing-allow-origin
*
/
s.0cf.io/ Frame ABF8
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D74%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512f9b0668eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HIShJ4KCRSSt3HgnEOabj1aCYlB7byjK0BaGG0eo%2BS%2FlOiOOnkC3zjvdfI3%2FWoedj6W32OcnpyaHjrCWIkHg9V6PY0Ae9TcIcL4%2B8Une1%2Bkh4sbFqBtvX8oUdVopwG%2Bf5yhkP5VJ%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a2512f3860380e-FRA
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=74&uid=ZV4izjN8SKKPnqYi3Ijq6QAA%263190
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZuIlu0BNbbFm9uEZ1ncfpjAtimAsz5wDajxKP2rv6UKu58T1jXkgTd8ZlDzb7cJc829JyaIdWX%2FBdpcxhZre%2BKqK%2FlHoCaAOJfxJ9edMsHCBzEj1UJniPM8OGD6VqJb%2Fh425wMQd"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
prebid
rtb.openx.net/sync/ Frame 1E7C 		43 B
58 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame 72B5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 15:48:31 GMT
X-Sovrn-Pod
ad_ap3ams1
us.gif
sync.go.sonobi.com/ Frame 3C20 		49 B
368 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.66 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
x-xss-protection
0
/
s.0cf.io/ Frame 0128
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://ad.turn.com/r/cs?pid=45&rndcb=7343032643
  • https://sync.1rx.io/usersync/turn/3908127189403183443?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3DRX-fc3d5993-8717-4bad...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5168
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a25134280568eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:32 GMT
expires
Wed, 22 Nov 2023 16:18:32 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z86Lo8f6zedxQNoSFD%2Fsu5gZueZIHoEROBZzC7ss%2BoOYfh3DgSyiQu8PVcvfJ12jIaThh2ezOmKfo86kQ815cKYrK1xICFdozom3dGzpZl2lAnKTUEYuULTqma8bJ7pszWcoNoddlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
etag
RXfc3d599387174badb92cb0d7c209b021003
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=22&uid=RX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
occ
ups.analytics.yahoo.com/ups/58448/ Frame 1C8C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=9392916d6cd9d2477%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 15:48:31 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
/
s.0cf.io/ Frame D4FB
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D81%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512fcb3168eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BK5nKfgKDbWPSSWGE65c59UTdXKrZDHNlKMjMlyOhiybffZgHVSbbxYKppDVfW50j7%2BJcXa0fQRI5%2FXNn2XrJPYEXuaaysoBsA%2BdpBYO0LsTsZEuGeFi8dauF%2Fw9QFwrhBKbG3gfjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=81&uid=?gdpr=0&gdpr_consent=0
server
envoy
x-envoy-upstream-service-time
1
/
onetag-sys.com/usync/ Frame 2359 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame BCC9 		9 B
290 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.113.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-113-40.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame 75D2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP019 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
server
33XP019
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame EBD9 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
/
s.0cf.io/ Frame D8A6
Redirect Chain
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D21%26uid%3D%25%25VGUID%25%25
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512fdb4768eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HyKM2vsp5wnlWr3wlHueG%2FdoUCsFMQMvoeEgnAbLY5BYbCBfPKGUiQVFxpJP4QBnVa%2F%2BNmAFE%2Fi2LOVNLRaRl%2FfdKQymQHmxhXDBY%2BYWf1LtnZ2w9tB4IF7eisTsooZTYJoCdoZWFg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
cw-server
bh-deployment-6b57df6cd5-dxwg5
expires
-1
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=21&uid=WbFqShth6UR5&ev=1&pid=561205
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
v1
match.sharethrough.com/universal/ Frame AF0A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.64.136.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-136-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
/
s.0cf.io/ Frame A0A7
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D82%26uid%3D%5Bssb_s...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512fcb3368eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xHa9YNvB6brjW2kglj30KmEGDrZgCakXnTZk0Gr9JlwRQTUF8FxHt8MLJYil2LtRDQTRUUcMC7Eh9OjNFZO1D2%2BgWfKuKtLtzgWgOQCtBgmfCA4fSvMMEL4ByZ4TciZrhy5Tqyehpw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=82&uid=5380650379442443446
/
s.0cf.io/ps/ Frame 2BD5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=9392916d6cd9d24&dbid=9392916d6cd9d24
  • https://s.0cf.io/ps/?dbid=9392916d6cd9d24
2 B
485 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a251308bf768eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tgs98zku5zynTH9XhMoAxaNIp17Mt3zphNLiT9JhUfieTYtVbrC1hE06%2FzYJ9Ocu3VijBeK3rZQMIyPYJuD6FVxKpW3R%2FZIUvJq4F9jrmHS18YVa7fKhZeYHQXa%2Fa0V8inX4uDaqew%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
315
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=9392916d6cd9d24#ps=true&id=666&uid=CAESEM99tN-hM8KH1-Q_njPR5d8&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
/
s.0cf.io/ Frame CD93
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D61%26uid%3D%5BMM_UUID%5D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a2512feb4d68eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s53XNxUa%2BCNxVTlY7MPWh8IdIoUjsrgLaPvaP9Ph9dJslrNDCcPwVK94qxsidb%2FTFCnLObnNR6xzwkpz5AyVaYDeRztwhoEWley0Bl%2FHf8LhjOiJmQycIPBUaH2cJvPuO0mbJ7mdMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:48:31 GMT
Expires
Wed, 22 Nov 2023 15:48:30 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 1143 599e619 master zrh zrh-pixel-x4 config_version:"941"
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=61&uid=b7c8655e-22d0-4a00-83cd-c438716ad67b&gdpr=0&gdpr_consent=0
/
s.0cf.io/ Frame A0EB
Redirect Chain
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a251313ccd68eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNN2oNXMt2gu8%2Bmqu8%2FNhDINZiQkufFl4GbjhgEH217o7Vl0rSVMBAzBB98T0puUy%2F%2Fg5nzp%2FZYnFYkGeIVDQFvlMHUoCdfO5jPqknoyw%2Bw8jF2MhaZsua9AG%2Blu%2B%2FodBLYjVTFb8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
154
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 15:48:31 GMT
location
https://s.0cf.io/#ps=true&dbid=9392916d6cd9d24&id=88&uid=0000EEA
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
pragma
no-cache
server
Apache
strict-transport-security
max-age=86400 ; includeSubDomains max-age=604800
x-mnet-hl2
E
usersync
usersync.gumgum.com/ Frame F7EC
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
an-x-request-uuid
a0b24381-0701-4c5d-b456-27d1c42bdea7
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
p-zLwwakwy-hZw3.gif
cms.quantserve.com/pixel/ Frame F7EC
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=
  • https://cms.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=gumgum2&gdpr=0&gdpr_consent=0
0
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=gumgum2&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Server
2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

