www.eslactivity.org Open in urlscan Pro
104.21.74.148 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://eslactivity.org/
Effective URL:
https://www.eslactivity.org/
Submission: On September 12 via automatic, source certstream-suspicious (September 12th 2021, 9:55:57 pm UTC) — Scanned from DE

Summary HTTP 276 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 68 IPs in 8 countries across 72 domains to perform 276 HTTP transactions. The main IP is 104.21.74.148, located in and belongs to CLOUDFLARENET, US. The main domain is www.eslactivity.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 10th 2021. Valid for: a year.

This is the only time www.eslactivity.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 56	104.21.74.148 104.21.74.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	64.233.184.155 64.233.184.155	15169 (GOOGLE) (GOOGLE)
1	104.21.73.110 104.21.73.110	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.158.9 52.222.158.9	16509 (AMAZON-02) (AMAZON-02)
1	64.233.184.97 64.233.184.97	15169 (GOOGLE) (GOOGLE)
4	3.66.136.156 3.66.136.156	16509 (AMAZON-02) (AMAZON-02)
1	143.204.207.111 143.204.207.111	16509 (AMAZON-02) (AMAZON-02)
2	91.228.74.133 91.228.74.133	16509 (AMAZON-02) (AMAZON-02)
13	74.125.140.154 74.125.140.154	15169 (GOOGLE) (GOOGLE)
3	64.233.166.132 64.233.166.132	15169 (GOOGLE) (GOOGLE)
1	13.32.22.109 13.32.22.109	16509 (AMAZON-02) (AMAZON-02)
2	64.233.184.138 64.233.184.138	15169 (GOOGLE) (GOOGLE)
4 20	74.125.140.155 74.125.140.155	15169 (GOOGLE) (GOOGLE)
3	66.102.1.154 66.102.1.154	15169 (GOOGLE) (GOOGLE)
9	108.177.15.132 108.177.15.132	15169 (GOOGLE) (GOOGLE)
4	74.125.133.95 74.125.133.95	15169 (GOOGLE) (GOOGLE)
2	74.125.140.95 74.125.140.95	15169 (GOOGLE) (GOOGLE)
1 3	74.125.133.106 74.125.133.106	15169 (GOOGLE) (GOOGLE)
2	216.239.32.3 216.239.32.3	15169 (GOOGLE) (GOOGLE)
5	66.102.1.94 66.102.1.94	15169 (GOOGLE) (GOOGLE)
1	74.125.71.157 74.125.71.157	15169 (GOOGLE) (GOOGLE)
3	173.194.76.157 173.194.76.157	15169 (GOOGLE) (GOOGLE)
2 3	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	139.162.58.205 139.162.58.205	63949 (LINODE-AP...) (LINODE-AP Linode)
1	135.125.160.77 135.125.160.77	16276 (OVH) (OVH)
3 3	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
6 6	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
1	3.115.67.144 3.115.67.144	16509 (AMAZON-02) (AMAZON-02)
1	74.125.140.157 74.125.140.157	15169 (GOOGLE) (GOOGLE)
15	89.187.169.47 89.187.169.47	() ()
7	52.34.133.113 52.34.133.113	() ()
1	159.89.102.253 159.89.102.253	() ()
2	178.250.0.157 178.250.0.157	() ()
3	52.222.158.21 52.222.158.21	() ()
1	198.148.27.134 198.148.27.134	() ()
5	35.157.23.185 35.157.23.185	() ()
1	178.250.2.131 178.250.2.131	() ()
1	204.237.133.116 204.237.133.116	() ()
5	18.156.195.47 18.156.195.47	() ()
1	213.19.147.42 213.19.147.42	() ()
1	34.107.148.139 34.107.148.139	() ()
1	23.37.38.181 23.37.38.181	() ()
3	51.89.9.253 51.89.9.253	() ()
20	104.22.2.144 104.22.2.144	() ()
1	104.22.3.144 104.22.3.144	() ()
1	208.100.17.190 208.100.17.190	() ()
2 6	104.76.200.247 104.76.200.247	() ()
6 6	104.36.113.35 104.36.113.35	() ()
2 18	104.36.113.17 104.36.113.17	() ()
2 4	104.36.113.24 104.36.113.24	() ()
5 5	185.33.221.88 185.33.221.88	() ()
5 5	18.156.0.31 18.156.0.31	() ()
3 4	76.223.111.131 76.223.111.131	() ()
1 1	64.202.112.95 64.202.112.95	() ()
1 1	178.162.133.149 178.162.133.149	() ()
1	34.243.225.216 34.243.225.216	() ()
1	174.137.133.49 174.137.133.49	() ()
2 2	35.157.177.200 35.157.177.200	() ()
2 2	38.27.122.158 38.27.122.158	() ()
1 1	193.0.160.128 193.0.160.128	() ()
1 1	67.202.105.21 67.202.105.21	() ()
1 2	209.54.178.82 209.54.178.82	() ()
1	192.132.33.46 192.132.33.46	() ()
3 3	151.101.114.49 151.101.114.49	() ()
2	169.197.150.8 169.197.150.8	() ()
2	173.231.181.122 173.231.181.122	() ()
2	178.250.2.130 178.250.2.130	() ()
1	51.89.21.10 51.89.21.10	() ()
1	198.148.27.140 198.148.27.140	() ()
2	104.76.200.201 104.76.200.201	() ()
1	104.76.200.23 104.76.200.23	() ()
1	104.36.113.23 104.36.113.23	() ()
2 3	37.157.6.247 37.157.6.247	() ()
1	178.250.0.163 178.250.0.163	() ()
1 1	154.59.122.79 154.59.122.79	() ()
1 2	104.18.13.5 104.18.13.5	() ()
1 2	88.221.62.154 88.221.62.154	() ()
2 2	3.123.143.157 3.123.143.157	() ()
5 5	3.64.77.7 3.64.77.7	() ()
1 1	162.55.6.212 162.55.6.212	() ()
1 1	151.101.13.44 151.101.13.44	() ()
1	199.232.137.44 199.232.137.44	() ()
1 1	54.87.192.123 54.87.192.123	() ()
1	35.244.174.68 35.244.174.68	() ()
2 2	185.29.134.248 185.29.134.248	() ()
1 1	46.228.164.11 46.228.164.11	() ()
1	212.82.100.176 212.82.100.176	() ()
1	89.207.16.204 89.207.16.204	() ()
2 2	66.155.71.149 66.155.71.149	() ()
1 1	23.22.239.72 23.22.239.72	() ()
1 1	51.75.146.161 51.75.146.161	() ()
1 1	34.251.173.19 34.251.173.19	() ()
1 1	34.98.107.212 34.98.107.212	() ()
1 1	185.33.221.15 185.33.221.15	() ()
276	68

