www.nirsoft.net Open in urlscan Pro
138.128.181.29 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.nirsoft.net/utils/product_cd_key_viewer.html
Submission: On May 19 via manual (May 19th 2021, 12:09:56 pm UTC) from IN

Summary HTTP 157 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 45 IPs in 8 countries across 55 domains to perform 157 HTTP transactions. The main IP is 138.128.181.29, located in United States and belongs to DIMENOC, US. The main domain is www.nirsoft.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 16th 2021. Valid for: 3 months.

This is the only time www.nirsoft.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	138.128.181.29 138.128.181.29	33182 (DIMENOC) (DIMENOC)
14	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2 11	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
3	184.30.24.121 184.30.24.121	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
2	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3 18	216.52.2.39 216.52.2.39	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	104.111.233.227 104.111.233.227	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	3.122.214.165 3.122.214.165	16509 (AMAZON-02) (AMAZON-02)
2 2	34.253.111.115 34.253.111.115	16509 (AMAZON-02) (AMAZON-02)
2 10	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1 1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
2 2	18.196.123.190 18.196.123.190	16509 (AMAZON-02) (AMAZON-02)
2 3	37.252.173.22 37.252.173.22	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3 3	185.29.132.69 185.29.132.69	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4 4	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1 2	52.95.123.41 52.95.123.41	16509 (AMAZON-02) (AMAZON-02)
2 2	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
2 5	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
2	35.156.19.236 35.156.19.236	16509 (AMAZON-02) (AMAZON-02)
1 1	154.59.122.79 154.59.122.79	174 (COGENT-174) (COGENT-174)
2 3	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1 2	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
1	52.215.139.246 52.215.139.246	16509 (AMAZON-02) (AMAZON-02)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	3.221.7.1 3.221.7.1	14618 (AMAZON-AES) (AMAZON-AES)
1	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
7	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1 15	34.254.122.11 34.254.122.11	16509 (AMAZON-02) (AMAZON-02)
3 8	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (TURN) (TURN)
1	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2 2	37.157.2.239 37.157.2.239	198622 (ADFORM) (ADFORM)
15	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
2 5	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
4 5	64.202.112.95 64.202.112.95	23352 (SERVERCEN...) (SERVERCENTRAL)
2 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	3.225.15.51 3.225.15.51	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	52.0.80.108 52.0.80.108	14618 (AMAZON-AES) (AMAZON-AES)
1	193.122.174.27 193.122.174.27	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	38.91.45.7 38.91.45.7	398989 (DEEPINTENT) (DEEPINTENT)
2 2	3.121.254.42 3.121.254.42	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1	67.202.110.24 67.202.110.24	32748 (STEADFAST) (STEADFAST)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.50 124.146.215.50	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1 1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3	16509 (AMAZON-02) (AMAZON-02)
1 1	79.137.68.187 79.137.68.187	16276 (OVH) (OVH)
157	45

8 138.128.181.29 (United States)

ASN33182 (DIMENOC, US)
PTR: 138-128-181-29.static.hostdime.com

www.nirsoft.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 72.251.249.13 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vap2ams1.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.30.24.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-121.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 216.52.2.39 (United States) 3 redirects

ASN30282 (AS-INAPCDN-OCY, US)

gslbeacon.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.233.227 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)

pxdrop.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.214.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.253.111.115 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.16.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.139 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.123.190 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.22 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.30 (Amsterdam, Netherlands) 4 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.69 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.44 (United Kingdom) 4 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.123.41 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.128 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.248.242.197 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

data.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.19.236 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.59.122.79 (United States) 1 redirects

ASN174 (COGENT-174, US)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:36a9:ecb:e518:b308 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.50.137.190 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.139.246 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-139-246.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.221.7.1 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 34.254.122.11 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.98.64.218 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.239 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 64.202.112.95 (United States) 4 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (United States) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.225.15.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.0.80.108 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.122.174.27 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.91.45.7 (United States)

ASN398989 (DEEPINTENT, US)

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.254.42 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.110.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-110.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.50 (Yokohama, Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.137.68.187 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm9.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	lijit.com 5 redirects ap.lijit.com gslbeacon.lijit.com vap2ams1.lijit.com pxdrop.lijit.com ce.lijit.com	53 KB
29	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	358 KB
19	doubleclick.net 2 redirects googleads.g.doubleclick.net cm.g.doubleclick.net	47 KB
15	gumgum.com 1 redirects rtb.gumgum.com	5 KB
12	pubmatic.com 2 redirects ads.pubmatic.com image6.pubmatic.com	67 KB
9	openx.net 4 redirects us-u.openx.net eu-u.openx.net rtb.openx.net	3 KB
8	nirsoft.net www.nirsoft.net	32 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	105 KB
5	adsrvr.org 2 redirects data.adsrvr.org match.adsrvr.org	2 KB
5	google.com 1 redirects adservice.google.com www.google.com	919 B
4	outbrain.com 3 redirects sync.outbrain.com	1 KB
4	creativecdn.com 4 redirects creativecdn.com	1 KB
4	googletagservices.com www.googletagservices.com	127 KB
3	rubiconproject.com 1 redirects pixel-eu.rubiconproject.com pixel-us-east.rubiconproject.com pixel.rubiconproject.com	937 B
3	quantserve.com 2 redirects pixel.quantserve.com cms.quantserve.com	1 KB
3	1rx.io 3 redirects sync.1rx.io	1 KB
3	mathtag.com 3 redirects sync.mathtag.com	2 KB
3	adnxs.com 2 redirects secure.adnxs.com	2 KB
3	addthis.com s7.addthis.com api-public.addthis.com	123 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	629 B
2	360yield.com 2 redirects ad.360yield.com	616 B
2	spotxchange.com 2 redirects sync.search.spotxchange.com	1 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	adform.net 2 redirects c1.adform.net	925 B
2	simpli.fi 1 redirects um.simpli.fi	839 B
2	bidswitch.net x.bidswitch.net	291 B
2	rfihub.com 2 redirects p.rfihub.com	1 KB
2	amazon-adsystem.com 1 redirects aax-eu.amazon-adsystem.com	474 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	contextweb.com 2 redirects bh.contextweb.com	786 B
2	crwdcntrl.net 2 redirects bcp.crwdcntrl.net	1019 B
2	tapad.com 1 redirects pixel.tapad.com	916 B
2	google.de adservice.google.de	921 B
2	googleadservices.com partner.googleadservices.com	693 B
2	google-analytics.com ssl.google-analytics.com	17 KB
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	336 B
1	innovid.com ag.innovid.com	295 B
1	socdm.com 1 redirects tg.socdm.com	693 B
1	emxdgt.com cs.emxdgt.com
1	33across.com ssc-cms.33across.com
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	469 B
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	deepintent.com match.deepintent.com	44 B
1	technoratimedia.com sync.technoratimedia.com	294 B
1	ipredictive.com 1 redirects sync.ipredictive.com	428 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com	836 B
1	stackadapt.com sync.srv.stackadapt.com	168 B
1	turn.com 1 redirects d.turn.com	418 B
1	clickagy.com 1 redirects aorta.clickagy.com	665 B
1	bidr.io match.prod.bidr.io	430 B
1	acuityplatform.com 1 redirects ums.acuityplatform.com	609 B
1	sitescout.com 1 redirects pixel-sync.sitescout.com	270 B
1	eyeota.net ps.eyeota.net	344 B
1	addthisedge.com v1.addthisedge.com	207 B
1	moatads.com z.moatads.com	1 KB
157	55

	Domain	Requested by
17	ce.lijit.com	3 redirects www.nirsoft.net gslbeacon.lijit.com us-u.openx.net rtb.gumgum.com
15	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
15	rtb.gumgum.com	1 redirects gslbeacon.lijit.com rtb.gumgum.com
14	pagead2.googlesyndication.com	www.nirsoft.net pagead2.googlesyndication.com ap.lijit.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
10	cm.g.doubleclick.net	2 redirects gslbeacon.lijit.com us-u.openx.net rtb.gumgum.com www.nirsoft.net googleads.g.doubleclick.net
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
9	ap.lijit.com	2 redirects www.nirsoft.net ap.lijit.com gslbeacon.lijit.com
8	www.nirsoft.net	www.nirsoft.net
7	ads.pubmatic.com	gslbeacon.lijit.com ads.pubmatic.com rtb.gumgum.com
6	us-u.openx.net	3 redirects gslbeacon.lijit.com us-u.openx.net
5	image6.pubmatic.com	2 redirects ads.pubmatic.com
4	sync.outbrain.com	3 redirects rtb.gumgum.com
4	fonts.gstatic.com	fonts.googleapis.com
4	match.adsrvr.org	2 redirects us-u.openx.net rtb.gumgum.com
4	creativecdn.com	4 redirects
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	sync.1rx.io	3 redirects
3	sync.mathtag.com	3 redirects
3	secure.adnxs.com	2 redirects gslbeacon.lijit.com
2	sync-tm.everesttech.net	2 redirects
2	ad.360yield.com	2 redirects
2	sync.search.spotxchange.com	2 redirects
2	www.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	c1.adform.net	2 redirects
2	eu-u.openx.net	us-u.openx.net
2	um.simpli.fi	1 redirects gslbeacon.lijit.com
2	pixel.quantserve.com	2 redirects
2	x.bidswitch.net	gslbeacon.lijit.com rtb.gumgum.com
2	p.rfihub.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects gslbeacon.lijit.com
2	rtb.mfadsrvr.com	2 redirects
2	bh.contextweb.com	2 redirects
2	bcp.crwdcntrl.net	2 redirects
2	pixel.tapad.com	1 redirects www.nirsoft.net
2	vap2ams1.lijit.com	www.nirsoft.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	ssl.google-analytics.com	www.nirsoft.net
2	s7.addthis.com	www.nirsoft.net s7.addthis.com
1	googlecm.hit.gemius.pl	1 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	tg.socdm.com	1 redirects
1	cs.emxdgt.com	rtb.gumgum.com
1	ssc-cms.33across.com	rtb.gumgum.com
1	sync.targeting.unrulymedia.com	1 redirects
1	b1sync.zemanta.com	1 redirects
1	match.deepintent.com	rtb.gumgum.com
1	sync.technoratimedia.com	rtb.gumgum.com
1	sync.ipredictive.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync.srv.stackadapt.com	rtb.gumgum.com
1	api-public.addthis.com	s7.addthis.com
1	d.turn.com	1 redirects
1	pixel-us-east.rubiconproject.com	gslbeacon.lijit.com
1	aorta.clickagy.com	1 redirects
1	pixel-eu.rubiconproject.com	gslbeacon.lijit.com
1	match.prod.bidr.io	gslbeacon.lijit.com
1	ums.acuityplatform.com	1 redirects
1	data.adsrvr.org	gslbeacon.lijit.com
1	pixel-sync.sitescout.com	1 redirects
1	ps.eyeota.net	www.nirsoft.net
1	pxdrop.lijit.com	www.nirsoft.net
1	gslbeacon.lijit.com	ap.lijit.com
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
157	71

This site contains links to these domains. Also see Links.

Domain
blog.nirsoft.net
recover-keys.com
docs.microsoft.com
www.techsupportalert.com
anguerde.com
www.agusnurli.wordpress.com
glory4cars.com
www.layout.com.br
www.hdrumev.com
www.svalekjaer.dk
web.zone.ee
www.dominicdesbiens.com
engalego.blogspot.com
www.wintotal.de
www.geogeo.gr
cyworld.com
www.tferi.hu
www.giardiniblog.com
hppy.net
circlash.tistory.com
ralfie.oo.lv
shadima.com
www.sat2m.com
www.sesimbra.eu
forum.ru-board.com
habetdin.net
weibo.com
dickmoore.cn
pctempo.com
www.mikrodata.si
www.facebook.com
www.taiwan.net.tw
zhtwnet.com
blog.yam.com
www.netemlak.net
vjatv.iespana.es

Subject Issuer	Validity	Valid
nirsoft.net cPanel, Inc. Certification Authority	`2021-04-16` - `2021-07-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
cert1.a2.atm.aqfer.net R3	`2021-05-18` - `2021-08-16`	3 months	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.eyeota.net R3	`2021-04-29` - `2021-07-28`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.match.prod.bidr.io Amazon	`2021-02-26` - `2022-03-27`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.gumgum.com Amazon	`2020-07-03` - `2021-08-03`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.srv.stackadapt.com Amazon	`2020-12-09` - `2022-01-07`	a year	crt.sh
*.technoratimedia.com DigiCert SHA2 High Assurance Server CA	`2020-07-28` - `2021-10-01`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2020-05-18` - `2021-07-17`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh

This page contains 31 frames:

Primary Page: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Frame ID: A06C39205373153480DBD53A5E59866C
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html
Frame ID: 7EC2297078C3D963148607A54BAC81E6
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/sync
Frame ID: 2A30D1FB52A9CA9B16CD9295620E3ED2
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=90&slotname=3603023613&adk=1349428559&adf=3481616681&pi=t.ma~as.3603023613&w=728&lmt=1621426174&psa=0&format=728x90&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174144&bpp=9&bdt=133&idt=111&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6912368443707&frm=20&pv=2&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=TPX4DPNAlh&p=https%3A//www.nirsoft.net&dtd=132
Frame ID: 638B246218869DACA11BEA6040BE7C69
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&adk=1812271804&adf=3025194257&lmt=1621426174&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174304&bpp=1&bdt=293&idt=1&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=6912368443707&frm=20&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=7
Frame ID: 3FD931A6349784C3654E16E125C156C9
Requests: 1 HTTP requests in this frame