location
//cms.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=gumgum2&gdpr=0&gdpr_consent=0
date
Wed, 22 Nov 2023 15:48:31 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
usersync
usersync.gumgum.com/ Frame F7EC
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 15:48:31 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame F7EC
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Date
Wed, 22 Nov 2023 15:48:31 GMT
Connection
keep-alive
Content-Length
127
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame F7EC 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:be7c:8786:5b47:1e53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame F7EC
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e
Date
Wed, 22 Nov 2023 15:48:31 GMT
Connection
keep-alive
X-CI-RTID
e86aaa7f-8142-446b-b14b-52144f12a7a1
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame F7EC 		0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
content-length
0
server
a
usersync
usersync.gumgum.com/ Frame F7EC
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame F7EC
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=RgdjzAZh7JkH&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=RgdjzAZh7JkH&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=RgdjzAZh7JkH&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-dxwg5
expires
-1
usersync
usersync.gumgum.com/ Frame F7EC
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
date
Wed, 22 Nov 2023 15:48:31 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 7D0D
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame D7C0 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yYmNkMjI3OC1hNzU2LTQ2ZTAtYjNkOC0yZDcyZGVmMGQ1NjQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E327 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=97683
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Thu, 23 Nov 2023 18:56:34 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame F496 		70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame F3B8
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8X0AABYOYAkAAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8X0AABYOYAkAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:48:32 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 15:48:32 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8X0AABYOYAkAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
3
X-SO-Cluster-ID
0
X-SO-HostName
a-ad40316.dc2p.scaleout.jp
X-SO-IP
84.19.175.183
X-SO-Key
ZV4i0MCo8X0AABYOYAkAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4i0MCo8X0AABYOYAkAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40316"}
X-SO-LB-Hostname
m-tgng25.dc4p.scaleout.jp
X-SO-Upstream-ID
a-ad40316
PugMaster
image6.pubmatic.com/AdServer/ Frame 0C6A 		0
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=52481832&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:30 GMT
content-length
0
usersync
usersync.gumgum.com/ Frame 6B3D
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:48:31 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT Wed, 22 Nov 2023 15:48:31 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame 1C7E
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:48:31 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
/
s.0cf.io/ Frame 07B6 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5167
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a25130bc3368eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FV8oZ6T9nDoUYzBU3Ps78mM0%2FW1fMQ86pDVfwGJNdFlh7W5VbIe%2FPhMcSs1Vwr%2B%2Ft6Gmg71d3insA%2FtW9o6hBhFp8977HVDamfMnFaF%2FFNIMNvhTIPCPM6LOjeSqnGUQ5qPhWGyO8w%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
khaos.json
token.rubiconproject.com/ Frame C799 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
5b959e9b7aef6dd90a6fa539ca64ac62
Expires
0
usync.js
eus.rubiconproject.com/ Frame 1C7E 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:31 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28097
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:48 GMT
putRecords
prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/ 		146 B
373 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/putRecords?encoded=true
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.39.33.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-39-33-138.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
33f14db59ec4d7b730048fdb461f73171b68be733cfc094682a24f9bd5603718

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
x-api-key
79db72eb0b5c7255afa54a253df24fb4a5ac916bf40b51c730df8850aa5665ca
Content-Type
application/json

Response headers

date
Wed, 22 Nov 2023 15:48:32 GMT
x-amzn-trace-id
Root=1-655e22d0-676e8b5e5ea8de296fcc8784
x-amzn-requestid
da175872-2ba6-402b-ac19-193a6ae1e5dc
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
OzpgnF4jvHcEg_Q=
content-length
146
putRecords
prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/putRecords?encoded=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.39.33.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-39-33-138.us-west-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
date
Wed, 22 Nov 2023 15:48:32 GMT
x-amz-apigw-id
OzpglFNdvHcEC-A=
x-amzn-requestid
878ed093-6a7b-4491-8aca-a3b131a81900
getuidj
ib.adnxs.com/ Frame D4FB
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/getuidj
29 B
701 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
73d29c9519e905d7ba4306bed124c06d94d698dd41ebf193b37e8661e72b6c0d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
an-x-request-uuid
9f6c1909-ff19-4585-8250-e5a80e3c25eb
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
an-x-request-uuid
19b759d0-688b-40da-9438-e916048ab4d4
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
getuid
eb2.3lift.com/ Frame ADB9 		0
0
getuids
prebid-server.rubiconproject.com/ Frame D4FB 		44 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
c7ecaf3e8b86eb8637e07d0cc3d12ad7a6e3babd9d5f852bf685b7a4549c160f

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
70
Expires
0
rid
match.adsrvr.org/track/ Frame D4FB 		63 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
98c8bb7e8194f77206d2ea852f11d568c8336cbb94a1c8c3f894de190bc02f59

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 15:48:31 GMT
connectmyusers.php
cdn.connectad.io/ Frame 23E7 		1 KB
867 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1810
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a251321afb1ad4-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:48:31 GMT
last-modified
Wed, 22 Nov 2023 15:18:21 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame DCDB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame 7F91 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ebe260bcdc10b7d665d6854b47acb9da92aa3ab41f3d0009b144d2c30146ed8a

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 15:48:31 GMT
etag
W/"07996bc0798b021a126ca6c537467866e"
server
nginx
timing-allow-origin
*
usermatchredir
ssum.casalemedia.com/ Frame B7B2 		0
0
prebid
rtb.openx.net/sync/ Frame 7F0B 		43 B
58 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame D7FF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.16 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 15:48:31 GMT
X-Sovrn-Pod
ad_ap3ams1
us.gif
sync.go.sonobi.com/ Frame 92AD 		49 B
368 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.66 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-132
x-xss-protection
0
generic
match.adsrvr.org/track/cmf/ Frame 2837
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4581832920
70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4581832920
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
server
Kestrel

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
etag
RXfc3d599387174badb92cb0d7c209b021003
expires
0
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4581832920
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
pragma
no-cache
occ
ups.analytics.yahoo.com/ups/58448/ Frame 6B4D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=9392916d6cd9d2477%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 15:48:31 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
0
prebid.a-mo.net/cchain/ Frame C4CF 		0
0
/
onetag-sys.com/usync/ Frame 7153 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame D4FB 		9 B
290 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.113.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-113-40.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame 05F9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP011 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
server
33XP011
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame DC4C 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 15:48:30 GMT
rtset
bh.contextweb.com/ Frame 0618 		0
0
v1
match.sharethrough.com/universal/ Frame F616 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.64.136.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-136-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
sync
ssbsync-global.smartadserver.com/api/ Frame FCAD 		0
0
/
s.0cf.io/ps/ Frame C99D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=9392916d6cd9d24&dbid=9392916d6cd9d24
  • https://s.0cf.io/ps/?dbid=9392916d6cd9d24
2 B
490 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=9392916d6cd9d24
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a25133efa568eb-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Wed, 22 Nov 2023 16:18:31 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vHrCzBwnJ2SlbOpSz1N6OPaM4%2FWC5H6Id6y%2F9nOO3IYVZmUU6FapJ2T7ekmPLh2kZbPPkcTf4Q9O8iF%2FsrCP5%2BTUKvmSA2KVU1pE3T5nkEVFw1VvPo4MQ6hWTdwQngjwma%2FxWypQkA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
315
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=9392916d6cd9d24#ps=true&id=666&uid=CAESEM99tN-hM8KH1-Q_njPR5d8&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
img
sync.mathtag.com/sync/ Frame 8DA8 		0
0
cksync.php
hbx.media.net/ Frame 0099 		0
0
khaos.json
token.rubiconproject.com/ Frame 94B0 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
5b959e9b7aef6dd90a6fa539ca64ac62
Expires
0
usersync
usersync.gumgum.com/ Frame 7F91
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:31 GMT
an-x-request-uuid
a5cdfc06-eda1-4b24-9bf4-49526d1dccff
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=1545443793795039788
x-proxy-origin
84.19.175.183; 84.19.175.183; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame 7F91
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=
  • https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_user_id=${BSW_USER_UD}&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0&gdpr=0&gdpr_consent=0&gdpr_pd=&us_privacy=
  • https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Server
3.67.182.127 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-182-127.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:32 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