56 104.21.74.148 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

eslactivity.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.eslactivity.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 64.233.184.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f155.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.73.110 (None, )

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.158.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-158-9.cdg52.r.cloudfront.net

sf.ezoiccdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.184.97 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.66.136.156 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.207.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-207-111.fra53.r.cloudfront.net

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.228.74.133 (United Kingdom)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 74.125.140.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wq-in-f154.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.233.166.132 (United States)

ASN15169 (GOOGLE, US)
PTR: wm-in-f132.1e100.net

7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-109.fra56.r.cloudfront.net

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.184.138 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f138.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 74.125.140.155 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: wq-in-f155.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 66.102.1.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f154.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 108.177.15.132 (United States)

ASN15169 (GOOGLE, US)
PTR: wr-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.125.133.95 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.140.95 (United States)

ASN15169 (GOOGLE, US)
PTR: wq-in-f95.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.125.133.106 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: wo-in-f106.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.32.3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 66.102.1.94 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.71.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wn-in-f157.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 173.194.76.157 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 159.253.128.188 (Amsterdam, Netherlands) 2 redirects

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.162.58.205 (Singapore, Singapore) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1471-205.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 135.125.160.77 (France)

ASN16276 (OVH, FR)
PTR: ns3195934.ip-135-125-160.eu

c.eu1.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.251.249.9 (Amsterdam, Netherlands) 3 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 213.19.147.45 (United Kingdom) 6 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.115.67.144 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-115-67-144.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.140.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wq-in-f157.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 89.187.169.47 (None, )

ASN- ()

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
micro-cdn.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.34.133.113 (None, )

ASN- ()

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.89.102.253 (None, )

ASN- ()

geolocation-db.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (None, )

ASN- ()

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.158.21 (None, )

ASN- ()

pb-server.ezoic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.134 (None, )

ASN- ()

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.157.23.185 (None, )

ASN- ()

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.131 (None, )

ASN- ()

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.237.133.116 (None, )

ASN- ()

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.156.195.47 (None, )

ASN- ()

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.42 (None, )

ASN- ()

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (None, )

ASN- ()

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (None, )

ASN- ()

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.253 (None, )

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 104.22.2.144 (None, )