Frame: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Frame ID: 7818A8BAF23440848FE8882E2324F5A1
Requests: 21 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Frame ID: 349788A6F09EB8FBDFE77713A4ABF2EB
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Frame ID: A950979AC951562753EF0AABDC2AC868
Requests: 15 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Frame ID: 1AD9B0A45A2FBDC3A425F037A3D9BFE8
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Frame ID: E183F44B9B017787C4A5E5ADCB10D73C
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=1&3pid=8413187415359097579&gdpr=1&gdpr_consent=
Frame ID: 3B597C67E29FADA61CB168561D7A2123
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=600&slotname=8544847776&adk=1678388160&adf=2695214360&pi=t.ma~as.8544847776&w=160&psa=0&format=160x600&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174381&bpp=1&bdt=219&idt=75&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw&correlator=6912368443707&frm=23&ife=1&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1074269554&ga_fc=1&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=5&ady=613&biw=1600&bih=1200&isw=160&ish=600&ifk=2461446070&scr_x=0&scr_y=0&eid=44743003&oid=3&pvsid=3746620840696278&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6uj1u7xmet5z&fsb=1&dtd=90
Frame ID: 182AF4480516AAE5C949EC48F402C276
Requests: 18 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: D81160AB126FDD1921A6E3105D65737D
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A1251F9A92302093053CA7248D72BFEF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: BE95F36124D8F49C09DD68414E2FDAAD
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 58649B34D62374D98E35867F2EF1E5FD
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=b1cd60a4-ffff-4d00-9cb1-00622f2d6664&gdpr=1&gdpr_consent=
Frame ID: 61B595CCFC82A1CFFEC7193241B5893B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YKUAAgABI1XlZQA4&gdpr=1&gdpr_consent=&_test=YKUAAgABI1XlZQA4
Frame ID: CA4D536458A4465DD7081027FACCBCCC
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV81ZTRjMjM2Yy02NmRjLTQ5ZGEtODJkYS00OWQ1ZjdiMWNhZjI=&gdpr=1&gdpr_consent=
Frame ID: 334C26D517BE49C54896CE6947C75403
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Frame ID: A1AEA36384A0074884FAF77E90E9E55F
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 49BD605A34A7966A11BE4715E639B1EE
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Frame ID: F57B9398E28D0AFF7A547BDE14902621
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 0CEDBACC38D6BBFA16EECA86829A4F62
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YKUAAcCo8YwAAM0majcAAAAA
Frame ID: 9E3452CA17C6A978728A635E3EBE9EB0
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=1870471595250424766
Frame ID: 24CE49B052E18FA37D93EE3A3359A3F2
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=s5gv8dSRuDifP8bOQjqp&pi=gumgum&tc=1
Frame ID: ED1447527FC5FD988DBE2FB85429472F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 77FE344128074BA97C23FBFAED29D902
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C73FFEF322449318454A14A6AA1E0DBD
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/NEBu3pajZdeXNrzBMTKKpDrnjihkyh5N8uMAWlauysY.js
Frame ID: 999838CA16820CFF7F5BB0FEC442AE26
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 2F4013095477BBDC5FCACE47F0A05661
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D637CC1FAEFFB2B7681297B83DD4768A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

157
Requests

99 %
HTTPS

27 %
IPv6

55
Domains

71
Subdomains

45
IPs

8
Countries

940 kB
Transfer

2413 kB
Size

14
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.nirsoft.net/
Title: Blog

Search URL Search Domain Scan URL

URL: http://recover-keys.com/en/nirsoft.html
Title: Recover lost CD keys for Windows and 10000+ major programs

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct
Title: SoftwareLicensingProduct class

Search URL Search Domain Scan URL

URL: http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/
Title: Click here

Search URL Search Domain Scan URL

URL: http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm
Title: How to Report Malware or False Positives to Multiple Antivirus Vendors

Search URL Search Domain Scan URL

URL: http://blog.nirsoft.net/2009/10/22/how-to-connect-a-remote-windows-7vistaxp-computer-with-nirsoft-utilities/
Title: How to connect a remote Windows 7/Vista/XP computer with NirSoft utilities

Search URL Search Domain Scan URL

URL: http://anguerde.com/
Title: Anguerde

Search URL Search Domain Scan URL

URL: http://www.agusnurli.wordpress.com/
Title: Agus Nurliawan

Search URL Search Domain Scan URL

URL: http://glory4cars.com/
Title: Agnessa Petrova

Search URL Search Domain Scan URL

URL: http://www.layout.com.br/
Title: Paulo Neto

Search URL Search Domain Scan URL

URL: http://www.hdrumev.com/
Title: Hristo Drumev

Search URL Search Domain Scan URL

URL: http://www.svalekjaer.dk/
Title: Claus Svalekjaer

Search URL Search Domain Scan URL

URL: http://web.zone.ee/ttomberg/
Title: Toomas Tomberg

Search URL Search Domain Scan URL

URL: http://www.dominicdesbiens.com/
Title: Dominic Desbiens/Largo

Search URL Search Domain Scan URL

URL: http://engalego.blogspot.com/
Title: Xosé Antón Vicente Rodríguez

Search URL Search Domain Scan URL

URL: https://www.wintotal.de/nirsoft-uebersetzungen/
Title: «Latino» auf WinTotal.de

Search URL Search Domain Scan URL

URL: https://www.geogeo.gr/
Title: geogeo.gr

Search URL Search Domain Scan URL

URL: http://cyworld.com/sinooki
Title: sinooki

Search URL Search Domain Scan URL

URL: http://www.tferi.hu/
Title: Tamás Ferenc

Search URL Search Domain Scan URL

URL: https://www.giardiniblog.com/
Title: Alessandro Viscone

Search URL Search Domain Scan URL

URL: https://hppy.net/
Title: hppy.net

Search URL Search Domain Scan URL

URL: http://circlash.tistory.com/
Title: circlash

Search URL Search Domain Scan URL

URL: http://ralfie.oo.lv/
Title: Ralf Yu

Search URL Search Domain Scan URL

URL: https://shadima.com/
Title: Shadima

Search URL Search Domain Scan URL

URL: http://www.sat2m.com/
Title: NAHCI 13

Search URL Search Domain Scan URL

URL: http://www.sesimbra.eu/
Title: Filipe "Pollux" Baeta

Search URL Search Domain Scan URL

URL: http://forum.ru-board.com/
Title: selkv && Habetdin

Search URL Search Domain Scan URL

URL: https://habetdin.net/
Title: Habetdin

Search URL Search Domain Scan URL

URL: http://weibo.com/xiaocheng936
Title: 小程936

Search URL Search Domain Scan URL

URL: http://dickmoore.cn/
Title: DickMoore

Search URL Search Domain Scan URL

URL: https://pctempo.com/
Title: Enzo

Search URL Search Domain Scan URL

URL: http://www.mikrodata.si/english/employee.htm#jadran
Title: Jadran Rudec

Search URL Search Domain Scan URL

URL: http://www.facebook.com/jaad34
Title: Jose Antonio Alvarez Dominguez

Search URL Search Domain Scan URL

URL: http://www.taiwan.net.tw/
Title: 臺灣共和國

Search URL Search Domain Scan URL

URL: https://zhtwnet.com/
Title: Danfong Hsieh

Search URL Search Domain Scan URL

URL: http://blog.yam.com/danfong
Title: 丹楓(虫二電氣診所)

Search URL Search Domain Scan URL

URL: http://www.netemlak.net/
Title: Cemil Kaynar

Search URL Search Domain Scan URL

URL: http://vjatv.iespana.es/
Title: vjatv

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31

https://pixel.tapad.com/idsync/ex/receive?partner_id=1512&partner_device_id=4324fd5c0dcc26513bae91fe&gdpr=1&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=4324fd5c0dcc26513bae91fe&gdpr=1&gdpr_consent=

Request Chain 33

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=4324fd5c0dcc26513bae91fe/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=4324fd5c0dcc26513bae91fe/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=5001&3pid=3737295cfc81648b5bc3772d697ee0fa&gdpr=1&gdpr_consent=

Request Chain 36

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=NDMyNGZkNWMwZGNjMjY1MTNiYWU5MWZl

Request Chain 37

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=

Request Chain 38

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=49&3pid=0cVQKZsPVi3n&ev=1&pid=558511&gdpr_consent=&gdpr=1

Request Chain 39

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=87&3pid=98a95772-f355-44bb-84be-128a019051dd HTTP 302
https://ce.lijit.com/merge?pid=87&3pid=98a95772-f355-44bb-84be-128a019051dd&dnr=1

Request Chain 41

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=&tc=1 HTTP 302
https://ce.lijit.com/merge?pid=86&3pid=m86Reg2p7yHg0LE4c65Q&pi=sovrn&gdpr_consent=&gdpr=1&tc=1

Request Chain 42

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=4324fd5c0dcc26513bae91fe&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=3&3pid=4a9460a4-ffff-4700-9de0-a3d3c47b6c0c&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=3&3pid=4a9460a4-ffff-4700-9de0-a3d3c47b6c0c&gdpr=1&gdpr_consent=&dnr=1

Request Chain 43

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

Request Chain 44

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=1&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t

Request Chain 45

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=10&3pid=1870471595250424766 HTTP 302
https://ce.lijit.com/merge?pid=10&3pid=1870471595250424766&dnr=1

Request Chain 48

https://ums.acuityplatform.com/tum?umid=27&uid=4324fd5c0dcc26513bae91fe&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=66&3pid=579453451693

Request Chain 49

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=m7aZ_svgnq-Avsr4zLHVr5qxnvmAs8j4yOdUnss1

Request Chain 50

https://um.simpli.fi/lj_match?r=1621426174371&gdpr=1&gdpr_consent= HTTP 302
https://um.simpli.fi/no_match_opted_out

Request Chain 53

https://aorta.clickagy.com/pixel.gif?ch=185&cm=4324fd5c0dcc26513bae91fe&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=84&3pid=c:6184efc3edd6c0d61b897240ec403777

Request Chain 54

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=Y2ZiZWFiZGUwMGE1YzY5MjY4OTY2YmUw HTTP 302
https://ap.lijit.com/dsp/google/reporting

Request Chain 58

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=

Request Chain 60

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=1&3pid=8413187415359097579&gdpr=1&gdpr_consent=

Request Chain 71

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=898e60a4-ffff-4200-a746-d21324964843

Request Chain 72

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=UIWtWQDTqghLjf5fB4LhCFGCql5LgPxfA9T6Bf-f

Request Chain 73

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7329329192432328946

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIyA0ftgVbHQ3_p6-xFvB7I&google_cver=1

Request Chain 97

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 98

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dapn%26i%3D%24UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=7078442183692558899

Request Chain 100

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2&obuid=ENC(ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8862&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dspotx%26uid%3D%24SPOTX_USER_ID%26obUid%3DruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8862&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dspotx%26uid%3D%24SPOTX_USER_ID%26obUid%3DruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6&__user_check__=1&sync_id=14d6fdd9-b89b-11eb-a14c-1fd522ee0206 HTTP 302
https://sync.outbrain.com/cookie-sync?p=spotx&uid=14d6fd8f-b89b-11eb-a14c-1fd522ee0206&obUid=ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6

Request Chain 101

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=51394ab1-f15d-4300-8c50-fb3fde54c0b2

Request Chain 103

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-uMzaZIlE2pel2Rb44lkrAn7w5gLoh__u1aYJ~A

Request Chain 104

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=148627fb-b89b-11eb-92e7-734c6cb84090

Request Chain 107

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2&gdpr=1&gdpr_consent=&us_privacy= HTTP 302
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

Request Chain 108

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://rtb.gumgum.com/usersync?b=idi&i=05ba9473-50a8-4678-a5dd-2dbd8f110e08

Request Chain 109

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8127210047 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8127210047 HTTP 302
https://sync.1rx.io/usersync/tradedesk/06b72f3a-af4f-4122-8ef8-6bc29cff2b2a HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-7aaf6308-0882-4d4c-a326-7af1cbf7abfc-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-7aaf6308-0882-4d4c-a326-7af1cbf7abfc-003 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=RX-7aaf6308-0882-4d4c-a326-7af1cbf7abfc-003

Request Chain 110

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=yVpeQ2eO9kSX&ev=1&pid=558355

Request Chain 112

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=b1cd60a4-ffff-4d00-9cb1-00622f2d6664&gdpr=1&gdpr_consent=

Request Chain 113

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YKUAAgABI1XlZQA4 HTTP 302
https://rtb.gumgum.com/usersync?b=atm&i=YKUAAgABI1XlZQA4&gdpr=1&gdpr_consent=&_test=YKUAAgABI1XlZQA4

Request Chain 119

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YKUAAcCo8YwAAM0majcAAAAA

Request Chain 120

https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
https://rtb.gumgum.com/usersync?b=zet&i=1870471595250424766

Request Chain 121

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=s5gv8dSRuDifP8bOQjqp&pi=gumgum&tc=1

Request Chain 141

https://rtb.openx.net/sync/dds?google_gid=CAESEBdzpDHXhuQrOd26fcuWAJM&google_cver=1&google_push=AQvitUIAmDwqexsgb9Qs9WWujizCjqtzDLpylE1KXIPRXZFYVMh_Z4Rcrb1EBKbXKJExgY5KWwkA_75Iak9u2eWaAnwWPxsTvxXpcg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIAmDwqexsgb9Qs9WWujizCjqtzDLpylE1KXIPRXZFYVMh_Z4Rcrb1EBKbXKJExgY5KWwkA_75Iak9u2eWaAnwWPxsTvxXpcg&google_hm=eVJk_XDOwngNX6dlxR37Tg==