location
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
date
Wed, 22 Nov 2023 15:48:32 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame 7F91
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 15:48:31 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=bed74324-de29-4103-a578-3506bd70e555&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame 7F91
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:32 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-6607cc4c-99b7-5afc-7a38-762df91a68d8$ip$84.19.175.183
Date
Wed, 22 Nov 2023 15:48:31 GMT
Connection
keep-alive
Content-Length
127
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 7F91 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:be7c:8786:5b47:1e53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame 7F91
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:32 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e
Date
Wed, 22 Nov 2023 15:48:31 GMT
Connection
keep-alive
X-CI-RTID
ff02a87e-a969-4b57-9555-934705081c6a
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame 7F91 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:48:31 GMT
content-length
0
server
a
usersync
usersync.gumgum.com/ Frame 7F91
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_2bcd2278-a756-46e0-b3d8-2d72def0d564&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:32 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame 7F91
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=d7WzTRoR6pNl&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=d7WzTRoR6pNl&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=d7WzTRoR6pNl&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-dxwg5
expires
-1
usersync
usersync.gumgum.com/ Frame 7F91
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:48:31 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=5380650379442443446
date
Wed, 22 Nov 2023 15:48:31 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 7B75
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.224.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-224-53.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=8716181596310505629&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame A7EC 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yYmNkMjI3OC1hNzU2LTQ2ZTAtYjNkOC0yZDcyZGVmMGQ1NjQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame EE78 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=97683
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 15:48:31 GMT
expires
Thu, 23 Nov 2023 18:56:34 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 341C 		70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 15:48:31 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame D3F2
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8YUAAAwSZb4AAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8YUAAAwSZb4AAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:48:32 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 15:48:32 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4i0MCo8YUAAAwSZb4AAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
2
X-SO-Cluster-ID
0
X-SO-HostName
a-ad40096.dc2p.scaleout.jp
X-SO-IP
84.19.175.183
X-SO-Key
ZV4i0MCo8YUAAAwSZb4AAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4i0MCo8YUAAAwSZb4AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40096"}
X-SO-LB-Hostname
m-tgng33.dc4p.scaleout.jp
X-SO-Upstream-ID
a-ad40096
usersync
usersync.gumgum.com/ Frame A848
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:48:32 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT Wed, 22 Nov 2023 15:48:31 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=qwMZjMmKAwo4fQZ21umU_ZlYRWt8PSq91oL3zb5usQU&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame DA4D
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:48:32 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 15:48:31 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
usync.js
eus.rubiconproject.com/ Frame DA4D 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:48:32 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28096
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:48 GMT
khaos.json
token.rubiconproject.com/ Frame 1C7E 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
5b959e9b7aef6dd90a6fa539ca64ac62
Expires
0
khaos.json
token.rubiconproject.com/ Frame DA4D 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
5b959e9b7aef6dd90a6fa539ca64ac62
Expires
0
/
dblksync.dblks.net/dblksync/ Frame 57A7 		20 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dblksync.dblks.net/dblksync/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312113734-309881-17974-3&id=9392916d6cd9d24&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:861f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
3658
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
82a2513a9aa43c8d-CDG
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:33 GMT
last-modified
Tue, 14 Nov 2023 18:39:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zWnI4JjzIlj%2FzdgLMNUqueNecdRG9B%2F7%2BdnZjGZPDlN6IF6asXV3LsSsJAeq6brwne%2F6TNyHdYpIWHZ3amdV83Ykam8m5H%2BYurH%2BayGpT6nY%2B5DI%2BlXXuU7DaxzZMdA4TvB1sVO2Mhta%2FElxpNt4b8E%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
/
dblksync.dblks.net/dblksync/ Frame 41AE 		20 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dblksync.dblks.net/dblksync/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:861f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
3658
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
82a2513bdc7a3c8d-CDG
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:33 GMT
last-modified
Tue, 14 Nov 2023 18:39:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=09sNwfS7upyQqqWcjbrv1OS4ERdDaUBAnykb58CH%2BcNG3TyhNFp%2FbXCipmUzK8WuVbY7sLSQ5UiHVhofmamKrPPaNe55IWsk1h6yfLyMUwJ5ZHmMfp%2BMNkOU9TxnmdIRFRLkYQX%2F6VfFDHPkIULOs7w%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
/
dblksync.dblks.net/dblksync/ Frame 349E 		20 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dblksync.dblks.net/dblksync/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:861f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
3645
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
82a2513ecbd0913d-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:48:33 GMT
last-modified
Tue, 14 Nov 2023 18:39:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d9WUwE%2FGqeu3jWpao3PJHAggUvyJ2rTPEZpgRaELz3TOIIJhSzTlGBB4GAw7DpAzyiYG3po0PFEnW%2BM295yIUmzg7EZ718Icdj76kWYMukt8wNknMAJF6YnJK8V%2FHu5G4prCK3zwAr9WYjoxKuUHha8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
collect
region1.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PNTYD12RWN&gtm=45je3b81v879042239&_p=1700668105787&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=10001&cid=1290701813.1700668106&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=3&dl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&dr=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sid=1700668106&sct=1&seg=1&dt=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&en=page_view&_et=1033&tfd=9991
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:48:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lb.eu-1-id5-sync.com
URL
https://lb.eu-1-id5-sync.com/lb/v1
Domain
eb2.3lift.com
URL
https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D76%26uid%3D%24UID
Domain
ssum.casalemedia.com
URL
https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D74%26uid%3D
Domain
prebid.a-mo.net
URL
https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D81%26uid%3D
Domain
bh.contextweb.com
URL
https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D21%26uid%3D%25%25VGUID%25%25
Domain
ssbsync-global.smartadserver.com
URL
https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D82%26uid%3D%5Bssb_sync_pid%5D
Domain
sync.mathtag.com
URL
https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D61%26uid%3D%5BMM_UUID%5D
Domain
hbx.media.net
URL
https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D88%26uid%3D%3Cvsid%3E