ASN- ()

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.3.144 (None, )

ASN- ()

rt3027.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.190 (None, )

ASN- ()

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.76.200.247 (None, ) 2 redirects

ASN- ()

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.36.113.35 (None, ) 6 redirects

ASN- ()

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 104.36.113.17 (None, ) 2 redirects

ASN- ()

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.36.113.24 (None, ) 2 redirects

ASN- ()

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.88 (None, ) 5 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.156.0.31 (None, ) 5 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.223.111.131 (None, ) 3 redirects

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.95 (None, ) 1 redirects

ASN- ()

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (None, ) 1 redirects

ASN- ()

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.243.225.216 (None, )

ASN- ()

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (None, )

ASN- ()

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.177.200 (None, ) 2 redirects

ASN- ()

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 38.27.122.158 (None, ) 2 redirects

ASN- ()

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (None, ) 1 redirects

ASN- ()

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.21 (None, ) 1 redirects

ASN- ()

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.178.82 (None, ) 1 redirects

ASN- ()

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (None, )

ASN- ()

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.49 (None, ) 3 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.197.150.8 (None, )

ASN- ()

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.231.181.122 (None, )

ASN- ()

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.130 (None, )

ASN- ()

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.21.10 (None, )

ASN- ()

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (None, )

ASN- ()

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.76.200.201 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.200.23 (None, )

ASN- ()

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.36.113.23 (None, )

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.247 (None, ) 2 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.59.122.79 (None, ) 1 redirects

ASN- ()

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.13.5 (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.221.62.154 (None, ) 1 redirects

ASN- ()

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.143.157 (None, ) 2 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.64.77.7 (None, ) 5 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.212 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.44 (None, ) 1 redirects

ASN- ()

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.137.44 (None, )

ASN- ()

match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.87.192.123 (None, ) 1 redirects

ASN- ()

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (None, )

ASN- ()

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.248 (None, ) 2 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.176 (None, )

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.207.16.204 (None, )

ASN- ()

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (None, ) 2 redirects

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.22.239.72 (None, ) 1 redirects

ASN- ()

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.146.161 (None, ) 1 redirects

ASN- ()

ws.rqtrk.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.251.173.19 (None, ) 1 redirects

ASN- ()

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (None, ) 1 redirects

ASN- ()

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.15 (None, ) 1 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	eslactivity.org 1 redirects eslactivity.org www.eslactivity.org	357 KB
39	doubleclick.net 4 redirects securepubads.g.doubleclick.net bid.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	262 KB
32	pubmatic.com 10 redirects hbopenbid.pubmatic.com image8.pubmatic.com image2.pubmatic.com image4.pubmatic.com ads.pubmatic.com image6.pubmatic.com simage2.pubmatic.com	40 KB
22	sumo.com load.sumo.com sumo.com micro-cdn.sumo.com	454 KB
21	infolinks.com resources.infolinks.com router.infolinks.com rt3027.infolinks.com	280 KB
20	googlesyndication.com 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	81 KB
16	google.com 1 redirects adservice.google.com www.google.com	3 KB
11	yahoo.com 5 redirects c2shb.ssp.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	26 KB
7	gstatic.com csi.gstatic.com fonts.gstatic.com www.gstatic.com	44 KB
6	adnxs.com 6 redirects ib.adnxs.com secure.adnxs.com	6 KB
6	casalemedia.com 2 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	7 KB
6	googleapis.com fonts.googleapis.com imasdk.googleapis.com	130 KB
5	bidswitch.net 5 redirects x.bidswitch.net	2 KB
5	sharethrough.com btlr.sharethrough.com	581 B
5	1rx.io 4 redirects sync.1rx.io tag.1rx.io	3 KB
5	ezoic.net g.ezoic.net go.ezoic.net	2 KB
4	adsrvr.org 3 redirects match.adsrvr.org	2 KB
4	criteo.com gum.criteo.com bidder.criteo.com dis.criteo.com	1 KB
3	adform.net 2 redirects c1.adform.net	1 KB
3	everesttech.net 3 redirects sync-tm.everesttech.net	838 B
3	onetag-sys.com onetag-sys.com	2 KB
3	ezoic.com pb-server.ezoic.com	2 KB
3	lijit.com 3 redirects ap.lijit.com	2 KB
3	simpli.fi 2 redirects um.simpli.fi	1 KB
3	googletagservices.com www.googletagservices.com	103 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com	947 B
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	taboola.com 1 redirects trc.taboola.com match.taboola.com	652 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	owneriq.net 1 redirects px.owneriq.net	476 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	criteo.net static.criteo.net	53 KB
2	adgrx.com cm.adgrx.com	816 B
2	deepintent.com match.deepintent.com	83 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	1 KB
2	bnmla.com 2 redirects match.bnmla.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	677 B
2	media.net prebid.media.net contextual.media.net	9 KB
2	contextweb.com bid.contextweb.com bh.contextweb.com	1022 B
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
1	playground.xyz 1 redirects ads.playground.xyz	485 B
1	gumgum.com 1 redirects rtb.gumgum.com	337 B
1	rqtrk.eu 1 redirects ws.rqtrk.eu	516 B
1	ipredictive.com 1 redirects sync.ipredictive.com	522 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	turn.com 1 redirects ad.turn.com	518 B
1	rlcdn.com idsync.rlcdn.com	66 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	649 B
1	loopme.me 1 redirects csync.loopme.me	216 B
1	acuityplatform.com 1 redirects ums.acuityplatform.com	674 B
1	indexww.com js-sec.indexww.com	1 KB
1	id5-sync.com id5-sync.com	537 B
1	bttrack.com bttrack.com	380 B
1	33across.com 1 redirects ssc-cms.33across.com	500 B
1	rfihub.com 1 redirects p.rfihub.com	757 B
1	adkernel.com dsp.adkernel.com	233 B
1	cpx.to s.cpx.to	945 B
1	sonobi.com 1 redirects sync.go.sonobi.com	728 B
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	tynt.com de.tynt.com	289 B
1	geolocation-db.com geolocation-db.com	280 B
1	adingo.jp cc.adingo.jp	44 B
1	dyntrk.com c.eu1.dyntrk.com	215 B
1	appier.net 1 redirects a.c.appier.net	556 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	584 B
1	quantcount.com rules.quantcount.com	427 B
1	googletagmanager.com www.googletagmanager.com	41 KB
1	ezoiccdn.com sf.ezoiccdn.com	12 KB
1	ezodn.com go.ezodn.com	94 KB
0	smartadserver.com Failed rtb-csync.smartadserver.com Failed
276	72