Request Chain 142

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL9CJsvY6Cs5J_x98TCdlJc&google_cver=1&google_push=AQvitUKMpDiajWAb9kI0QAoJGFLhTrIbqKqA51GcpXewzJTApdLOYj0sscn0Vuf_zlMx-wWyvnooLchbzJ7-XZvhmhyQbNJT68U6Dg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL9CJsvY6Cs5J_x98TCdlJc&google_cver=1&google_push=AQvitUKMpDiajWAb9kI0QAoJGFLhTrIbqKqA51GcpXewzJTApdLOYj0sscn0Vuf_zlMx-wWyvnooLchbzJ7-XZvhmhyQbNJT68U6Dg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=knn9brttQTmr9AL_t942Fw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKMpDiajWAb9kI0QAoJGFLhTrIbqKqA51GcpXewzJTApdLOYj0sscn0Vuf_zlMx-wWyvnooLchbzJ7-XZvhmhyQbNJT68U6Dg

Request Chain 143

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELdnyaNhNsKG9C48f6gZ69s&google_cver=1&google_push=AQvitUIK7oofMeZaKfDF959Rv01Pqzt3Pgvs6TIKOPZGVwKqSX7VoP5AirGKEmk9edBT3qYOYmpw7TgAhaHiCsWTbgXZNNDnQlCtEw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09WRkE2SVUtWi1BTFhV&google_push=AQvitUIK7oofMeZaKfDF959Rv01Pqzt3Pgvs6TIKOPZGVwKqSX7VoP5AirGKEmk9edBT3qYOYmpw7TgAhaHiCsWTbgXZNNDnQlCtEw

Request Chain 144

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1

Request Chain 146

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEGpfc9IOSo1HGZRZkmVrgOw&google_cver=1&google_push=AQvitUKcb10V_9jSr3c3Vhw1n1t1N9fAMOcGXwt3wTeTcCHH4DL17ja9pDlT1LoqmoeBCyZtNgBlVsKei8ocZCXNJzqkicTkYhqR0h0 HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKcb10V_9jSr3c3Vhw1n1t1N9fAMOcGXwt3wTeTcCHH4DL17ja9pDlT1LoqmoeBCyZtNgBlVsKei8ocZCXNJzqkicTkYhqR0h0&google_hm=

157 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request product_cd_key_viewer.html Show response
www.nirsoft.net/utils/ 37 KB
11 KB 404ms
149ms Document
text/html 138.128.181.29
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 138.128.181.29 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: 138-128-181-29.static.hostdime.com
Software: Apache /
Resource Hash: 55b414b1eb3e763c73fa89a0a5771dd4e0d3ccbdc7109afe9aa4cb6d06f9f811

Request headers

Host: www.nirsoft.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10983
Keep-Alive: timeout=4, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK main.css
www.nirsoft.net/ 7 KB
2 KB 125ms
123ms Stylesheet
text/css 138.128.181.29
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nirsoft.net/main.css
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 138.128.181.29 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: 138-128-181-29.static.hostdime.com
Software: Apache /
Resource Hash: 1fc7ceb533a021747396d0773be419b8432c309db898995af87bf5a7b0c68b0b

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nirsoft.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Connection: keep-alive
Referer: https://www.nirsoft.net/utils/product_cd_key_viewer.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Jan 2020 06:22:16 GMT
Server: Apache
ETag: "126d6c-1c14-59bff7f2a5600-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=4, max=49
Content-Length: 1568

GET
H/1.1 200
OK nirsoft2.gif
www.nirsoft.net/ 4 KB
4 KB 248ms
122ms Image
image/gif 138.128.181.29
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nirsoft.net/nirsoft2.gif
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 138.128.181.29 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: 138-128-181-29.static.hostdime.com
Software: Apache /
Resource Hash: 0c4f483b95cfce5c4e78f32946ed302502f365c272094950b254b6226c16c7f5

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nirsoft.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Connection: keep-alive
Referer: https://www.nirsoft.net/utils/product_cd_key_viewer.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Last-Modified: Mon, 06 Sep 2004 14:43:52 GMT
Server: Apache
ETag: "126d5f-e6e-3e36ce8cf3a00"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=4, max=48
Content-Length: 3694

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 43ms
23ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f488ba69b34a8b4d924f46e58cbbe62ad1031ee74af785d328ccb54c4cd9b5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47946
x-xss-protection: 0
server: cafe
etag: 18260956113010957495
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H/1.1 200
OK fpi.js Show response
ap.lijit.com/www/delivery/ 5 KB
3 KB 47ms
15ms Script
text/javascript 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/www/delivery/fpi.js?z=701248&width=160&height=600
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/"60468d89-1540"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap2ams1
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK produkey_icon.gif
www.nirsoft.net/utils/ 1 KB
1 KB 374ms
125ms Image
image/gif 138.128.181.29
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nirsoft.net/utils/produkey_icon.gif
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 138.128.181.29 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: 138-128-181-29.static.hostdime.com
Software: Apache /
Resource Hash: ab80bf76ac30775829501ad88f1a378c08bd4b6e4cbeba3bc2a4629e575c25ad

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nirsoft.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Connection: keep-alive
Referer: https://www.nirsoft.net/utils/product_cd_key_viewer.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Last-Modified: Sun, 24 Apr 2005 22:39:06 GMT
Server: Apache
ETag: "12554a-410-3f5865be09680"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=4, max=47
Content-Length: 1040

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/250/ 353 KB
114 KB 26ms
10ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/250/addthis_widget.js

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Wed, 19 May 2021 12:09:34 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H/1.1 200
OK produkey.gif
www.nirsoft.net/utils/ 11 KB
11 KB 374ms
126ms Image
image/gif 138.128.181.29
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nirsoft.net/utils/produkey.gif
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 138.128.181.29 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: 138-128-181-29.static.hostdime.com
Software: Apache /
Resource Hash: 2fca6187ce4dde712dc12f853bc2fdbb8c46209ce0908451890790d13e851808

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nirsoft.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Connection: keep-alive
Referer: https://www.nirsoft.net/utils/product_cd_key_viewer.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Last-Modified: Wed, 05 Oct 2005 14:40:56 GMT
Server: Apache
ETag: "125693-2a1a-40262cbcb6e00"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=4, max=50
Content-Length: 10778

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/ Frame 7EC2 10 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210517/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nirsoft.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nirsoft.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 01:00:52 GMT
expires: Wed, 02 Jun 2021 01:00:52 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 40122
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/ 231 KB
85 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5286073190998405&plah=www.nirsoft.net&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87252
x-xss-protection: 0
server: cafe
etag: 5322897297824761394
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H/1.1 200
OK menubg.png
www.nirsoft.net/ 448 B
723 B 246ms
130ms Image
image/png 138.128.181.29
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nirsoft.net/menubg.png
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/main.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 138.128.181.29 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: 138-128-181-29.static.hostdime.com
Software: Apache /
Resource Hash: 4ea8411870894a09ff7165d06aab69c2be05ffea87cdb1b5fb3b5594f11f6f06

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nirsoft.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nirsoft.net/main.css
Connection: keep-alive
Referer: https://www.nirsoft.net/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Last-Modified: Sun, 12 Jan 2020 19:55:26 GMT
Server: Apache
ETag: "1200ca-1c0-59bf6bd6f4780"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=4, max=50
Content-Length: 448

GET
H/1.1 200
OK sync Show response
ap.lijit.com/ Frame 2A30 87 KB
20 KB 31ms
31ms Script
text/javascript 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/sync
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/www/delivery/fpi.js?z=701248&width=160&height=600
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Mar 2021 20:48:41 GMT
Server: nginx
ETag: W/"60468da9-15bdc"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=86400, must-revalidate
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap2ams1
Expires: Thu, 20 May 2021 12:09:35 GMT

GET
H/1.1 200
OK menutomain.gif
www.nirsoft.net/ 805 B
1 KB 235ms
130ms Image
image/gif 138.128.181.29
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nirsoft.net/menutomain.gif
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/main.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 138.128.181.29 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: 138-128-181-29.static.hostdime.com
Software: Apache /
Resource Hash: 03fb3f62f575f7aece5107379da9667099547635980c20ee48c3a85a1ae1b7c2

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nirsoft.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nirsoft.net/main.css
Connection: keep-alive
Referer: https://www.nirsoft.net/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Last-Modified: Sat, 21 Apr 2007 15:17:30 GMT
Server: Apache
ETag: "126d84-325-42ea0ef395680"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=4, max=50
Content-Length: 805

GET
H/1.1 200
OK toptomain.gif
www.nirsoft.net/ 805 B
1 KB 359ms
124ms Image
image/gif 138.128.181.29
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nirsoft.net/toptomain.gif
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/main.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 138.128.181.29 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: 138-128-181-29.static.hostdime.com
Software: Apache /
Resource Hash: 432863150465290850edbb508d7e1e8c95320c0b34737f2f81cbf7589b6064d8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.nirsoft.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.nirsoft.net/main.css
Connection: keep-alive
Referer: https://www.nirsoft.net/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Last-Modified: Sat, 21 Apr 2007 15:31:48 GMT
Server: Apache
ETag: "12332e-325-42ea1225d6100"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=4, max=49
Content-Length: 805

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 61ms
24ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=34325
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 31ms
6ms Script
text/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 271
date: Wed, 19 May 2021 12:05:03 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 19 May 2021 14:05:03 GMT

GET
H/1.1 200
OK adcfg Show response
ap.lijit.com/ Frame 2A30 159 B
550 B 20ms
20ms Script
application/x-javascript 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/adcfg?zoneid=701248&tid=a9be6a95d0644439b00f7f3f5cdb5a5d0b67cb66&mode=1&dmn=www.nirsoft.net
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 851b18217280b8affbc23da68973955dd5ed44ddd47e708f0a9ed871c5d7130c

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:35 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 146

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 201 B
640 B 50ms
22ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.nirsoft.net&callback=_gfp_s_&client=ca-pub-5286073190998405

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5286073190998405&plah=www.nirsoft.net&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

b49394c87bc628c1e9357657668b4a1a540bf87ee2e707fc1eb0129dd3eec4bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 34ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nirsoft.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 16ms
14ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nirsoft.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 638B 60 KB
15 KB 607ms
606ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=90&slotname=3603023613&adk=1349428559&adf=3481616681&pi=t.ma~as.3603023613&w=728&lmt=1621426174&psa=0&format=728x90&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174144&bpp=9&bdt=133&idt=111&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6912368443707&frm=20&pv=2&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=TPX4DPNAlh&p=https%3A//www.nirsoft.net&dtd=132

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a51922ab4050690f553e962817435a7c955b83da3b4402d1fc632500808d103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5286073190998405&output=html&h=90&slotname=3603023613&adk=1349428559&adf=3481616681&pi=t.ma~as.3603023613&w=728&lmt=1621426174&psa=0&format=728x90&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174144&bpp=9&bdt=133&idt=111&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6912368443707&frm=20&pv=2&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=TPX4DPNAlh&p=https%3A//www.nirsoft.net&dtd=132
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nirsoft.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nirsoft.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 12:09:34 GMT
server: cafe
content-length: 15632
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 19-May-2021 12:24:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 12:09:34 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H/1.1 200
OK addelivery Show response
ap.lijit.com/ Frame 2A30 1 KB
1 KB 32ms
31ms Script
application/x-javascript 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/addelivery?zoneid=701248&tid=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&cb=undefined&mode=1&flv=0.0.0&ifr=true&od=www.nirsoft.net&time=12%3A09%3A34&fd=1&be=sf&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&orig_loc=http%3A%2F%2Fhttps%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&abf=true&dpz=false&cv=undefined&dop=1&ndw=1&spif=true&btid=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b31631d128cea56ee70228e71cebe7488f429eeb7f4ff8738bac0bbd5f89ae0c

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 720

GET
H3-29 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
54 B 32ms
17ms Image
image/gif 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1202806783&utmhn=www.nirsoft.net&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ProduKey%20-%20Recover%20lost%20product%20key%20(CD-Key)%20of%20Windows%2FMS-Office%2FSQL%20Server&utmhid=1984376513&utmr=-&utmp=%2Futils%2Fproduct_cd_key_viewer.html&utmht=1621426174301&utmac=UA-6647006-1&utmcc=__utma%3D159191077.480711802.1621426174.1621426174.1621426174.1%3B%2B__utmz%3D159191077.1621426174.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1272348766&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAQAAAAE~

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3FD9 0
19 B 15ms
15ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&adk=1812271804&adf=3025194257&lmt=1621426174&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174304&bpp=1&bdt=293&idt=1&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=6912368443707&frm=20&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=7

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5286073190998405&output=html&adk=1812271804&adf=3025194257&lmt=1621426174&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174304&bpp=1&bdt=293&idt=1&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=6912368443707&frm=20&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nirsoft.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nirsoft.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 12:09:34 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 19-May-2021 12:24:34 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 12:09:34 GMT
cache-control: private

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/nirsofer/ 27 B
207 B 97ms
95ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/nirsofer/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-121.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
content-disposition: attachment; filename=1.txt
cache-control: public, max-age=37, s-maxage=86400
content-length: 47
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8

GET
H3-29 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2A30 132 KB
47 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/sync

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f488ba69b34a8b4d924f46e58cbbe62ad1031ee74af785d328ccb54c4cd9b5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47946
x-xss-protection: 0
server: cafe
etag: 18260956113010957495
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H/1.1 200
OK Cookie set beacon Show response
gslbeacon.lijit.com/ Frame 7818 5 KB
2 KB 50ms
15ms Document
text/html 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: ce30d468941571f73a45d6f480faca842899c1d649502821269767aa20e5c78e

Request headers

Host: gslbeacon.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.nirsoft.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=4324fd5c0dcc26513bae91fe
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nirsoft.net/

Response headers

Server: nginx
Date: Wed, 19 May 2021 12:09:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxdzzsSgDAIBNC7pLYIf%2FBqjnfXRBu2fBnYsNegcZIzGbGFHsN9m10slrlTOoO6aYJhPf70KbOWqyr6xPuSkAEXJfyRcFMq2MDYEPfhIv7mSb1kO3oHgTyFPK1ug3lrfe8HBzlO%2Bg%3D%3D;Path=/;Domain=.lijit.com;Expires=Thu, 19-May-2022 12:09:34 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=4324fd5c0dcc26513bae91fe;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Thu, 19-May-2022 12:09:34 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap7ams1