Verdicts & Comments Add Verdict or Comment

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| documentPictureInPicture function| getUrlParameter function| chooseSplitTests function| loadScript object| properSpecialOps string| utm_source undefined| fbCode function| obApi object| __NUXT__ function| tryLoadAssertive function| tryLoadProper object| splitTests object| webpackJsonp object| __core-js_shared__ object| core object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| AdGarden object| dataLayer function| gtag object| assertiveQueue object| $nuxt object| ayManagerEnv object| v_0x5e13 function| v_0x3fb3 object| __vdzworkers__ object| _vdzwgt_ object| scr number| now object| node function| apiObj object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| googletag object| apstag object| _aps boolean| apstagLOADED object| ggeac object| google_js_reporting_queue function| a0Y function| a0t function| a0j object| adsbygoogle object| pbjs object| pbjsl string| aYZcOSkshq object| pbjsChunk object| _pbjsGlobals object| ADAGIO object| mnet function| UAParser object| apscustom object| D9v object| D9r object| confiant object| biddersCPMAdjustment object| assertive object| vdzCmp object| vdzTcf function| onVidazooCallback object| GooglebQhCsO object| nmmRefreshCounts boolean| _assertiveInitialized object| ntv object| _taboola object| OBREvents undefined| google_measure_js_timing string| send object| d9PendingXDR object| sas object| apntag object| _ADAGIO object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| NWMyNTNhZjg1YmVhNTQ0ZGxvYWRlcl9qcw== string| NWMyNTNhZjg1YmVhNTQ0ZGNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady

62 Cookies

Domain/Path Name / Value
pbs.nextmillmedia.com/openrtb2 Name: nmm-ss-cps-usr-exp
Value: "2023-11-23 15:48:27"
pbs.nextmillmedia.com/openrtb2 Name: nmm-ss-cps-usr
Value: 5
i.liadm.com/s Name: _li_ss
Value: CggKBgjdARDHFg
heroinvesting.com/ Name: dicbo_id
Value: %7B%22dicbo_id%22%3A%22v4-4EyY2w7-1079981226%22%7D
.heroinvesting.com/ Name: _ga
Value: GA1.1.1290701813.1700668106
.kueezrtb.com/ Name: kuid
Value: 9d60c1d0fad12dba
.heroinvesting.com/ Name: _gcl_au
Value: 1.1.1665848943.1700668107
.gumgum.com/ Name: cs
Value: true
prebid.a-mo.net/ Name: _Amc_b
Value: 0
.flashtalking.com/ Name: _D9J
Value: d409ffaa32fd480c927f13ad6d0b98a2
.script.ac/ Name: __cf_bm
Value: w4nofwZVwIaIWEbMNNYp8ryfNpQv.mWLHTA0dmg4XYQ-1700668107-0-AblRtr4g+pHr1Ys5a4QDH5RyzwCVlzw8a2hjOuu+3VIjU2jLh7Wobmru3CI57VAnXFtZEV1F2PHcMEmH+x0EufY=
.rubiconproject.com/ Name: khaos
Value: LP9XVQAF-24-3HSV
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qoGtxaFHayceebASkO6QPb7E03ikE5KqM17fdy5ErN6p9FT+H5sVzAZKJFUjzJ2WXfOnA52p/RS1kgcdj94p/MzRmpg/kbyNawijy0RC4Zd8SKPLRELhl3xpmvllXEtYN4=
.go.sonobi.com/ Name: __uis
Value: 6394355d-33bd-452d-bb74-1d0acbb189d4
.go.sonobi.com/ Name: _usd_heroinvesting.com
Value: 8ba387ca-09f8-4452-9546-5b9a8e42e265
.go.sonobi.com/ Name: __uih
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUni533t4z83RAw715S6PQnIEunFMCY4fbGcIMfMGlzlLXd7koOoyllOCaco
.go.sonobi.com/ Name: HAPLB8G
Value: s86132|ZV4i0
.heroinvesting.com/ Name: _ga_PNTYD12RWN
Value: GS1.1.1700668106.1.1.1700668109.0.0.0
.prebid.a-mo.net/ Name: __amc
Value: 9_1700668107_1700668109
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 5f7d808b8dde77ac
.bidswitch.net/ Name: tuuid
Value: 3c602ba8-95ff-4523-bd9e-8b2bebbce6b0
.bidswitch.net/ Name: c
Value: 1700668110
.bidswitch.net/ Name: tuuid_lu
Value: 1700668110
cookies.nextmillmedia.com/ Name: NMUID
Value: csuid_eafa557d-8a48-40e5-bb50-2fbae1f71020
.casalemedia.com/ Name: CMID
Value: ZV4izjN8SKKPnqYi3Ijq6QAA
.casalemedia.com/ Name: CMPS
Value: 3190
.casalemedia.com/ Name: CMPRO
Value: 3190
.adnxs.com/ Name: uuid2
Value: 1545443793795039788
.0cf.io/ Name: _dbid
Value: 9392916d6cd9d24
.3lift.com/ Name: tluid
Value: 2315706245701678289416
.csync.loopme.me/ Name: viewer_token
Value: b4b334b1-8d89-428f-b3c8-45ad5dcdc43e
.gumgum.com/ Name: vst
Value: e_2bcd2278-a756-46e0-b3d8-2d72def0d564
.creativecdn.com/ Name: u
Value: LoF2Y69q6fDq36bdFNLY
.creativecdn.com/ Name: g
Value: LoF2Y69q6fDq36bdFNLY_1700668111014
.creativecdn.com/ Name: ts
Value: 1700668111
cookies.nextmillmedia.com/ Name: syncedBidders
Value: {"appnexus":1}
.mathtag.com/ Name: uuid
Value: b7c8655e-22d0-4a00-83cd-c438716ad67b
.ads.stickyadstv.com/ Name: UID
Value: 241c96c4adc3d751aa46d68c92e93712
.ads.stickyadstv.com/ Name: uid-bp-34673
Value: ZV4izjN8SKKPnqYi3Ijq6QAADHYAAAIB
.openx.net/ Name: i
Value: 9a46d80d-5fbb-46a2-98d5-ed031107d7ee|1700668111
.adform.net/ Name: C
Value: 1
.w55c.net/ Name: wfivefivec
Value: 7cDW6F0b1R5PsP5
pbs.nextmillmedia.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJhZG54cyI6eyJ1aWQiOiIxNTQ1NDQzNzkzNzk1MDM5Nzg4IiwiZXhwaXJlcyI6IjIwMjMtMTItMDZUMTU6NDg6MzEuMTQ4MjY3NzMzWiJ9fX0=
.adform.net/ Name: uid
Value: 8716181596310505629
.w55c.net/ Name: matchbidswitch
Value: 5
.smartadserver.com/ Name: pid
Value: 5380650379442443446
.liadm.com/ Name: lidid
Value: c195c7c3-5533-49cc-8713-a834ab961e15
.amazon-adsystem.com/ Name: ad-id
Value: A9DygGhl2ES4t9hqYRv9kcE
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-6607cc4c-99b7-5afc-7a38-762df91a68d8.GyswUnAcCcNVj%2FsMcwQgDx7JvYptIHTAPzmRMQ3giwY
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-6607cc4c-99b7-5afc-7a38-762df91a68d8.GyswUnAcCcNVj%2FsMcwQgDx7JvYptIHTAPzmRMQ3giwY
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AZgfMTJm3Wvx6OHYt-Rpo2FQTr7c.s3t6CAlHRd4HuzZtHmRZPFwQRlP4pjgDmaIIVXvrqLc
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AZgfMTJm3Wvx6OHYt-Rpo2FQTr7c.s3t6CAlHRd4HuzZtHmRZPFwQRlP4pjgDmaIIVXvrqLc
.turn.com/ Name: uid
Value: 3908127189403183443
.ipredictive.com/ Name: cu
Value: 5fa7aa5c-6d7a-4b4b-a667-ef0b7527581e|1700668111629
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIBzsIsZHvoG0fW3pNiRL49aSYdlJV3gnfKBPMLolaFPDEHwYBCDPxfiqBjABOgRyABfNQgTk5Ljy.TGtHBEkZfYvGwE8MdZEqiq0nqDUq2hGSAkGV%2FJSC1NY
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIBzsIsZHvoG0fW3pNiRL49aSYdlJV3gnfKBPMLolaFPDEHwYBCDPxfiqBjABOgRyABfNQgTk5Ljy.TGtHBEkZfYvGwE8MdZEqiq0nqDUq2hGSAkGV%2FJSC1NY
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003%22%2C%22zdxidn%22%3A%222064%22%2C%22nxtrdr%22%3A%22https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D9392916d6cd9d24%26id%3D22%26uid%3D%5BRX_UUID%5D%22%7D
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-fc3d5993-8717-4bad-b92c-b0d7c209b021-003%22%7D
.dblks.net/ Name: dblksync
Value: {%220%22:%221545443793795039788%22%2C%2270%22:%22LP9XVQAF-24-3HSV%22%2C%221000%22:%229392916d6cd9d24%22}
.dblks.net/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJhZG54cyI6eyJ1aWQiOiIxNTQ1NDQzNzkzNzk1MDM5Nzg4IiwiZXhwaXJlcyI6IjIwMzAtMDktMTlUMTU6MTc6MzQuMjI5OTE4MDgtMDQ6MDAifX19