	Domain	Requested by
55	www.eslactivity.org	www.eslactivity.org
22	securepubads.g.doubleclick.net	www.eslactivity.org securepubads.g.doubleclick.net 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
17	router.infolinks.com	resources.infolinks.com router.infolinks.com ssum-sec.casalemedia.com
14	load.sumo.com	www.eslactivity.org load.sumo.com
13	simage2.pubmatic.com	ads.pubmatic.com
13	cm.g.doubleclick.net	4 redirects 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com ssum-sec.casalemedia.com ads.pubmatic.com
13	adservice.google.com	securepubads.g.doubleclick.net
9	tpc.googlesyndication.com	securepubads.g.doubleclick.net 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com tpc.googlesyndication.com
8	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com tpc.googlesyndication.com
7	sumo.com	load.sumo.com
6	image8.pubmatic.com	6 redirects
5	x.bidswitch.net	5 redirects
5	ups.analytics.yahoo.com	5 redirects
5	ib.adnxs.com	5 redirects
5	image2.pubmatic.com	2 redirects ads.pubmatic.com
5	c2shb.ssp.yahoo.com	go.ezodn.com
5	btlr.sharethrough.com	go.ezodn.com
4	match.adsrvr.org	3 redirects ssum-sec.casalemedia.com
4	image4.pubmatic.com	2 redirects ads.pubmatic.com
4	sync.1rx.io	4 redirects
4	fonts.googleapis.com	7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com client
4	g.ezoic.net	www.eslactivity.org
3	c1.adform.net	2 redirects ads.pubmatic.com
3	sync-tm.everesttech.net	3 redirects
3	ssum-sec.casalemedia.com	1 redirects router.infolinks.com js-sec.indexww.com
3	resources.infolinks.com	www.eslactivity.org resources.infolinks.com
3	onetag-sys.com	go.ezodn.com router.infolinks.com
3	pb-server.ezoic.com	go.ezodn.com onetag-sys.com
3	ap.lijit.com	3 redirects
3	um.simpli.fi	2 redirects ads.pubmatic.com
3	www.gstatic.com	7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
3	googleads.g.doubleclick.net	7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
3	www.google.com	1 redirects tpc.googlesyndication.com 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
3	www.googletagservices.com	securepubads.g.doubleclick.net 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
3	7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	pixel-sync.sitescout.com	2 redirects
2	sync.mathtag.com	2 redirects
2	pm.w55c.net	2 redirects
2	px.owneriq.net	1 redirects ads.pubmatic.com
2	ads.pubmatic.com	go.ezodn.com ads.pubmatic.com
2	static.criteo.net	go.ezodn.com static.criteo.net
2	cm.adgrx.com	ssum-sec.casalemedia.com ads.pubmatic.com
2	match.deepintent.com	ssum-sec.casalemedia.com ads.pubmatic.com
2	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	match.bnmla.com	2 redirects
2	pixel.advertising.com	2 redirects
2	gum.criteo.com	go.ezodn.com
2	sync.targeting.unrulymedia.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	csi.gstatic.com	imasdk.googleapis.com
2	imasdk.googleapis.com	7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	rtb.gumgum.com	1 redirects
1	ws.rqtrk.eu	1 redirects
1	sync.ipredictive.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	pr-bh.ybp.yahoo.com	ads.pubmatic.com
1	ad.turn.com	1 redirects
1	idsync.rlcdn.com	ads.pubmatic.com
1	sync.srv.stackadapt.com	1 redirects
1	match.taboola.com	ads.pubmatic.com
1	trc.taboola.com	1 redirects
1	csync.loopme.me	1 redirects
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	ums.acuityplatform.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	image6.pubmatic.com	ads.pubmatic.com
1	contextual.media.net	go.ezodn.com
1	js-sec.indexww.com	go.ezodn.com
1	bh.contextweb.com	go.ezodn.com
1	id5-sync.com	go.ezodn.com
1	bttrack.com	ssum-sec.casalemedia.com
1	ssc-cms.33across.com	1 redirects
1	p.rfihub.com	1 redirects
1	dsp.adkernel.com	router.infolinks.com
1	s.cpx.to	router.infolinks.com
1	sync.go.sonobi.com	1 redirects
1	b1sync.zemanta.com	1 redirects
1	de.tynt.com	router.infolinks.com
1	rt3027.infolinks.com	resources.infolinks.com
1	micro-cdn.sumo.com
1	htlb.casalemedia.com	go.ezodn.com
1	prebid.media.net	go.ezodn.com
1	tag.1rx.io	go.ezodn.com
1	hbopenbid.pubmatic.com	go.ezodn.com
1	bidder.criteo.com	go.ezodn.com
1	bid.contextweb.com	go.ezodn.com
1	geolocation-db.com	www.eslactivity.org
1	cc.adingo.jp	7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
1	c.eu1.dyntrk.com	7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
1	a.c.appier.net	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	pixel.quantserve.com	www.eslactivity.org
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	www.eslactivity.org
1	go.ezoic.net	www.eslactivity.org
1	www.googletagmanager.com	www.eslactivity.org
1	sf.ezoiccdn.com	www.eslactivity.org
1	go.ezodn.com	www.eslactivity.org
1	eslactivity.org	1 redirects
0	rtb-csync.smartadserver.com Failed	ads.pubmatic.com
276	106