GET
H/1.1 200
OK containertag Show response
ap.lijit.com/ Frame 2A30 52 KB
6 KB 26ms
25ms Script
application/json 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/containertag?containerId=18&zoneId=701248&v=2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 3c647bf2f90c1a702c07415eaa5e44bb7832436f61a8357e1fd9958f00eae674

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: raptor
Vary: Accept-Encoding
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap2ams1
Content-Type: application/json
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK impression
vap2ams1.lijit.com/addelivery/ Frame 2A30 43 B
567 B 51ms
19ms Image
image/gif 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vap2ams1.lijit.com/addelivery/impression?i_data=rDkkF6TNbABZfJyK1w3aUMcRnLnbbMS9FXUH1QK6_VCapteTscriVWEQU52UHnVRGukrqh4ebECBAXUB_2APSOeO2EMIwBm6QJEt60Wswgc0vfW70pVVhBDKrNnZzMNkrNTNxpIvYAx2Ur974fkhvrNzp6n1C_UvcP__Whyk4D1OMpJXNc03tRfrzg6QbeGg2pRlmEmu1VWgC-nnxROPsGgUxoBqfRTzLeUpgnEREB0R3aHpBuIy_qN0gU1-Vw~~&bannerid=222065&campaignid=232&endpoint=WATERFALL&zoneid=701248&tid=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK fp
vap2ams1.lijit.com/data/ Frame 2A30 43 B
206 B 46ms
15ms Image
image/gif 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vap2ams1.lijit.com/data/fp?tid=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&zoneid=701248&starttime=1621426174246&adcfg=4&adcfg_response=40&addelivery=44&addelivery_response=77&lgfired=81&beacon=85&container=91&EOL=92&ctstart=0&elapsed_ms=92
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
X-Sovrn-Pod: ad_ap2ams1
X-Powered-By: raptor
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 204
No Content t.dhj Show response
pxdrop.lijit.com/1/d/ Frame 2A30 0
225 B 74ms
19ms Script
text/plain 104.111.233.227
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pxdrop.lijit.com/1/d/t.dhj?dmn=nirsoft.net&GDPR_v2=
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.227 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Expires: Wed, 19 May 2021 12:09:34 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 2A30
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=1512&partner_device_id=4324fd5c0dcc26513bae91fe&gdpr=1&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=4324fd5c0dcc26513bae91fe&gdpr=1&gdpr_consent=

95 B
427 B

21ms
16ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=4324fd5c0dcc26513bae91fe&gdpr=1&gdpr_consent=

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.36.v20210114) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

date: Wed, 19 May 2021 12:09:34 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=4324fd5c0dcc26513bae91fe&gdpr=1&gdpr_consent=
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK pixel
ps.eyeota.net/ Frame 2A30 0
344 B 64ms
18ms Image
text/plain 3.122.214.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=&pid=51md42u&t=gif
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.122.214.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2A30
Redirect Chain

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=4324fd5c0dcc26513bae91fe/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent=
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=4324fd5c0dcc26513bae91fe/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=5001&3pid=3737295cfc81648b5bc3772d697ee0fa&gdpr=1&gdpr_consent=

43 B
1 KB

96ms
15ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=5001&3pid=3737295cfc81648b5bc3772d697ee0fa&gdpr=1&gdpr_consent=
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ce.lijit.com/merge?pid=5001&3pid=3737295cfc81648b5bc3772d697ee0fa&gdpr=1&gdpr_consent=
cache-control: no-cache
x-server: 10.45.7.250
content-length: 0
expires: 0

GET
H/1.1 200
OK ct
ap.lijit.com/data/ Frame 2A30 43 B
206 B 22ms
21ms Image
image/gif 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/data/ct?tid=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&zoneid=701248&cid=18&geo=DE&all_tags=185%2C203%2C205%2C234%2C248%2C388%2C429%2C458%2C462%2C465%2C490%2C501%2C503%2C512%2C515%2C519%2C520%2C523%2C539%2C541%2C543%2C561%2C563%2C565%2C578%2C589%2C590%2C600&tss=40%2C41%2C41%2C43&fired_tags=519%2C520%2C541%2C590&count=4&status=8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C1%2C8%2C8%2C1%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C32&elapsed_ms=44
Requested by: Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
X-Sovrn-Pod: ad_ap2ams1
X-Powered-By: raptor
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/ Frame 2A30 231 KB
85 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5286073190998405&plah=www.nirsoft.net&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87252
x-xss-protection: 0
server: cafe
etag: 5322897297824761394
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7818
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=NDMyNGZkNWMwZGNjMjY1MTNiYWU5MWZl

170 B
506 B

54ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=NDMyNGZkNWMwZGNjMjY1MTNiYWU5MWZl

Requested by

Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=NDMyNGZkNWMwZGNjMjY1MTNiYWU5MWZl
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=

43 B
1 KB

113ms
16ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=49&3pid=0cVQKZsPVi3n&ev=1&pid=558511&gdpr_consent=&gdpr=1

43 B
971 B

17ms
15ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=49&3pid=0cVQKZsPVi3n&ev=1&pid=558511&gdpr_consent=&gdpr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://ce.lijit.com/merge?pid=49&3pid=0cVQKZsPVi3n&ev=1&pid=558511&gdpr_consent=&gdpr=1
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7c488d4f5b-82ngj
expires: -1

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=87&3pid=98a95772-f355-44bb-84be-128a019051dd
https://ce.lijit.com/merge?pid=87&3pid=98a95772-f355-44bb-84be-128a019051dd&dnr=1

0
433 B

43ms
15ms

Image
text/plain

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=87&3pid=98a95772-f355-44bb-84be-128a019051dd&dnr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=87&3pid=98a95772-f355-44bb-84be-128a019051dd&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 7818 0
0 70ms
18ms Image
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=&tc=1
https://ce.lijit.com/merge?pid=86&3pid=m86Reg2p7yHg0LE4c65Q&pi=sovrn&gdpr_consent=&gdpr=1&tc=1

43 B
1 KB

118ms
16ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=86&3pid=m86Reg2p7yHg0LE4c65Q&pi=sovrn&gdpr_consent=&gdpr=1&tc=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=86&3pid=m86Reg2p7yHg0LE4c65Q&pi=sovrn&gdpr_consent=&gdpr=1&tc=1
pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT, Wed, 19 May 2021 12:09:34 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=4324fd5c0dcc26513bae91fe&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=4a9460a4-ffff-4700-9de0-a3d3c47b6c0c&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=4a9460a4-ffff-4700-9de0-a3d3c47b6c0c&gdpr=1&gdpr_consent=&dnr=1

0
433 B

53ms
14ms

Image
text/plain

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=3&3pid=4a9460a4-ffff-4700-9de0-a3d3c47b6c0c&gdpr=1&gdpr_consent=&dnr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=3&3pid=4a9460a4-ffff-4700-9de0-a3d3c47b6c0c&gdpr=1&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

43 B
1 KB

86ms
16ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=56&3pid=OPTOUT
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://ce.lijit.com/merge?pid=56&3pid=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H/1.1

200
OK

iu3
aax-eu.amazon-adsystem.com/s/ Frame 7818
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=1&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t

0
0

35ms
34ms

Image
text/html

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=10&3pid=1870471595250424766
https://ce.lijit.com/merge?pid=10&3pid=1870471595250424766&dnr=1

0
433 B

44ms
15ms

Image
text/plain

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=10&3pid=1870471595250424766&dnr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=10&3pid=1870471595250424766&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 generic
data.adsrvr.org/track/cmf/ Frame 7818 70 B
265 B 1107ms
31ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 sync
x.bidswitch.net/ Frame 7818 43 B
146 B 3091ms
19ms Image
image/gif 35.156.19.236
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=fmx&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.19.236 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:37 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://ums.acuityplatform.com/tum?umid=27&uid=4324fd5c0dcc26513bae91fe&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=66&3pid=579453451693

43 B
1 KB

15ms
15ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=66&3pid=579453451693
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:38 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://ce.lijit.com/merge?pid=66&3pid=579453451693

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=m7aZ_svgnq-Avsr4zLHVr5qxnvmAs8j4yOdUnss1

43 B
2 KB

71ms
15ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=m7aZ_svgnq-Avsr4zLHVr5qxnvmAs8j4yOdUnss1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=m7aZ_svgnq-Avsr4zLHVr5qxnvmAs8j4yOdUnss1
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame 7818
Redirect Chain

https://um.simpli.fi/lj_match?r=1621426174371&gdpr=1&gdpr_consent=
https://um.simpli.fi/no_match_opted_out

0
272 B

22ms
19ms

Image
text/plain

169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 12:09:35 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Wed, 19 May 2021 12:09:34 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 18 May 2021 12:09:34 GMT

GET
H/1.1 200
OK svr
match.prod.bidr.io/cookie-sync/ Frame 7818 43 B
430 B 1398ms
31ms Image
image/gif 52.215.139.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.139.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-139-246.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
content-type: image/gif
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 7818 0
239 B 114ms
33ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 7818
Redirect Chain

https://aorta.clickagy.com/pixel.gif?ch=185&cm=4324fd5c0dcc26513bae91fe&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=84&3pid=c:6184efc3edd6c0d61b897240ec403777

43 B
673 B

47ms
16ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=84&3pid=c:6184efc3edd6c0d61b897240ec403777
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date: Wed, 19 May 2021 12:09:35 GMT
server: Aorta/2.4.14-20210304.4cf0ca0
access-control-allow-origin
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
Location: https://ce.lijit.com/merge?pid=84&3pid=c:6184efc3edd6c0d61b897240ec403777
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
X-Aorta-Region: us-east-1
Connection: keep-alive
X-Aorta-Host: ip-10-42-17-192.ec2.internal
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length: 0

GET
H/1.1

200
OK

reporting
ap.lijit.com/dsp/google/ Frame 7818
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=Y2ZiZWFiZGUwMGE1YzY5MjY4OTY2YmUw
https://ap.lijit.com/dsp/google/reporting

43 B
567 B

16ms
16ms

Image
image/gif

72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/dsp/google/reporting
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:35 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ap.lijit.com/dsp/google/reporting
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 7818 0
239 B 454ms
101ms Image
image/gif 8.43.72.97
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: ab995a74221271a8dc253760ec78ee1d
Content-Type: image/gif

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3497 8 KB
3 KB 68ms
19ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

last-modified: Wed, 21 Oct 2020 18:57:29 GMT
etag: "1300708-1f78-5b232eb4914bb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2654
content-type: text/html; charset=UTF-8
cache-control: max-age=42204
expires: Wed, 19 May 2021 23:52:58 GMT
date: Wed, 19 May 2021 12:09:34 GMT
vary: Accept-Encoding

GET
H2 200 0608867b Show response
rtb.gumgum.com/usync/ Frame A950 4 KB
2 KB 1100ms
30ms Document
text/html 34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 19ca0b773dac02681969e227c40105a83154cb133cd0fedd9af07412be62f15a

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

date: Wed, 19 May 2021 12:09:35 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2; Domain=.gumgum.com; Expires=Thu, 19-May-2022 12:09:35 GMT; Path=/; Secure; SameSite=None
etag: W/"03a171ed6e25b584529208e383dc5a518"
timing-allow-origin: *
content-encoding: gzip

GET
H2

200

cm Show response
us-u.openx.net/w/1.0/ Frame 1AD9
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_c...
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&g...

776 B
811 B

18ms
16ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.207.0 /
Resource Hash: dd072b668015904431b51a4dfbe97e51a1c44f1ae90e2c62018e56476968b44f

Request headers

:method: GET
:authority: us-u.openx.net
:scheme: https
:path: /w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=fb23681d-4ca5-0aee-0054-79249cbce301|1621426174
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=fb23681d-4ca5-0aee-0054-79249cbce301|1621426174; Version=1; Expires=Thu, 19-May-2022 12:09:34 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1621426174|gekin0vNiygu; Version=1; Expires=Thu, 03-Jun-2021 12:09:34 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.207.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 19 May 2021 12:09:34 GMT
content-type: text/html
content-length: 477
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=fb23681d-4ca5-0aee-0054-79249cbce301|1621426174; Version=1; Expires=Thu, 19-May-2022 12:09:34 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.207.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
date: Wed, 19 May 2021 12:09:34 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E183 8 KB
3 KB 67ms
20ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

last-modified: Wed, 21 Oct 2020 18:57:29 GMT
etag: "1300708-1f78-5b232eb4914bb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2654
content-type: text/html; charset=UTF-8
cache-control: max-age=42204
expires: Wed, 19 May 2021 23:52:58 GMT
date: Wed, 19 May 2021 12:09:34 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set merge Show response
ce.lijit.com/ Frame 3B59
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=1&3pid=8413187415359097579&gdpr=1&gdpr_consent=

43 B
1 KB

47ms
19ms

Document
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=1&3pid=8413187415359097579&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_701248_d2057f1d97b94bd0b1f9a98d937ff40a&rand=7670&informer=13420689&type=fpads&loc=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://gslbeacon.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=4324fd5c0dcc26513bae91fe; ctag=512:1621512574|515:1624018174|388:1624018174|520:1624018174|234:1622635774|203:1622635774|205:1621512574|589:1624018174|462:1621512574|561:1624018174|563:1624018174|565:1621512574|185:1621512574|541:1622635774; ljtrtbexp=eJxdzzsSgDAIBNC7pLYIf%2FBqjnfXRBu2fBnYsNegcZIzGbGFHsN9m10slrlTOoO6aYJhPf70KbOWqyr6xPuSkAEXJfyRcFMq2MDYEPfhIv7mSb1kO3oHgTyFPK1ug3lrfe8HBzlO%2Bg%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