22 Console Messages

Source Level URL
Text
javascript warning URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js(Line 9)
Message:
Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network error URL: https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg.min.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/forest.min.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.teads.tv
aax.amazon-adsystem.com
ad.turn.com
adgarden.market
ads.pubmatic.com
ads.servenobid.com
ads.stickyadstv.com
amplify.outbrain.com
ap.lijit.com
apex.go.sonobi.com
api.assertcom.de
b1sync.zemanta.com
bh.contextweb.com
bid.contextweb.com
brightcombid.marphezis.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
cadmus.script.ac
cdn.confiant-integrations.net
cdn.connectad.io
cdn.heroinvesting.com
cm.g.doubleclick.net
cms.quantserve.com
colossusssp.com
config.aps.amazon-adsystem.com
contextual.media.net
cookies.nextmillmedia.com
cpm.qortex.ai
creativecdn.com
csync.loopme.me
d9.flashtalking.com
dblksync.dblks.net
dis.criteo.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
exchange.kueezrtb.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
g2.gumgum.com
googleads.g.doubleclick.net
grid.bidswitch.net
gtrack.kueezrtb.com
gum.criteo.com
hb.minutemedia-prebid.com
hb.yellowblue.io
hbx.media.net
heroinvesting.com
htlb.casalemedia.com
i.clean.gg
i.liadm.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
image6.pubmatic.com
image8.pubmatic.com
js-sec.indexww.com
lb.eu-1-id5-sync.com
lexicon.33across.com
match.adsrvr.org
match.deepintent.com
match.sharethrough.com
mp.4dex.io
onetag-sys.com
pbs.nextmillmedia.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
prebid-server.rubiconproject.com
prebid.a-mo.net
prebid.cootlogix.com
prebid.dblks.net
prebid.media.net
prg.smartadserver.com
prod.tahoe-analytics.publishers.advertising.a2z.com
region1.google-analytics.com
report2.hb.brainlyads.com
rtb.gumgum.com
rtb.openx.net
s.0cf.io
s.amazon-adsystem.com
s.seedtag.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.kueezrtb.com
static.vidazoo.com
sync-eu.connectad.io
sync.1rx.io
sync.colossusssp.com
sync.cootlogix.com
sync.go.sonobi.com
sync.ipredictive.com
sync.kueezrtb.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
targeting.unrulymedia.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tr.outbrain.com
track.kueezrtb.com
u.ipw.metadsp.co.uk
u.kueezrtb.com
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vrl9rgsahh7mx6ndn.ay.delivery
wave.outbrain.com
www.google.com
www.google.de
www.googletagmanager.com
x.bidswitch.net
bh.contextweb.com
eb2.3lift.com
hbx.media.net
lb.eu-1-id5-sync.com
prebid.a-mo.net
ssbsync-global.smartadserver.com
ssum.casalemedia.com
sync.mathtag.com
104.18.38.76
108.138.1.25
124.146.153.170
134.122.25.254
142.250.186.130
143.244.158.175
145.40.97.66
161.35.59.45
162.19.138.120
169.197.150.7
172.240.155.68
172.64.151.101
173.237.69.68
176.34.182.11
178.128.135.204
178.250.1.9
18.196.182.172
18.202.39.252
184.30.20.22
185.184.8.90
185.29.132.241
185.64.190.78
185.64.190.79
185.86.138.16
185.89.210.46
199.212.255.179
2.19.100.239
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
208.93.169.131
213.239.211.175
216.155.152.253
216.52.2.16
23.218.209.56
23.218.210.30
23.35.236.201
23.35.237.86
23.56.202.187
2600:9000:223f:b600:3:6d3c:dac0:93a1
2600:9000:2251:400:6:1c12:bd80:93a1
2602:803:c003:200::45
2606:4700:10::6816:37ce
2606:4700:10::ac43:15e8
2606:4700:20::681a:9a9
2606:4700:3034::6815:1d0d
2606:4700:4400::6812:2b5a
2606:4700:4400::ac40:994e
2606:4700::6812:1691
2606:4700::6812:751
2606:4700:e2::ac40:861f
2606:4700:e2::ac40:8a0c
2606:4700:e2::ac40:8f15
2607:ae80:192:1::172
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:80b::200e
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::2004
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a02:2638:3::c
2a02:fa8:8806:12::1370
2a05:d018:d29:3602:be7c:8786:5b47:1e53
3.125.12.15
3.126.136.176
3.127.32.39
3.64.136.60
3.67.182.127
3.71.149.231
34.120.63.153
34.149.20.76
34.149.50.64
34.236.226.253
34.95.69.49
35.210.239.72
35.214.146.66
35.227.252.103
35.244.159.8
35.244.193.51
35.71.131.137
37.157.2.229
38.133.127.95
44.212.103.88
46.228.174.115
46.228.174.117
51.89.9.254
52.210.15.1
52.222.239.116
52.39.33.138
52.46.143.56
54.144.184.12
54.165.29.149
54.175.48.210
54.217.228.107
54.247.19.59
54.72.113.40
54.72.224.53
54.84.92.154
64.202.112.223
67.202.105.24
69.166.1.66
69.166.1.9
69.173.144.137
69.173.144.138
76.223.111.18
77.245.57.72
81.17.55.109
81.17.55.171
99.86.4.30
008820dd4613fc0396d7eaf2a17ca272ffa9f10636a72c2534f4de50e34ac8f2
00891c993c2349ad44c776c5c315a0f22f29852822e53d3ce5fea26491126990
011461c1c6f5df3ae6c896f8337fd8313df8e1cc3138edd02f35616758d0e875
02179f1c89392189425d4158903d82f95820bdc26d27126f39fc59c8c0e4d31d