This site contains links to these domains. Also see Links.

Domain
www.amazon.com
www.ezoic.com
eslactivity.org
www.pinterest.com
www.facebook.com
www.tiktok.com
www.youtube.com
www.linkedin.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-10` - `2022-07-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.ezoiccdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-29` - `2021-10-28`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
ezoic.net R3	`2021-07-22` - `2021-10-20`	3 months	crt.sh
*.ezoic.net Amazon	`2021-02-15` - `2022-03-16`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-23` - `2021-11-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
c.eu1.dyntrk.com R3	`2021-08-09` - `2021-11-07`	3 months	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-04` - `2022-05-04`	a year	crt.sh
geolocation-db.com R3	`2021-08-21` - `2021-11-19`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.ezoic.com Sectigo RSA Domain Validation Secure Server CA	`2021-04-19` - `2022-05-20`	a year	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-30` - `2022-02-23`	6 months	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2021-04-12` - `2022-05-05`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
onetag-sys.com R3	`2021-07-26` - `2021-10-24`	3 months	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
s.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-03` - `2022-02-09`	a year	crt.sh
*.adkernel.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2022-01-05`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.id5-sync.com R3	`2021-07-13` - `2021-10-11`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2021-01-29` - `2022-02-02`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.pbp.bf2.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-18` - `2021-11-17`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh

This page contains 33 frames:

Primary Page: https://www.eslactivity.org/
Frame ID: 40AC3AED456BB6F5578B162AFFEBD0C3
Requests: 168 HTTP requests in this frame