Server: nginx
Date: Wed, 19 May 2021 12:09:34 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_1=8413187415359097579;Path=/;Domain=.lijit.com;Expires=Thu, 19-May-2022 12:09:34 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Thu, 19-May-2022 12:09:34 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=4324fd5c0dcc26513bae91fe;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ctag=512:1621512574|515:1624018174|388:1624018174|520:1624018174|234:1622635774|203:1622635774|205:1621512574|589:1624018174|462:1621512574|561:1624018174|563:1624018174|565:1621512574|185:1621512574|541:1622635774;Path=/;Domain=.lijit.com;Expires=Fri, 18-Jun-2021 12:09:34 GMT;Max-Age=2592000;Secure;SameSite=None ljtrtbexp=eJxdzzsSgDAIBNC7pLYIf%2FBqjnfXRBu2fBnYsNegcZIzGbGFHsN9m10slrlTOoO6aYJhPf70KbOWqyr6xPuSkAEXJfyRcFMq2MDYEPfhIv7mSb1kO3oHgTyFPK1ug3lrfe8HBzlO%2Bg%3D%3D;Path=/;Domain=.lijit.com;Expires=Thu, 19-May-2022 12:09:34 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap7ams1

Redirect headers

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=8413187415359097579; Domain=.turn.com; Expires=Mon, 15-Nov-2021 12:09:34 GMT; Path=/; Secure; SameSite=None
location: https://ce.lijit.com/merge?pid=1&3pid=8413187415359097579&gdpr=1&gdpr_consent=
content-length: 0
date: Wed, 19 May 2021 12:09:34 GMT

GET
H2 200 counter.d27508c102582d608697.js Show response
s7.addthis.com/static/ 24 KB
8 KB 17ms
13ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/counter.d27508c102582d608697.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5fd2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Wed, 19 May 2021 12:09:34 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 8265

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 76 B
346 B 331ms
37ms Script
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&callback=_ate.cbs.sc_httpswwwnirsoftnetutilsproductcdkeyviewerhtml0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

58b322b826bfa67a9a4c135d16eea8de1cdbc9156994a69dec89bbde224c109f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: www.nirsoft.net/utils/product_cd_key_viewer.html
last-modified: Wed, 19 May 2021 11:41:16 GMT
server: nginx/1.15.8
date: Wed, 19 May 2021 12:09:34 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 94

GET
DATA 200
OK truncated
/ 564 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da6f3508fdb8c1fdf553e4af5556b585ba5998139afe613d56dc0d88c822bd81

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 2A30 12 B
53 B 46ms
28ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.nirsoft.net&callback=_gfp_s_&client=ca-pub-5286073190998405&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2A30 107 B
122 B 45ms
27ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nirsoft.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2A30 107 B
122 B 30ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nirsoft.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 182A 76 KB
26 KB 1230ms
1227ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=600&slotname=8544847776&adk=1678388160&adf=2695214360&pi=t.ma~as.8544847776&w=160&psa=0&format=160x600&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174381&bpp=1&bdt=219&idt=75&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw&correlator=6912368443707&frm=23&ife=1&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1074269554&ga_fc=1&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=5&ady=613&biw=1600&bih=1200&isw=160&ish=600&ifk=2461446070&scr_x=0&scr_y=0&eid=44743003&oid=3&pvsid=3746620840696278&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6uj1u7xmet5z&fsb=1&dtd=90

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

269a8779864c246a9b4d11e75612398621183901216cf3117ee21fc494971cdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5286073190998405&output=html&h=600&slotname=8544847776&adk=1678388160&adf=2695214360&pi=t.ma~as.8544847776&w=160&psa=0&format=160x600&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174381&bpp=1&bdt=219&idt=75&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw&correlator=6912368443707&frm=23&ife=1&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1074269554&ga_fc=1&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=5&ady=613&biw=1600&bih=1200&isw=160&ish=600&ifk=2461446070&scr_x=0&scr_y=0&eid=44743003&oid=3&pvsid=3746620840696278&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6uj1u7xmet5z&fsb=1&dtd=90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nirsoft.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nirsoft.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 12:09:35 GMT
server: cafe
content-length: 26264
x-xss-protection: 0
set-cookie: IDE=AHWqTUkHtGYd288g6OGyVDLU9iz4ucaMrrH_VY6K4c9HbNplh-ImqaLtlb_buWMCIvo; expires=Mon, 13-Jun-2022 12:09:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 12:09:35 GMT
cache-control: private

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2A30 10 KB
7 KB 44ms
23ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210517&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81ce3df13a172f6134b97f77ca08e81ef50154c6d6d6ce7e8346a00e005c3eb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7594
x-xss-protection: 0

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2A30 73 KB
27 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame 1AD9 43 B
1 KB 96ms
15ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=76&3pid=44618984-0f96-0f14-1d3e-076a802aefae&gdpr=1&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 1AD9
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=898e60a4-ffff-4200-a746-d21324964843

43 B
106 B

17ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=898e60a4-ffff-4200-a746-d21324964843
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.207.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
via: 1.1 google
server: OXGW/16.207.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 19 May 2021 12:09:35 GMT
Server: MT3 3736 915c305 master zrh-pixel-x27
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=898e60a4-ffff-4200-a746-d21324964843
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 12:09:34 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 1AD9
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=UIWtWQDTqghLjf5fB4LhCFGCql5LgPxfA9T6Bf-f

43 B
106 B

23ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=UIWtWQDTqghLjf5fB4LhCFGCql5LgPxfA9T6Bf-f
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.207.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
via: 1.1 google
server: OXGW/16.207.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=UIWtWQDTqghLjf5fB4LhCFGCql5LgPxfA9T6Bf-f
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 1AD9
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7329329192432328946

43 B
106 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7329329192432328946
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.207.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
via: 1.1 google
server: OXGW/16.207.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7329329192432328946
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 1AD9 70 B
264 B 1228ms
32ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=288f5744-e522-3519-5a82-b1ccf89bd0fc&gdpr=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 1AD9 170 B
188 B 48ms
20ms Image
image/png 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MDRlMDg0OGUtMmM1NS02YmJkLTRmNjItZWI3NTMyNzkxZTlj

Requested by

Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 1AD9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIyA0ftgVbHQ3_p6-xFvB7I&google_cver=1

43 B
180 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIyA0ftgVbHQ3_p6-xFvB7I&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.207.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
via: 1.1 google
server: OXGW/16.207.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIyA0ftgVbHQ3_p6-xFvB7I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame D811 38 KB
14 KB 20ms
20ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=83319
expires: Thu, 20 May 2021 11:18:13 GMT
date: Wed, 19 May 2021 12:09:34 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame A125 38 KB
14 KB 23ms
21ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=83319
expires: Thu, 20 May 2021 11:18:13 GMT
date: Wed, 19 May 2021 12:09:34 GMT
vary: Accept-Encoding

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2A30 17 KB
7 KB 38ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame D811 0
42 B 296ms
15ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=62649316&p=137711&s=137812&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:33 GMT
content-length: 0

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame BE95 12 KB
5 KB 16ms
15ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nirsoft.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nirsoft.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 19 May 2021 12:07:24 GMT
expires: Thu, 19 May 2022 12:07:24 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 130
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 NEBu3pajZdeXNrzBMTKKpDrnjihkyh5N8uMAWlauysY.js Show response
pagead2.googlesyndication.com/bg/ Frame BE95 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NEBu3pajZdeXNrzBMTKKpDrnjihkyh5N8uMAWlauysY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34406ede96a365d79736bcc131328aa43ae78e2864ca1e4df2e3005a56aecac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 09:43:50 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 8744
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5770
x-xss-protection: 0
expires: Thu, 19 May 2022 09:43:50 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2A30 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210517&jk=3746620840696278&bg=!QkGlQQXNAAZ7hX_Ue4U7ACkAdvg8WiX7jMGPPCWOAg2M0R0i-92gRG8fgmuQlJQn2Tf8djNVu1DsIQIAAABjUgAAAAloAQeZAm0Pvq22nLKuGxKTp3-lWADcjTW1B51GxUqtl77JLbk9PvPBnLyqkqGFgNElHswgXYW9XYu-Y3Gb9yMOJKsXgW0Y0p9yU43QdT0xQX-p--t9in1GyUh3k80-Y_73qKveU-vI0yqmO26_OGNWhwEpBBG9bZjr4U7uRzxCtfhAe2e_K3ZEvhlyKqOuBt3xK_KlsDxRw2vODUYmt9dNg14yciUdKXjLWxDyKuL5SLX-9bfJBRnB_DpjZVjEomSBAvy-U9z2bjr_7AJMJct4TqbmhcxgTP4bmffifGeByxKrpPAgxUEFhnDLSJYEEW6a-aq9VoshfgmMZgA618SFmApSSdqLKym8wLVFXFJH2U94jlv742aLjGvn-u6-OjAwyzXZOf4y6PEoVyUJmdoNXrtbdPak1QgzAgwyRAQDRS_jFj7_dmJi6aEhwxSE-fVQlxKkWPsSEO4_x8lK-iRtzW2-nyyXkpDbfcXTI8qz75FcnxgYppTF2_aqSrju2dCCHh52fLYaA982M4Jztdw0aZcZQ2HHcGPjAh2K3HKq4kKV_eLhAgaLpoxSzssIDqR7-gJa5_CcN_lJA6dc6d_LfDUUSUb78UtKxQ9QtOzOGznlGHOoZHF1_sNKYNl3pGUlKKYEik3y96ivKeyIH-CW7MyhnYnBp1y_cpPEk_EO-Iw0s9Bqdc9W_anMbZ4ABywb6UOPuhKOZ1HV3-v6iKAgt61i4goPJU3eS7a0f6jSxhHv58aAdePqkfWpoMzLFTw4n80LrWuNwkYAozOkchPQmRTq6L8KGzTse-QGzgYJvyF4SpSgz876008AsmhwSy5Cu8c

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 638B 3 KB
674 B 21ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=90&slotname=3603023613&adk=1349428559&adf=3481616681&pi=t.ma~as.3603023613&w=728&lmt=1621426174&psa=0&format=728x90&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174144&bpp=9&bdt=133&idt=111&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6912368443707&frm=20&pv=2&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=TPX4DPNAlh&p=https%3A//www.nirsoft.net&dtd=132

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 May 2021 11:20:45 GMT
server: ESF
date: Wed, 19 May 2021 12:09:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 638B 1 KB
909 B 19ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:02:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 406
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 12:02:48 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 638B 17 KB
7 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 11:59:52 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 638B 2 KB
1 KB 17ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 12:08:38 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 638B 118 KB
36 KB 20ms
16ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 12:09:34 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 638B 13 KB
6 KB 18ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 12:08:29 GMT

GET
H2 200 6bd41964be010df5460da51c4a6824b5.js Show response
www.gstatic.com/mysidia/ Frame 638B 25 KB
10 KB 15ms
10ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6bd41964be010df5460da51c4a6824b5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00535b5b597302e2749d3c2671f53ac61d0ba3b3e1a6624e6235ce18811b514b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 12:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 14 May 2021 23:56:38 GMT
server: sffe
age: 85150
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10390
x-xss-protection: 0
expires: Mon, 16 Aug 2021 12:30:24 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10821392584666589115/ Frame 638B 3 KB
3 KB 18ms
13ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10821392584666589115/downsize_200k_v1?w=100&h=100

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e68a2c9d1fe7d6309da6cd320a5caa728d2e3e6476518bf2ee25e55a3c165a48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 01:43:49 GMT
x-content-type-options: nosniff
age: 123945
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2994
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 11:33:53 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 May 2022 01:43:49 GMT

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 638B 0
0 17ms
16ms Fetch
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CTNMS_v-kYNmbEsbd7gO4z5mYD8XUm8xiz_q1uZUKkKizuKEPEAEgi4vkCmCVAqAByLGpzQPIAQGoAwGqBPkBT9BaGEXXDOzykVloYU7kzt8E_TMgA3OWRL6W008jjwqhRuMyzU6fjBRd2gv0GqyJwruK-VWbYsWSl_3_GwDKQ7YX8mvmj0sudMcBLMXOHfYWWII9w5FDWEWFBlH6LKCaPTc5z7gdkp_dFmrrcmnWMqPX8EwPbVHAyM2qP6Gof799lhfPsXaJzgMb7WC43emG7_K4XLZ6oaUD54YzqLw-2kN1Muqlddn3eITOvGIJKsu5rugHXhTVU5K28ISWLEteQB1KFGK1GtxBpjAl3yedDoejwrRC2-PYxukneMWLwrdfC1HHk_EofTCkiBHewGRRuJtUH9pQNLbNwASQ-5ux5wGSBQQIBBgBkgUECAUYBIAH5OriNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDk0FjSCAkIgOGAEBABGB-ACgHICwHYEwyIFAzQFQGAFwGyFxoKGAgAEhRwdWItNTI4NjA3MzE5MDk5ODQwNQ&sigh=48phVsR0UAI&template_id=5001

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=90&slotname=3603023613&adk=1349428559&adf=3481616681&pi=t.ma~as.3603023613&w=728&lmt=1621426174&psa=0&format=728x90&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174144&bpp=9&bdt=133&idt=111&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6912368443707&frm=20&pv=2&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=TPX4DPNAlh&p=https%3A//www.nirsoft.net&dtd=132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 12:09:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 19 May 2021 12:09:35 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5864 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=90&slotname=3603023613&adk=1349428559&adf=3481616681&pi=t.ma~as.3603023613&w=728&lmt=1621426174&psa=0&format=728x90&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174144&bpp=9&bdt=133&idt=111&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6912368443707&frm=20&pv=2&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=TPX4DPNAlh&p=https%3A//www.nirsoft.net&dtd=132
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=90&slotname=3603023613&adk=1349428559&adf=3481616681&pi=t.ma~as.3603023613&w=728&lmt=1621426174&psa=0&format=728x90&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174144&bpp=9&bdt=133&idt=111&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=6912368443707&frm=20&pv=2&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1984376513&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C31061139%2C44743003&oid=3&pvsid=389572739835390&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=TPX4DPNAlh&p=https%3A//www.nirsoft.net&dtd=132