025075bd3dbbe75bb70124872c67e8ed13f5654e21aefe42e50e7c9587bf18d5
02b6a4cea9e3cb9cae8bc6e8823137f630bc4bba3034e991aad496a143f9607e
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05bf2ab251381493728b17ba51a3c902bd50938b723cadcbb035041f8fd684a2
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07d5e648328ba8af5efd5fde054c7189c38c18449c31945553cba0745f2f9131
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c945aa0bb5ba5a939754f316628f652efd88279fdba1fda70102f12984e7c9f
0cff03129f16a73a8ff89d06578b0b1a1127bddb582fd05f0ab62f8ccc6b62f7
0dbb50b756fea5b251ca8c20be90a5b8e08869bebdec3fdd1ff5da14bb6879f3
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0fbee40d848d6df79b375ca87bdb53f4e97bfb3c6dc2a1d03cb8fd74a395eca4
0ffcdfacfa747ec1af447e1e5602e8be7d8d168c1b065845e77a67ffba77b594
111041158b9290ae7cc0c6da69d7c4f5600e8a73b4c7399d675df7f15ba7b063
113fa3cd708b6186a2e7356cc0f7cc8294276095ab899e62cbce5ac560f7921b
11c4d847faa1a75d75f0ce42414094da93d3fe370b3a245f32d47b67e49d53d2
12c2c5879869f4df381804a5ce8d962523039494efae426ee339bb18d136d331
14d22863f81913af3ca2a5898aa24ed30986b97fb5a7f981e6e26c0c7140a139
150acbeb902a9852750f36ea1f7762fdfcff6787c6f4cfc5be83b93f0aeb97b5
170bc11af226a2e78686313edbf778bcdf619ecf852713be07feb599bac44bb9
1b5c06cadd765897bf56be7c472bc60b5c8e5e6e5d2bb480be593c4f25dd0e6c
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1d333415854e443becadf60ae01de769b5ec13d0f76c7d5c4ae811f110df35a4
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
206a96a2f91f0f9af16833e871fe5adbfa19bbc0b6f26ee88a913828dfd3c5c8
21a1d627f87cdf503961420c198b2bcc9993f88235210d85186824b823e96d0d
23af93c9b164275cac4f0854507fbd3cf31ae07b91538cad58d49ed8fabe443a
2414badced0e65e0d68b7fbe36506f936f39d76ac7506e9a3fc3480a7ce652a0
2444153f4032d2809300408111c8f486abea4c15033ebf33eb81d2c1903cc206
25fb834c2128d55a8db065e813c0fbc3fc7b49799c3e46e5d787a6de2819762c
26a2294cc71f66729c948706153dbabad32ef2bf12083f8c21b600c0d4086c28
277605817a73bc3b4cf9f806d43e1c94bfa4906f49162cb62fb15a3d79275d34
2829996a9003e519fa88c9a1908659d2de54325da2c645141b28119d4e213dfd
288d1aff6b40d91889a5f0efc906a5316d3f732641f32462f2ec4dd854f55981
28f0a3dd6e172f63928f58dd1153842750e3696f9f5375e123a54aa3cd706c0f
28fb716e83da311b8a144812eb1f79f885745346c61ddb9e0994757c5f81ac01
2bdd5e9e7a67f74ba55a535f222fb309b1062022241c1c3c5253b94192d6ac8e
2d1ff3976b3b7aa422dbb426f453a7a2932a9b7ae033b0803910922f4bbb17ef
2d4ab63b0c59a3ced8c7f036bb3263425b15847610dcb238c913e8c8da57cf06
2d6a5472471dd20b6d598cfee114748ab11db7f5962bca9854cf92b21b96db49
30721f4eb0aa9abccd13ec57b290ae8a0dfbc97b6ea72ae13e1175141f3ef1a0
3154dc04519eb8701d1eef9e10ccee5447f52d600dfbabeb1d4cafaf54e28963
33a9bbbf2ffab477f4e007d757dec2d21c5130a1ab5103eae0cc1afbb1b15130
33f14db59ec4d7b730048fdb461f73171b68be733cfc094682a24f9bd5603718
3b7dc91e90632be200cdd0735d6e5dc7f2dee5738a8bba4d6ee2f606d6a7df33
3da0774b26e32f75fc189c078198bd462d2b376f6b9dac000f8ca1f62da4350e
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
416a6f6464b03d7a55e7016dc90d90b112abfbd4480895ac36aca9e98ac196d9
4175372abfb2196ceebaf65ea4b8b1934574adc959908c81516b683683fee8a3
4179753210f3180e55005cb0fe6a6de0bce044cb3871265ae6de254fd885af35
42a43730d8f510b4afac0dca3146fd88f1cd96bcf3ea75813c710e68d765761d
43bf60671c41e18a46c4b12077ddf6e7982cd0700ce49bbc7158619a2a3e49b0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4456d4d062177410840e8973cdeea16c0abc7efcf253027241042363f590e2ca
446a71d5cee8d0114e6c2d5bc54b3edf3c2a0aa78fd21c34e33616343b75a546
45566141c9bd03e314c3d7249582d6d7669512384d4c55bbce5ce1da4400cf2e
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b70b5ab26a51f7829a43fa74bbb2abc2fab541d5842d7c481274f9aaa239a53
4b8f230af668f20a7b50021f1edb1fac1c96cab1aa576933a2064e5d7807179b
4bb2d0d2c2a9d562c03c36576a3c24757628ff6d587c6e031146cb514e3e5a76
4c072ccd28b198cee370b4feae3f50c01fd6ac5369126da4541e7a8257d5bbed
4c09bf620e023ccd1045f79a8745041314f2dbbccd870dbbeec496ffe698ab65
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f
4d8a1333caa093ff4face975ecd4e42cbc366c70f2c4540e536f92b34d561db3
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5296373e00b7bf940079974c8621fda422dd1406bfc1a55c28defa64c5718d97
5447a4b923e58e64495179de1ced10a1ffca416eaad7617e39fe1ce02976e42e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55d2acbe82a59663ebe78e8b99136f5e303d911b2526f42c8727c6cf9eac16e9
55e7020aff7ecee94b80c84a6a58eeda72ee12d405c155e165a27568b643b7ca
56939e06ab2cb38895d26a98e53f13e4fa8507be612ac0d2537b7f1c68988087
589cadcfe87dd8185d54edd03100abce6060abaf18cf67f67b6d5f3d778b8c7e
5a6922d6039706cf85aa18ce219860d4a1146ec59157edf6f4e06fed8cac88c0
5a99612d9b5cb97ad873c0c0ad6bb9a28cdb71e035d4c817e974714e734c585d
5b5d8ead7d1f2243f295c5a0a476b5ed4ffe047193426bf28c3cca2d6396dc21
5ba39309991e2cef0269b415fa3bed2a10a502037ece266ad49eb66050206808