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 11:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 745
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 638B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 593fd0fd560f0d7c54fff666cffce6849bbdee98c94b66e7d9a10fa62f513b6f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 638B 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 266757
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Mon, 16 May 2022 10:03:38 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 638B 21 KB
21 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 10:13:27 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 438968
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Sat, 14 May 2022 10:13:27 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5864
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

40ms
39ms

Document
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 12:09:35 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 19-May-2021 13:09:35 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 12:09:35 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 May 2021 12:09:35 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

usersync
rtb.gumgum.com/ Frame A950
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dapn%26i%3D%24UID
https://rtb.gumgum.com/usersync?b=apn&i=7078442183692558899

35 B
237 B

36ms
36ms

Image
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=7078442183692558899
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:38 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.53:80
AN-X-Request-Uuid: 3ed03dfa-215b-4716-b66a-a2da4478b5e7
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=7078442183692558899
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame A950 43 B
145 B 2060ms
20ms Image
image/gif 35.156.19.236
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.19.236 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:37 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame A950
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2&obuid=ENC(ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://sync.search.spotxchange.com/partner?adv_id=8862&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dspotx%26uid%3D%24SPOTX_USER_ID%26obUid%3DruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7...
https://sync.search.spotxchange.com/partner?adv_id=8862&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dspotx%26uid%3D%24SPOTX_USER_ID%26obUid%3DruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7...
https://sync.outbrain.com/cookie-sync?p=spotx&uid=14d6fd8f-b89b-11eb-a14c-1fd522ee0206&obUid=ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6

0
307 B

88ms
88ms

Image
text/plain

64.202.112.95
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=spotx&uid=14d6fd8f-b89b-11eb-a14c-1fd522ee0206&obUid=ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:37 GMT
Cache-Control: no-cache
X-TraceId: 5a00b733608530c5c8bd12e7fa047a4
Content-Length: 0

Redirect headers

Date: Wed, 19 May 2021 12:09:37 GMT
Server: nginx
Location: https://sync.outbrain.com/cookie-sync?p=spotx&uid=14d6fd8f-b89b-11eb-a14c-1fd522ee0206&obUid=ruuyNT-N2jMTI00ibctTjd47piYARISS4WMWFQBek7DF0OEJcQV0TiBD_jBhbmU6
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 5
Connection: keep-alive
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame A950
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=51394ab1-f15d-4300-8c50-fb3fde54c0b2

35 B
237 B

35ms
35ms

Image
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=51394ab1-f15d-4300-8c50-fb3fde54c0b2
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Wed, 19 May 2021 12:09:35 GMT
content-encoding: gzip
server: OXGW/16.207.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=51394ab1-f15d-4300-8c50-fb3fde54c0b2
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H/1.1 200
OK sync
sync.srv.stackadapt.com/ Frame A950 43 B
168 B 1416ms
98ms Image
image/gif 3.225.15.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.225.15.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 12:09:36 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

usersync
rtb.gumgum.com/ Frame A950
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-uMzaZIlE2pel2Rb44lkrAn7w5gLoh__u1aYJ~A

35 B
237 B

37ms
37ms

Image
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-uMzaZIlE2pel2Rb44lkrAn7w5gLoh__u1aYJ~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Wed, 19 May 2021 12:09:35 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-uMzaZIlE2pel2Rb44lkrAn7w5gLoh__u1aYJ~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame A950
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
https://rtb.gumgum.com/usersync?b=vnt&i=148627fb-b89b-11eb-92e7-734c6cb84090

35 B
237 B

36ms
35ms

Image
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=148627fb-b89b-11eb-92e7-734c6cb84090
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:36 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=148627fb-b89b-11eb-92e7-734c6cb84090
Date: Wed, 19 May 2021 12:09:36 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 148627fc-b89b-11eb-92e7-734c6cb84090

GET
H2 204 services
sync.technoratimedia.com/ Frame A950 0
294 B 1310ms
99ms Image
text/plain 193.122.174.27
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 193.122.174.27 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:36 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 286950957
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame A950 0
44 B 3355ms
110ms Image
text/plain 38.91.45.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 38.91.45.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:38 GMT
content-length: 0
server: b

GET
H2

200

usersync
rtb.gumgum.com/ Frame A950
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2&gdpr=1&gdpr_consent=&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

35 B
237 B

32ms
32ms

Image
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Pragma: no-cache
Date: Wed, 19 May 2021 12:09:38 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 78
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame A950
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=05ba9473-50a8-4678-a5dd-2dbd8f110e08

35 B
237 B

36ms
36ms

Image
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=05ba9473-50a8-4678-a5dd-2dbd8f110e08
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=05ba9473-50a8-4678-a5dd-2dbd8f110e08
date: Wed, 19 May 2021 12:09:38 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame A950
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8127210047
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8127210047
https://sync.1rx.io/usersync/tradedesk/06b72f3a-af4f-4122-8ef8-6bc29cff2b2a
https://sync.targeting.unrulymedia.com/csync/RX-7aaf6308-0882-4d4c-a326-7af1cbf7abfc-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-7aaf6308-0882-4d4c-a326-7af1cbf7abfc-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-7aaf6308-0882-4d4c-a326-7af1cbf7abfc-003

35 B
237 B

40ms
39ms

Image
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-7aaf6308-0882-4d4c-a326-7af1cbf7abfc-003
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:36 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-7aaf6308-0882-4d4c-a326-7af1cbf7abfc-003
date: Wed, 19 May 2021 12:09:36 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX7aaf630808824d4ca3267af1cbf7abfc003
content-type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame A950
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=yVpeQ2eO9kSX&ev=1&pid=558355

35 B
237 B

41ms
41ms

Image
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=yVpeQ2eO9kSX&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=yVpeQ2eO9kSX&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7c488d4f5b-mm74z
expires: -1

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame A950 43 B
1 KB 16ms
16ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=36&3pid=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 12:09:36 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 61B5
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=b1cd60a4-ffff-4d00-9cb1-00622f2d6664&gdpr=1&gdpr_consent=

35 B
237 B

37ms
37ms

Document
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=b1cd60a4-ffff-4d00-9cb1-00622f2d6664&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=b1cd60a4-ffff-4d00-9cb1-00622f2d6664&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Wed, 19 May 2021 12:09:35 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Wed, 19 May 2021 12:09:35 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3736 915c305 master zrh-pixel-x4
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: uuid=b1cd60a4-ffff-4d00-9cb1-00622f2d6664; domain=.mathtag.com; path=/; expires=Thu, 16-Jun-2022 12:09:35 GMT; SameSite=None; Secure
location: https://rtb.gumgum.com/usersync?b=mmh&i=b1cd60a4-ffff-4d00-9cb1-00622f2d6664&gdpr=1&gdpr_consent=
Expires: Wed, 19 May 2021 12:09:34 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame CA4D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YKUAAgABI1XlZQA4
https://rtb.gumgum.com/usersync?b=atm&i=YKUAAgABI1XlZQA4&gdpr=1&gdpr_consent=&_test=YKUAAgABI1XlZQA4

35 B
237 B

36ms
36ms

Document
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YKUAAgABI1XlZQA4&gdpr=1&gdpr_consent=&_test=YKUAAgABI1XlZQA4
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YKUAAgABI1XlZQA4&gdpr=1&gdpr_consent=&_test=YKUAAgABI1XlZQA4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Wed, 19 May 2021 12:09:38 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YKUAAgABI1XlZQA4&gdpr=1&gdpr_consent=&_test=YKUAAgABI1XlZQA4
accept-ranges: bytes
date: Wed, 19 May 2021 12:09:38 GMT
via: 1.1 varnish
x-served-by: cache-fra19141-FRA
x-cache: HIT
x-cache-hits: 0
x-timer: S1621426179.694248,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H2 200 pixel Show response
cm.g.doubleclick.net/ Frame 334C 170 B
232 B 20ms
19ms Document
image/png 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV81ZTRjMjM2Yy02NmRjLTQ5ZGEtODJkYS00OWQ1ZjdiMWNhZjI=&gdpr=1&gdpr_consent=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV81ZTRjMjM2Yy02NmRjLTQ5ZGEtODJkYS00OWQ1ZjdiMWNhZjI=&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Wed, 19 May 2021 12:09:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame A1AE 8 KB
3 KB 22ms
19ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

last-modified: Wed, 21 Oct 2020 18:57:29 GMT
etag: "1300708-1f78-5b232eb4914bb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2654
content-type: text/html; charset=UTF-8
cache-control: max-age=42203
expires: Wed, 19 May 2021 23:52:58 GMT
date: Wed, 19 May 2021 12:09:35 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 49BD 0
0 1336ms
111ms Document
text/plain 67.202.110.24
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip24.67-202-110.static.steadfastdns.net
Software: 33XP002 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP002
date: Wed, 19 May 2021 12:09:36 GMT

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame F57B 70 B
264 B 191ms
31ms Document
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

:method: GET
:authority: match.adsrvr.org
:scheme: https
:path: /track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Wed, 19 May 2021 12:09:35 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame 0CED 0
0 1109ms
20ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: text/html
date: Wed, 19 May 2021 12:09:36 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 9E34
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YKUAAcCo8YwAAM0majcAAAAA

35 B
237 B

37ms
36ms

Document
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YKUAAcCo8YwAAM0majcAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YKUAAcCo8YwAAM0majcAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Wed, 19 May 2021 12:09:37 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Wed, 19 May 2021 12:09:37 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YKUAAcCo8YwAAM0majcAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 2
X-SO-HostName: a-ad40167.dc2p.scaleout.jp
X-SO-LB-Hostname: m-tgng40.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":5,"gdpr":true,"ipv4":"0.0.0.0","key":"YKUAAcCo8YwAAM0majcAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40167"}
X-SO-Key: YKUAAcCo8YwAAM0majcAAAAA
X-SO-IP: 89.249.64.171
X-SO-Cluster-ID: 5
X-SO-Upstream-ID: a-ad40167

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 24CE
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=1870471595250424766

35 B
237 B

36ms
36ms

Document
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=1870471595250424766
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=1870471595250424766
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Wed, 19 May 2021 12:09:35 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Wed, 19 May 2021 12:09:35 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNrQwNzAxNzS1NDUyNTAxMjE3MxPiM9QtyfIztAzVNSs3C0yX4jU0MzI0MTIzNDc1NTAGABi7n_A0AAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 13 Jun 2022 12:09:35 GMT; Secure; SameSite=None eud=H4sIAAAAAAAAADvEyGtoZmRoYmRmaG5qamC8SgyZb2wAAG7vQ2ogAAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 13 Jun 2022 12:09:35 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzAxNzS1NDUyNTAxMjE3MxPiM9QtyfIztAzVNSs3C0wHAKXfDbMlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=1870471595250424766
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame ED14
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=s5gv8dSRuDifP8bOQjqp&pi=gumgum&tc=1

35 B
237 B

39ms
37ms

Document
image/gif

34.254.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=s5gv8dSRuDifP8bOQjqp&pi=gumgum&tc=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=s5gv8dSRuDifP8bOQjqp&pi=gumgum&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_5e4c236c-66dc-49da-82da-49d5f7b1caf2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Wed, 19 May 2021 12:09:35 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Wed, 19 May 2021 12:09:35 GMT Wed, 19 May 2021 12:09:35 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=s5gv8dSRuDifP8bOQjqp&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 77FE 38 KB
14 KB 20ms
20ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=83318
expires: Thu, 20 May 2021 11:18:13 GMT
date: Wed, 19 May 2021 12:09:35 GMT
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 77FE 0
39 B 15ms
14ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=3828069&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:35 GMT
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 182A 3 KB
674 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=600&slotname=8544847776&adk=1678388160&adf=2695214360&pi=t.ma~as.8544847776&w=160&psa=0&format=160x600&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174381&bpp=1&bdt=219&idt=75&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw&correlator=6912368443707&frm=23&ife=1&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1074269554&ga_fc=1&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=5&ady=613&biw=1600&bih=1200&isw=160&ish=600&ifk=2461446070&scr_x=0&scr_y=0&eid=44743003&oid=3&pvsid=3746620840696278&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6uj1u7xmet5z&fsb=1&dtd=90

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 May 2021 11:56:11 GMT
server: ESF
date: Wed, 19 May 2021 12:09:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 May 2021 12:09:35 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 182A 1 KB
990 B 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:02:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 407
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 12:02:48 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 182A 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 11:59:52 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15469173769324967581/ Frame 182A 3 KB
3 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15469173769324967581/downsize_200k_v1?w=195&h=102

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1412c2fef75f61e29305e68482a4d565b834006dfd655dda5000404beca1e53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 06:56:59 GMT
x-content-type-options: nosniff
age: 18756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3203
x-xss-protection: 0
last-modified: Tue, 04 May 2021 14:40:14 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 06:56:59 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13211803395764006803/ Frame 182A 2 KB
2 KB 8ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13211803395764006803/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac9ee46ff72f243d6584beb116fe5d4037c966c64822aa7563195b7c74eed3bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:45:59 GMT
x-content-type-options: nosniff
age: 167016
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1706
x-xss-protection: 0
last-modified: Tue, 20 Apr 2021 10:29:28 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 May 2022 13:45:59 GMT

GET
DATA 200
OK truncated
/ Frame 182A 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e200d64dc3343c48c5d3ef7d0bf5f8e94d380919cae192351191e171b254a8d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 182A 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 12:08:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 182A 118 KB
36 KB 38ms
16ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 12:09:35 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 182A 13 KB
6 KB 37ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 12:08:29 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 182A 0
0 59ms
23ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRcARkJ3qJ4n_GGLvgD-KnlP5Is0d-Wn8lXg9bMP0QjfJA3b2uK_8Vmi-FVTcC-1LyFYPzBv8-BuUY3AKQ8arfl87GnrQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=600&slotname=8544847776&adk=1678388160&adf=2695214360&pi=t.ma~as.8544847776&w=160&psa=0&format=160x600&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174381&bpp=1&bdt=219&idt=75&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw&correlator=6912368443707&frm=23&ife=1&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1074269554&ga_fc=1&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=5&ady=613&biw=1600&bih=1200&isw=160&ish=600&ifk=2461446070&scr_x=0&scr_y=0&eid=44743003&oid=3&pvsid=3746620840696278&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6uj1u7xmet5z&fsb=1&dtd=90
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 6bd41964be010df5460da51c4a6824b5.js Show response
www.gstatic.com/mysidia/ Frame 182A 25 KB
10 KB 31ms
14ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6bd41964be010df5460da51c4a6824b5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00535b5b597302e2749d3c2671f53ac61d0ba3b3e1a6624e6235ce18811b514b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 12:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 14 May 2021 23:56:38 GMT
server: sffe
age: 85151
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10390
x-xss-protection: 0
expires: Mon, 16 Aug 2021 12:30:24 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 182A 0
0 94ms
77ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C9tgj_v-kYIScHs74gQem45rICMaH3eZi06KikewN3__o9bkjEAEgi4vkCmCVAqAB0ciBigPIAQmpAqLxzc6bgbQ-qAMByAPLBKoE9QFP0LkUwwuvhcCJ6SmZ9IAIZiDBos8LarSPQdQ1qvSp3cYrYOpX7I9fsSUoTlTUE91ht1AM-_nEyyqko8n10E5Isp-RDkr7g5K2QzkCJc8S9Bif-Q3mdHokw7zWYvYaUZKpN2UrrEORonUHdP767GiXpdqv7TIf9kTlh0ciDbQ2VgujOsi2ZugyVBSiq3ziMIw0v8dhSJR_qS8LtRvi49FV7z0r7Dt-4N7DKkbu3AdJ_-hE3tPsgk9Tx3KeZBJUOPYfZbtSmudxpvhCzP9ls3uGMU1IPpmiUcYcJRl_YVwSpXfOk7xd1vJ4yFJvBoYocU4mjzmgisAEzLCstcEDoAYugAeXt_51qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEOiuGNIICQiA4YAQEAEYH4AKAcgLAbgTiCfYEwOIFALQFQGYFgGAFwGyFxoKGAgAEhRwdWItNTI4NjA3MzE5MDk5ODQwNQ&sigh=ekXVXhG0XRQ&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=600&slotname=8544847776&adk=1678388160&adf=2695214360&pi=t.ma~as.8544847776&w=160&psa=0&format=160x600&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174381&bpp=1&bdt=219&idt=75&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw&correlator=6912368443707&frm=23&ife=1&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1074269554&ga_fc=1&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=5&ady=613&biw=1600&bih=1200&isw=160&ish=600&ifk=2461446070&scr_x=0&scr_y=0&eid=44743003&oid=3&pvsid=3746620840696278&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6uj1u7xmet5z&fsb=1&dtd=90
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 12:09:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C73F 1 KB
864 B 11ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 06:38:34 GMT
expires: Thu, 20 May 2021 06:38:34 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 19861
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 182A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 105ada5700efd95efc42ad326435b30975cfc577e96d6e2b37394e40e5ce0922

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 182A 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 266757
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Mon, 16 May 2022 10:03:38 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 182A 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 10:13:27 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 438968
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Sat, 14 May 2022 10:13:27 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame C73F 35 B
463 B 18ms
10ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHTERc_JYl6SW5my6f9yyBE&google_cver=1&google_push=AQvitULjs1EjMVIemYNgUEmq6vKkVZtOuuJJTYhdsliSEKi18DthHXpcIL49C6fU4G3huezZOgO2s0R3zLHAkpq2-5AG5q69INng0g

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C73F
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEBdzpDHXhuQrOd26fcuWAJM&google_cver=1&google_push=AQvitUIAmDwqexsgb9Qs9WWujizCjqtzDLpylE1KXIPRXZFYVMh_Z4Rcrb1EBKbXKJExgY5KWwkA_75Iak9u2eWaAnwWPxsTvxXpcg
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIAmDwqexsgb9Qs9WWujizCjqtzDLpylE1KXIPRXZFYVMh_Z4Rcrb1EBKbXKJExgY5KWwkA_75Iak9u2eWaAnwWPxsTvxXpcg&google_hm=eVJk_XDOwngNX6dlxR37Tg==

170 B
188 B

18ms
16ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIAmDwqexsgb9Qs9WWujizCjqtzDLpylE1KXIPRXZFYVMh_Z4Rcrb1EBKbXKJExgY5KWwkA_75Iak9u2eWaAnwWPxsTvxXpcg&google_hm=eVJk_XDOwngNX6dlxR37Tg==

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:37 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIAmDwqexsgb9Qs9WWujizCjqtzDLpylE1KXIPRXZFYVMh_Z4Rcrb1EBKbXKJExgY5KWwkA_75Iak9u2eWaAnwWPxsTvxXpcg&google_hm=eVJk_XDOwngNX6dlxR37Tg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: ls71j1ah5bd5djahl7r478a2blmslede

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C73F
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=knn9brttQTmr9AL_t942Fw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

23ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=knn9brttQTmr9AL_t942Fw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKMpDiajWAb9kI0QAoJGFLhTrIbqKqA51GcpXewzJTApdLOYj0sscn0Vuf_zlMx-wWyvnooLchbzJ7-XZvhmhyQbNJT68U6Dg

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=knn9brttQTmr9AL_t942Fw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKMpDiajWAb9kI0QAoJGFLhTrIbqKqA51GcpXewzJTApdLOYj0sscn0Vuf_zlMx-wWyvnooLchbzJ7-XZvhmhyQbNJT68U6Dg
date: Wed, 19 May 2021 12:09:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C73F
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELdnyaNhNsKG9C48f6gZ69s&google_cver=1&google_push=AQvitUIK7oofMeZaKfDF959Rv01Pqzt3Pgvs6TIKOPZGVwKqSX7VoP5AirGKEmk9edBT3qYOYmp...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09WRkE2SVUtWi1BTFhV&google_push=AQvitUIK7oofMeZaKfDF959Rv01Pqzt3Pgvs6TIKOPZGVwKqSX7VoP5AirGKEmk9edBT3qYOYmpw7TgAhaHiCsWTbgXZNNDnQlCtEw

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09WRkE2SVUtWi1BTFhV&google_push=AQvitUIK7oofMeZaKfDF959Rv01Pqzt3Pgvs6TIKOPZGVwKqSX7VoP5AirGKEmk9edBT3qYOYmpw7TgAhaHiCsWTbgXZNNDnQlCtEw

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09WRkE2SVUtWi1BTFhV&google_push=AQvitUIK7oofMeZaKfDF959Rv01Pqzt3Pgvs6TIKOPZGVwKqSX7VoP5AirGKEmk9edBT3qYOYmpw7TgAhaHiCsWTbgXZNNDnQlCtEw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame C73F
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame C73F 43 B
295 B 73ms
22ms Image
image/gif 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEEj_2VFEddXkKGUpwwS6PDs&google_cver=1&google_push=AQvitUKSJWSECClsSAq9HReQfczuBEzsHkKWHlmIgN4p-vEHoaDoW42QVZKiAhPZFgVjNTgqsSYMQ2UMMkY7jxUf2-j9jY-D0O4VjA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=600&slotname=8544847776&adk=1678388160&adf=2695214360&pi=t.ma~as.8544847776&w=160&psa=0&format=160x600&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174381&bpp=1&bdt=219&idt=75&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw&correlator=6912368443707&frm=23&ife=1&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1074269554&ga_fc=1&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=5&ady=613&biw=1600&bih=1200&isw=160&ish=600&ifk=2461446070&scr_x=0&scr_y=0&eid=44743003&oid=3&pvsid=3746620840696278&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6uj1u7xmet5z&fsb=1&dtd=90
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:35 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C73F
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEGpfc9IOSo1HGZRZkmVrgOw&google_cver=1&google_push=AQvitUKcb10V_9jSr3c3Vhw1...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKcb10V_9jSr3c3Vhw1n1t1N9fAMOcGXwt3wTeTcCHH4DL17ja9pDlT1LoqmoeBCyZtNgBlVsKei8ocZCXNJzqkicTkYhqR0h0&google_hm=

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKcb10V_9jSr3c3Vhw1n1t1N9fAMOcGXwt3wTeTcCHH4DL17ja9pDlT1LoqmoeBCyZtNgBlVsKei8ocZCXNJzqkicTkYhqR0h0&google_hm=

Requested by

Host: www.nirsoft.net
URL: https://www.nirsoft.net/utils/product_cd_key_viewer.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:37 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKcb10V_9jSr3c3Vhw1n1t1N9fAMOcGXwt3wTeTcCHH4DL17ja9pDlT1LoqmoeBCyZtNgBlVsKei8ocZCXNJzqkicTkYhqR0h0&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 18 May 2021 12:09:37 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame C73F 0
12 B 26ms
20ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JXEqj7neb24gN8xeqxgaI40pXKjjHcwxiGnmibOflZH7VEmp5Y-jZGc6GSvOgomZSg0BbRDw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:35 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 NEBu3pajZdeXNrzBMTKKpDrnjihkyh5N8uMAWlauysY.js Show response
pagead2.googlesyndication.com/bg/ Frame 9998 14 KB
6 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NEBu3pajZdeXNrzBMTKKpDrnjihkyh5N8uMAWlauysY.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34406ede96a365d79736bcc131328aa43ae78e2864ca1e4df2e3005a56aecac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 09:43:50 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 8745
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5770
x-xss-protection: 0
expires: Thu, 19 May 2022 09:43:50 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 638B 42 B
64 B 21ms
20ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuvgjZQACWqyDYiNFLKDX-DyDs5-T1XKYjsYvFx2rjQw6KU2VuryN7jBPOfd0ehu1CpWMz9_re7B2v7hBpi_i7cxOxzH1dE1NZiasqWFu7oQcm_o6u-x_8_q6R6xg&sai=AMfl-YTKxWvfN6Sg3A86ulL9TLss8UTavx2T0zPFikRiMkt2Vh7eDrC3JmllvvU6LSoL8zDhSezIgIJseHeF&sig=Cg0ArKJSzIG9Jtzg0YLsEAE&id=lidar2&mcvt=1000&p=10,311,100,1039&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=1349428559&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621426174279&dlt=610&rpt=82&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 182A 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CBTbY_v-kYIScHs74gQem45rICMaH3eZi06KikewN3__o9bkjEAEgi4vkCmCVAqAB0ciBigPIAQmpAqLxzc6bgbQ-qAMBqgT1AU_QuRTDC6-FwInpKZn0gAhmIMGizwtqtI9B1DWq9Kndxitg6lfsj1-xJShOVNQT3WG3UAz7-cTLKqSjyfXQTkiyn5EOSvuDkrZDOQIlzxL0GJ_5DeZ0eiTDvNZi9hpRkqk3ZSusQ5GidQd0_vrsaJel2q_tMh_2ROWHRyINtDZWC6M6yLZm6DJUFKKrfOIwjDS_x2FIlH-pLwu1G-Lj0VXvPSvsO37g3sMqRu7cB0n_6ETe0-yCT1PHcp5kElQ49h9lu1Ka53Gm-ELM_2Wze4YxTUg-maJRxhwlGX9hXBKld86TvF3W8njIUm8GhihxTiaPOaCKwATMsKy1wQOgBi6AB5e3_nWoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ6K4Y0ggJCIDhgBAQARgfgAoByAsBuBOIJ9gTA4gUAtAVAZgWAYAXAbIXGgoYCAASFHB1Yi01Mjg2MDczMTkwOTk4NDA1&sigh=gsAZJvcX63E&vt=1&template_id=5000

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5286073190998405&output=html&h=600&slotname=8544847776&adk=1678388160&adf=2695214360&pi=t.ma~as.8544847776&w=160&psa=0&format=160x600&url=https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fproduct_cd_key_viewer.html&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621426174381&bpp=1&bdt=219&idt=75&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3Daa26246d15970c2a-224b6fc746c80000%3AT%3D1621426174%3ART%3D1621426174%3AS%3DALNI_MZ-iOCd0Gls5Vf-yXNSYgvYl-izmw&correlator=6912368443707&frm=23&ife=1&pv=1&ga_vid=480711802.1621426174&ga_sid=1621426174&ga_hid=1074269554&ga_fc=1&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=5&ady=613&biw=1600&bih=1200&isw=160&ish=600&ifk=2461446070&scr_x=0&scr_y=0&eid=44743003&oid=3&pvsid=3746620840696278&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6uj1u7xmet5z&fsb=1&dtd=90
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 12:09:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 182A 42 B
64 B 24ms
23ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstf1MdgL_POV9_AQh3VFh7vnpYDDSj7C59dEQfND5BQHEZ2-trwxcqlKJBbmfrV0KcvOWVU3i_-u7G-0m0NRlSI4HW3hN2Uj4KsMvlCpZi96fWplBHOTrog80nIRFvHT7N5GEDgItZHeP5_MZgt7znN&sai=AMfl-YSKnfVBhs9iror-1UGspAB5FYKVNmue7rMvUmAkaX_3bdvkUGABMYw0TfZBqDbhps4T0cf9s3XAxu8Pea1WuBS7FnBXMlxJJMa8KkVPUnmwo9oZclOJQCLQJVyk&sig=Cg0ArKJSzKy0LN7yPTpiEAE&cid=CAASF-RoqCN-RGBYTCXsiG2-JjGnZX7YqUnd&id=lidar2&mcvt=1001&p=0,0,600,160&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=22&adk=1678388160&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621426174474&dlt=1236&rpt=42&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame A125 38 KB
14 KB 24ms
24ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=9279FD6E-BB6D-4139-ABF4-02FFB7DE3617; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=83316
expires: Thu, 20 May 2021 11:18:13 GMT
date: Wed, 19 May 2021 12:09:37 GMT
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A125 0
39 B 16ms
14ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=88114358&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:37 GMT
content-length: 0