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5d9b4f914e5242e51a1fbbbf42d9e45d2739b8a3b1c36164c2546d1af072264e
5daf5a67b0195adb249daf8be3beba954aa26b72bface0a88322a51e66c9c9c0
5e9f4133696f0e582243141fe88a05702ea60f984211abb480d9a2ecbb716441
5f618b9e850e817799045418cb4d6baf1935f9085654f860cf286b8f14d65b48
5f64ebf6b2977ec7e3b26b80f2a1b44d54217614fa904f4662040f6d260f5ef3
60e91bda361fc74879d0ac95ad7c1b342e4963e780934e53b07cb2163180db99
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
61496aa1a9c3d26cfc292b41fc451a597a47468117c1fb258226a57296390433
64490d9f43dde1d328822e5fda86b0c17fa12a974df28a6fa75e5ad3bb9a8cd4
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3
650c82476c4211d9c7dcab13c023c507bdb5f3e2364d3a4446d67dc5c5566918
6522e64ab5ed9c2d96aa46ca6e5b576488db3c275f4c33466a975db91f6fda36
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
67837bc7a7ebf39b40b6fac84e0fd64ff503780f51039ee0373b7432ccd98afb
679af1410a90367c05aa33c79c163c5cf21b727bfbf24a9af7638bd5652020be
68c17e743f229f07f1375bd906669e46147d13fd2c92be22317bd3d4e505b5e7
69af23110413b775aa6f388c5984cad1566a5f579847cde65c925fa8547fd9d1
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b08e11012fca89020fef6f7f406f703755d47e5f3bd20d26d6cfbbafa4a9fb3
6c06cb54fd77979d1bfcde9cc23f061ea3e9a379ce3d5f6f6b69f18d1918e9a1
6c9cdd6715e32ba9b632a95591192b46cafdfd67fe6180b6b53c73015598c231
6da768623690c30a2d0665dc7ccb17fcf9b39f82dab4f57bdde60738142d8427
6e9b6d7b9ec3d1a1def4462c86be80e2f142c7192ad81cf2e2ef93bd242ba56e
6f61c306ec0f36d49ce62d99490f13885bc80a7948b6a83f35d2149f1c0c44ee
70c311ea097cbc672faa7f9325356ef749fbe6a1a729412e24ece30fc973d457
71452118f362fb13df5ca8297190a2b26506f8062c0a4b5ef7980a06c9addbea
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a
73502f11344a519fa549eeb80ce66ca81ead39a65b81fbeb5fff64966f8e965c
736bbd8dc168253ee743187c338aa794a66ea301a0ccc4c3f1e3ced911d9c9c1
73d29c9519e905d7ba4306bed124c06d94d698dd41ebf193b37e8661e72b6c0d
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
77177ed004787a92ed9c83e7abd219b55425dff8d70d1e93a261f2ea7c01efdb
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39
7ab3ebae891a75d2dfbc5dd36107f16a0b9ba271694c40f5b55279b4d69c9d53
7b6f7190fe9fab27d6cdca11e9c4e626b4e04b71f3402f4527fe42fde3a44d90
7b76b819a56cefc5344fabd9df41fdab467b1038d63992c2cabe70ab71d44c8a
7dc5277ba585373d4d4a12835a2034882cba58915950cdfbcb50ac6a7d8e610c
7ee72de7d82e24f58a41717ca2cae9271a0fe5a137f76ee830ff8a31fa2b2a5f
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
822c2b1fbd85dc0f3bf079ffabd40dde19d0d572515d59ee7da6c68b00d84029
8255cd81a570e59fc7e3ffe7540821f28c10211377465826801a7398f88da85c
8264bf30b0dfc41d19bf53d2c63a8fc9326b427cf3ea9cd9b6be2696fc55b118
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
83e4fecbbe3938653edd82602b3e3a0bd98509c5f8e50a8cd82b393695a1b9bb
842180c49522c1ce242d5d89bb09ea1e539e5ce7ac90d0969bc1ca4e495ab5f1
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b
853aac09e698b5cc90b45abdac04da4b9f834228dc29bdfc057e2133a2f24461
86749c09ba3f21d87f2b883fb9ca5b3391ce10df049a5608f88e7e8751b8ad62
87f41d9c4f569039a589601ac5215f1482d21d7ed08caa59686783e27c4be3d0
896188604699d1d7f6e4f1b032d0eb93471e509bc4f51cecff028c74904b0545
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8aae1da2d06b49c8b2aebbcb9828fafc038488d988cc92dcd66a6f8faca59122
8c20a5c73dd63fdb72a8ebc6f6794afa53d292f2915afc3be02367848b203803
8cb55f8c45774132203fdddd5da3007c4377df88c44505c87669dbc7c700d789
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8ec3cdfcdc79223ee04ed060812314854cb3b3d9d1914390c755934366fc3693
8ee4ef0958a69118b85a99f3dc63981d71e9d027c2bfe51d498e637f18697682
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8feeb2af07dabc3f7e51dd0524004bb6049727e0fbd6378e8dc64aa4144d6db5
90062375ddadeb5f2165be6e6ffcd441184829374c4766bd724e20b09606c8c7
904ec3cf49608e24b4f667e6c8e629938dc7637a654fa03f3d165514de667f48
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
9855f0a7b6d58838d0664ea23a93fee9910d2d5ce7ebbdfa52d76a61cb628f2e
98c8bb7e8194f77206d2ea852f11d568c8336cbb94a1c8c3f894de190bc02f59
99dc6efbb92e8a11bdaefa83dd1a518c6a015455f0c6ff5c6ef218a562755573
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
9d5f3b72a1218741a49be31bb07a03c5365e1daab85ffcd544824d68f4080655
9ed3b9da2e59b0e5a376ec2af91c6786ff3e3fbb4d8b5dc1dd81c9355c8f3662
9f5933a3d6d103d80585826dea98b19ce974d7b44aa4c8cfb3d717697772ff5b
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0f64f969e63efef1892ac224772d364dce3bd89ca4aa6e2fbd44f458af4a540
a101fef36d1bec286041b198d47b15ca6c26ef251731f05fe9511cc3d9b68b12
a15de4e30a474b4bd36d8d1989cd4e8acb32de8dd8f2ae29d66db3c0bb51b1a4
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84
a1c5270055c21f509389976ec7529f13c35a04ec3bcf5ad86cdddbb6cac15ce5
a227723172e3fad5dbc834f16eb5ace23b0fa9626853936c394f69f7ae7ada78
a3d477219de2bc775bdf051ed6497f56393934e3738ad8d6c39cf3458fda9986