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
7 KB 22ms
22ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210517&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ce35a8e0c4eb361827d38530f40799fc382b3a54cddea1bf176907f304ff4d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 12:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7561
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 12:09:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 19 May 2021 12:09:39 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 2F40 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nirsoft.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nirsoft.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 19 May 2021 12:07:24 GMT
expires: Thu, 19 May 2022 12:07:24 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 135
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D637 783 B
533 B 15ms
15ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

887de6bf7da4aa1c756dfb4c9e7190d2302394fe90dfc1efb853a0cc6dc598e3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2ZA7eGe+hERffCMWM6DYfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nirsoft.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.nirsoft.net/

Response headers

expires: Wed, 19 May 2021 12:09:39 GMT
date: Wed, 19 May 2021 12:09:39 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-2ZA7eGe+hERffCMWM6DYfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 NEBu3pajZdeXNrzBMTKKpDrnjihkyh5N8uMAWlauysY.js Show response
pagead2.googlesyndication.com/bg/ Frame 2F40 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NEBu3pajZdeXNrzBMTKKpDrnjihkyh5N8uMAWlauysY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34406ede96a365d79736bcc131328aa43ae78e2864ca1e4df2e3005a56aecac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 09:43:50 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 8749
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5770
x-xss-protection: 0
expires: Thu, 19 May 2022 09:43:50 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 15ms
15ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210517&jk=389572739835390&bg=!r6ylrOjNAAZ7hX_Ue4U7ACkAdvg8WnrpdEFVSfNjQRWcsrY0fdmXqZlCPWTqLbNoCDTG4CbjBnMtGQIAAAA_UgAAAAtoAQcKAT45kM9eaNQ1cXP65D5gYNytxpNNBXiiet8v5hrd0QrbIYmtPdfBZn_9zTrzQoaJAvL-G9SS6Vkbv9iVnWAisnlc99a3_fqN0ZWZ1WcUeCYukJVgSVcbpFmDs2ZPJNjm-qbpUp8Cb-KXDP3UvedgSIn7KUPd6PtTWvnL-5EgQixqNcz1ji7SCXonZyEYyFVQXKstLR9FcNZBOLyadJIPbT3vEhPlZskBF5GQjgQOGWb4VrjzXdLiSlIE7uUTNRjBHTg9lcGNW-VuPSRS1LhJ5kzE7fWEj7St22_5rQOVM9dm6zGoX7DSqwjk6GRjvgdtFQ_59MBoa88C3BLrOvHiCuR455J_hRdKdyAB9fVTIGSSsjDkg5mYd2N-R01DqRjzH-G0iOChR47rXJs4ZQ7JdK677OsIJk6PDwJ3yiK7wo2ZAjJhsm9JiIEo5DgCdy4y0glv_MionJZYkQlMRoNI7_KGHzbxff7s1xhy0nsuty7ZvMFsHcrC8flup3J1gY14faa7hpryA5qmEzEJQB1LD-7VH9OJqgVyHjyIVWN4iE8_HkDX6yScBP_e58yzXonfp9AQLP3t2I3bEWdFL8qVpz7Z_eYiUji41FvPcm7WdX5KrolA5cz0bZJnXwHZQZljLpJklsf7LUFecEBk_YHrmiL1dSuMgrME7gSZy-fxrWfVGFQXOFnBTWKBzQVm0wVh2DFxpEulWa6zWoPO6A-oMIDdudqkUlBYq3DFLk47FOjtikXLy3fu59dGu1zc0mJB7KXLDsM_h4v3_j8jD2XuwZDtwUEXZbXbjgRHjU2rVhUTGSiis7CJ_CmKAsWRZVN9jWsne3fa-0OXMj8R3XzcSgY1LlxZhwhw1A8b0tJ2PL0Efy1iKx0KgNJDw6E_g7E8WSQcClIT9K3DuhxX75Ly-vQbx2F2jibIoRfB9Z-w4ia1KVXXnOu6ctaPl60Usj3g8mz6RLEyphn09gZ-krwFLHpQLIXeXxD-QNLB3qnNZfuTIORAhXABj79CGL_vV2jm8f7UxfZUoixQLzgFmBcGcZudyof595F79ZI6jp0WDu4M7oN_ICWPygXzw5YnJrJFCFOuUOb2__vECqNQ3t6_xrJilQMoiUpZTEM5q0EjoKyIRA9M6p5ng2O26jyuNspecOyk_S2xljORKxBVZqY9h7d4OIfF

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nirsoft.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 12:09:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKUAA3bo9e1HFE1ABTbGiQAABLYAAAAB&google_push=AQvitUKledyP2tpj8AWx7_neKnUBAw6OfcfQe2w-HoPb0AEYgjNHwR7bfnX6uwwmq4EzUujEl1T6oza6lQobZJgYsC-nDZJc0bIFlQ&google_gid=CAESEGNVST-NE_Qst-aOmnEkiYE&google_cver=1

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.adsrvr.org/	1970-01-20 03:09:22	Name: TDCPM Value: CAEYBSABKAIyCwi87omytrLNORAFOAE.
.adsrvr.org/	1970-01-20 03:09:22	Name: TDID Value: 06b72f3a-af4f-4122-8ef8-6bc29cff2b2a
.openx.net/	1970-01-20 03:09:22	Name: i Value: 75a8d198-70cf-44a1-b1fd-233a7223f209\|1621426175
.ads.pubmatic.com/	1970-01-19 18:25:12	Name: repi Value: 1
.lijit.com/	1970-01-20 03:09:22	Name: _ljtrtb_66 Value: 579453451693
.gumgum.com/	1970-01-20 03:09:22	Name: vst Value: e_5e4c236c-66dc-49da-82da-49d5f7b1caf2
.lijit.com/	1970-01-20 03:09:22	Name: ljtrtb Value: eJwNijEOgzAMAP%2FimUhJbOyEL3RpF4YuFdiOxMLCiPp3vJxOp7sBGRbw3%2BykFVkTs2mibltqNRA2D9mLbqPCBNTjzrp%2BXt%2FrvR54RmsUTRcujXwouhlrNi5761Ipu1JGEYH%2FAzTHHN4%3D
.lijit.com/	1970-01-20 03:09:22	Name: _ljtrtb_49 Value: 0cVQKZsPVi3n
.lijit.com/	1970-01-20 03:09:22	Name: ljt_reader Value: 88f9ea59d22e85b0d72cea17
.lijit.com/	1970-01-20 03:09:22	Name: _ljtrtb_84 Value: c:6184efc3edd6c0d61b897240ec403777
.doubleclick.net/	1970-01-19 18:23:49	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 03:45:22	Name: IDE Value: AHWqTUkHtGYd288g6OGyVDLU9iz4ucaMrrH_VY6K4c9HbNplh-ImqaLtlb_buWMCIvo
.pubmatic.com/	1970-01-19 20:33:22	Name: KADUSERCOOKIE Value: 9279FD6E-BB6D-4139-ABF4-02FFB7DE3617
.lijit.com/	1970-01-20 03:09:22	Name: _ljtrtb_36 Value: e_5e4c236c-66dc-49da-82da-49d5f7b1caf2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-eu.amazon-adsystem.com
ad.360yield.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
ag.innovid.com
aorta.clickagy.com
ap.lijit.com
api-public.addthis.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
c1.adform.net
ce.lijit.com
cm.g.doubleclick.net
cms.quantserve.com
creativecdn.com
cs.emxdgt.com
d.turn.com
data.adsrvr.org
eu-u.openx.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
gslbeacon.lijit.com
image6.pubmatic.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pr-bh.ybp.yahoo.com
ps.eyeota.net
pxdrop.lijit.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
s7.addthis.com
secure.adnxs.com
ssc-cms.33across.com
ssl.google-analytics.com
sync-tm.everesttech.net
sync.1rx.io
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tg.socdm.com
tpc.googlesyndication.com
um.simpli.fi
ums.acuityplatform.com
us-u.openx.net
v1.addthisedge.com
vap2ams1.lijit.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.nirsoft.net
x.bidswitch.net
z.moatads.com
cm.g.doubleclick.net
104.111.233.227
104.75.88.126
124.146.215.50
13.248.242.197
138.128.181.29
151.101.14.49
154.59.122.79
169.50.137.190
172.217.16.130
172.217.23.98
18.195.155.181
18.196.123.190
184.30.24.121
185.184.8.30
185.29.132.69
185.64.189.115
185.94.180.126
193.0.160.128
193.122.174.27
198.148.27.139
2.18.233.180
2.18.235.40
2001:678:cb4:bbbb::13
213.19.147.44
216.52.2.39
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1288:110:c305::8000
2a00:1450:4001:800::2002
2a00:1450:4001:802::2001
2a00:1450:4001:802::2002
2a00:1450:4001:802::2004
2a00:1450:4001:803::2002
2a00:1450:4001:808::2008
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3
3.121.254.42
3.122.214.165
3.221.7.1
3.225.15.51
34.253.111.115
34.254.122.11
34.98.64.218
35.156.19.236
35.227.248.159
35.227.252.103
37.157.2.239
37.252.173.22
38.91.45.7
52.0.80.108
52.215.139.246
52.95.123.41
64.202.112.95
66.155.71.149
67.202.110.24
69.173.144.138
69.173.144.165
72.251.249.13
79.137.68.187
8.43.72.97
00535b5b597302e2749d3c2671f53ac61d0ba3b3e1a6624e6235ce18811b514b
03fb3f62f575f7aece5107379da9667099547635980c20ee48c3a85a1ae1b7c2
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0a51922ab4050690f553e962817435a7c955b83da3b4402d1fc632500808d103
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c4f483b95cfce5c4e78f32946ed302502f365c272094950b254b6226c16c7f5
105ada5700efd95efc42ad326435b30975cfc577e96d6e2b37394e40e5ce0922
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836
19ca0b773dac02681969e227c40105a83154cb133cd0fedd9af07412be62f15a
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1fc7ceb533a021747396d0773be419b8432c309db898995af87bf5a7b0c68b0b
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
269a8779864c246a9b4d11e75612398621183901216cf3117ee21fc494971cdb
2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3
2fca6187ce4dde712dc12f853bc2fdbb8c46209ce0908451890790d13e851808
34406ede96a365d79736bcc131328aa43ae78e2864ca1e4df2e3005a56aecac6
3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782
3c647bf2f90c1a702c07415eaa5e44bb7832436f61a8357e1fd9958f00eae674
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
432863150465290850edbb508d7e1e8c95320c0b34737f2f81cbf7589b6064d8
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ea8411870894a09ff7165d06aab69c2be05ffea87cdb1b5fb3b5594f11f6f06
4f488ba69b34a8b4d924f46e58cbbe62ad1031ee74af785d328ccb54c4cd9b5f
53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55b414b1eb3e763c73fa89a0a5771dd4e0d3ccbdc7109afe9aa4cb6d06f9f811
58b322b826bfa67a9a4c135d16eea8de1cdbc9156994a69dec89bbde224c109f
593fd0fd560f0d7c54fff666cffce6849bbdee98c94b66e7d9a10fa62f513b6f
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
81ce3df13a172f6134b97f77ca08e81ef50154c6d6d6ce7e8346a00e005c3eb0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
851b18217280b8affbc23da68973955dd5ed44ddd47e708f0a9ed871c5d7130c
887de6bf7da4aa1c756dfb4c9e7190d2302394fe90dfc1efb853a0cc6dc598e3
8ce35a8e0c4eb361827d38530f40799fc382b3a54cddea1bf176907f304ff4d9
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e200d64dc3343c48c5d3ef7d0bf5f8e94d380919cae192351191e171b254a8d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ab80bf76ac30775829501ad88f1a378c08bd4b6e4cbeba3bc2a4629e575c25ad
ac9ee46ff72f243d6584beb116fe5d4037c966c64822aa7563195b7c74eed3bd
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b31631d128cea56ee70228e71cebe7488f429eeb7f4ff8738bac0bbd5f89ae0c
b49394c87bc628c1e9357657668b4a1a540bf87ee2e707fc1eb0129dd3eec4bb
bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
ce30d468941571f73a45d6f480faca842899c1d649502821269767aa20e5c78e
da6f3508fdb8c1fdf553e4af5556b585ba5998139afe613d56dc0d88c822bd81
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd072b668015904431b51a4dfbe97e51a1c44f1ae90e2c62018e56476968b44f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c
e68a2c9d1fe7d6309da6cd320a5caa728d2e3e6476518bf2ee25e55a3c165a48
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1412c2fef75f61e29305e68482a4d565b834006dfd655dda5000404beca1e53
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

www.nirsoft.net Open in urlscan Pro 138.128.181.29 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

157 Requests

99 %HTTPS

27 %IPv6

55 Domains

71 Subdomains

45 IPs

8 Countries

940 kBTransfer

2413 kBSize

14 Cookies

38 Outgoing links

Redirected requests

157 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.nirsoft.net Open in urlscan Pro
138.128.181.29 Public Scan

Screenshot
Live screenshot

Full Image

157
Requests

99 %
HTTPS

27 %
IPv6

55
Domains

71
Subdomains

45
IPs

8
Countries

940 kB
Transfer

2413 kB
Size

14
Cookies

157 HTTP transactions
4 data transactions