a5293e0d94eff2837b1797ecb43e000b9e8249c4a4e6e316963248a2d4b87127
a849c2e832c63f895bc7ba31d6576eb5560e4253bc2e6fe1a6ab64bf660fed99
a8f81ae29f4f064b09f32197200198492754cd553979c148f3955b9cb31f819f
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
a9b5d62445d48f75234b683670ffd3f95f5c7240decae3146a38f0d19abd76dc
aa93ed4eb86c0ab48ce506b80bef916beceef4927ca58879862b75badcc360e7
ab5083387398d67868ad529a89f770c4ebab6f25dc06ab91f76ca2b9d1bbd392
ac71e58314929073cdb7b99d7503d9b71bddbd9d54cccac326a65ec65dbe2c1d
afa871bc9b82f151da5e18d35859a6a78d0f0190f01b2ed8b08fb9ffa6d13216
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b200ac3d3bf008f2ce310df1c78c2df72dbf8861b8681a68acb3e40fe51eb4ed
b3074090d27e92eb95b0263ddcada4f3efca261ebe7cc915cb352d2f04d5006d
b514f02bcd5b090edf30e218136c9ed1ec47445946a4ed61f391faaefc7707ab
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b698f4535cf67b7d888113bc09693d430652d57e20d67a4a31f5c8e5e3c24330
b74c57956156cfdb6ea1f2b5442d62bfd3d771a122de72133859f318f4b2d6c1
b7c90e57a0c403e014dacfe79a37c367f6f5a7145f68e9387a4cdc14a59b0b46
b952ae1a582910bbfd4efa3b03c3dd91b903fc474d62dbbda8db0729f34ea02c
b9ffdb10a2d93c63fb1d77e3db4d51d7cf132177aea3ab148e4f80cc367ee5bd
ba8b61671c5a1344acefbc986cb110f88f924b2367852345131717c3ff1f19a9
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8
bd44dba9ed6aec762bb17a7cc0b9a25455bc0489208b368f3b3dccf0ddbd542d
bd9dfac701991124e81aad87a2ef66f798b6985950b51f6456cd94386e03ad34
be125b657cb6690d3d60409a100996700907573c637ab7b4c3f36837d28f7d79
be21405eb0f240e306b4b9cb3cca010b7f7ed6762a8d58c9bb3e5bfff2aefeef
be21c68151947530567dcb15dcf4aa169621e4ec3d2a9ef8c71ba3590e5e35cf
bf6e4ad9998b4828a05e5f827edd9dd961f439ee0fa7f11825a08a90bfa382e8
bf9a23b3505b601a9de91a953c462d670e5b13fbbed92e0be549822cdd2af34a
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c33e2d26ff93f304c12ee1ac5165ac2f56e86e53acee8fec5701e72951e8a1e4
c4cb7ee295b14fe670ced1e8271273041990ca3d5af39accf8e960c227148eab
c635e5911388386f55ff0903a75b9e5fb813c5b9fa8605792a71eb770d604b7d
c67a54238bf42a58220827c3acfccaeda7322f795c3851d5953f3607280a6250
c73221984a8df331a14c8ceee7fc232e93eff6e9fa74fd72ed40d34da73c0a0a
c7ecaf3e8b86eb8637e07d0cc3d12ad7a6e3babd9d5f852bf685b7a4549c160f
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d
c905a799c91593b68a840f7aae0bd411b7f0d2d475c8f5f5a780d54018fb61b8
c9b8a60c49479edc7ddbe834930108a336c68d6d9206b8f9fd2121d464b0151a
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc752e0109ced57fdeac5fe874ae634b6e09ca1c032c178e8341f4d15d1eae19
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d0e50db0d6679dac85be85bf1cc2c0d12725b403a32d8d33f0bc45c676be8978
d145f0a5ecf309f2c57dffccd50122e835a8d490602bb6e35c96c738618994f9
d27cdac5329bccadc64959b42caabe7bccdd31b072a0fe2a6bb55ac1cadd6073
d51190b1aad415b12f661f7a7c6070f7a2567c09406dd505fe0c8f75d3f4d756
d57ae76616cbe8151bf9bbe2eef3a4b7a336bee7ad0ffb3891948bc36da153cf
d833164d6f79ca24d732c7c183ada6c241c66401d01f176960a1e35f96d45600
db3fcb13513ab0df8d771965eba1469ddd88f0d0fcdd8fce4ddbeb01cacd242f
dbc7becdd2e8bf2ac758ccfe5930afbb2c242ecbaf6cc425fb73e02c0497704c
dfb2cc791fb07ef797283ad41a90dad96d540c4fe49c52ad5e5a0c6113efe5ee
e0625a022bd3b199157833e0338f4eae7eb814ad18da77a4f315851c3e0d2e57
e226b210b4b9bee553da225bd9be2c495c2918ceb5d23cc2998ed82a8d4191a6
e2aad8d4a6ea8d798229b0966e3902855bdec1998ad5487434e7da4c921719e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e602d10aeab60c205781599d1dd4e46d615c1938e62f66d5752fb08ad800fa2d
e605414c5d690913c053ec344fd3fd58b19ecd5f111fb05e4e912bc52a77fa66
e6a1fae9b9c1045cde15a1cd74704fb037ddc78c4f375ebbc5f197a6db64678b
e885af5b5df46e9eedd6358e61a43197f3c3d3822ea98537b7129096c57ad36f
ea47381f277c3c846c154b4b2d214ee378430ef883dbbd34817a11e0a772b6f5
ea73d43e6e9a44c7ef1b83fc89d751d2e7863145631b9bcbb4bf0cc8166a12f9
eaea340fc9c06732833561ee4fabd14573a35d83c744d9d16ab8fa210d98a911
ebe260bcdc10b7d665d6854b47acb9da92aa3ab41f3d0009b144d2c30146ed8a
ebe674facbc5b1f5e8060915b29d1ddccfecfbbc5fa6ae9098da9a4231377e12
ec2f44e7dbd2ebb1268ac7e7a0602ec2106bc7fd9da17b9012db81be55cbd485
edce001abb992b5cf69d0fed80c386f93eef3466ff84a35280d70e928d836bc6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f04922ebea4b067db85d03916ff10a7691c8acdec1a6df9a97348508aea72c96
f2daeb2829868142889b221813c0a36b68761319ec6cd6358d02883ab189ea44
f2f74210d06d83f9e7c3f190df1f0496ab4b7cb703222e0e9e4edd10f584aa53
f31feb8d925261995f163714672276641e30b4ab72de413b70fc93918bb5ce9d
f4de63f60a94037dfeb1ce51fe5a5ec12984810a9896f1eb5b3a225d871357f9
f54aed9527ac229c6a5b15e49f73aa17cdf8224171095ef9c65ccd10ecd5af49
f6629b195dc3ff1541c5f9e6251060ebd2d6508cc80e45da3046422473604f4f
f94fb6d995e6263bddbd2e7aa9fdcb1eb1a93d7ae8dc6a8ea3fa16d8ad5638e5
fa0b33ee90a69b6de3660103153ea0a3ce5988cc09b54cd126e3d7f67a960582
fba0ea0c63c5284f98875d5db1b155d9d2798648e64681b3f5a8bbda95635865