Frame: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5675265801F3A1F3747E4C559A533C6B
Requests: 1 HTTP requests in this frame

Frame: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FA81C56F217CA30261FC05380FB46382
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 60EF7229913D050C723130FF0227340B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 958A3DAA6FBF8BB68834F1D3C0059DF2
Requests: 2 HTTP requests in this frame

Frame: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E889F6149388123437DE1C861ED18D80
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 0CE8459FC83F327641580E3AF0871D04
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 8A46471D3DEEA9B85CA2BA4F77D37B00
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E708511C767136B411A0F8DCCEE5982A
Requests: 9 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fpb-server.ezoic.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BUSER_TOKEN%7D
Frame ID: 5953CDA0D3542DC427338FDC8E542664
Requests: 2 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Frame ID: 19586A6395D91B90AE5638045CBD9659
Requests: 16 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: DFEC4F3981D5DA668ACC873525F24432
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 15F75555521D6A94B5FA28BF671BE4BA
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: BCB27B2DCC63290D261427B21FE544C0
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: 902861E953DB852B523A9AFE821A4A2C
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: E28B123543A91C81EC3A459D9304DE83
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Frame ID: 224421D6AF81A96AB322DF5CD6FE5304
Requests: 23 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUBCB617&prvid=2033%2C2030%2C251%2C175%2C132%2C233%2C178%2C3018%2C2028%2C157%2C3017%2C2027%2C3016%2C236%2C214%2C159%2C2025%2C238%2C97%2C99%2C55%2C77%2C56%2C3012%2C3010%2C182%2C262%2C141%2C241%2C222%2C3007%2C223%2C201%2C4%2C246%2C203%2C148%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: B21D77F72D37327E3D33A15DFA76A353
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1631483752981
Frame ID: CA7593EADA3B421068989FEE2E2A579B
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.eslactivity.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: A60C1592FBB10AF315636992AF383A32
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
Frame ID: 303429D625A83D73B2DBABB4DB6FCBE7
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAF9Z07CfO8AACFuCeCzzQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%252Cpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Frame ID: 64410B3B90A50C2D1BEC66F3A2413DEA
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 5A2DE2413A69BD6B2BB28DCACCD486D0
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 322E9DA69329836E293846A34731D2D4
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=606854647843
Frame ID: 7B6D59BE6853C2B915B7B0BD638E0DA4
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 5229EB0557B758F2407FE629CC153C0E
Requests: 1 HTTP requests in this frame

Frame: https://px.owneriq.net/noop?ct=image%2Fgif
Frame ID: 86D20A2E63E80A6ACA44D5A8CA15939A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:HhoqhZ181Mpxs95&gdpr=0&gdpr_consent=
Frame ID: 76537014687D19D2AD6F95589F74CF10
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=c4079583-010e-4bd9-89fd-ebce6d53ca22&google_hm=YzQwNzk1ODMtMDEwZS00YmQ5LTg5ZmQtZWJjZTZkNTNjYTIy
Frame ID: 37723594A01D15076FB01756A7858E23
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: E4ADC42E7F7FC25B68B9DE6711E615C6
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 2742DF8F19D62B82FC1F26658B5586F6
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=41a725a4-5d51-4ed4-87af-5c10295b9285-tuct837fcec&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: A039228C582B98ED90493CFCEB379B64
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=QMWCWmDeRqt-4SMzBx-2F9iDcoU
Frame ID: D3270B7BA6D684A87A53E2126F685429
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ESL Activities and Games: Fun Ideas for the English/TEFL Classroom

Page URL History Show full URLs

https://eslactivity.org/ HTTP 301
https://www.eslactivity.org/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

s3\.amazonaws\.com/downloads\.mailchimp\.com/js/mc-validate\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

276
Requests

99 %
HTTPS

0 %
IPv6

72
Domains

106
Subdomains

68
IPs

8
Countries

2031 kB
Transfer

6609 kB
Size

35
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.amazon.com/s?k=jackie+bolen&ref=nb_sb_noss
Title: You can find them on Amazon

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/B08ZWC6D71?tag=eslaawp-20&linkCode=ogi&th=1&psc=1

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/B08P26ZXCY?tag=eslaawp-20&linkCode=ogi&th=1&psc=1&keywords=jackie%20bolen

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/1393376436?tag=eslaawp-20&linkCode=ogi&th=1&psc=1&keywords=jackie%20bolen

Search URL Search Domain Scan URL

URL: https://www.amazon.com/gp/prime/?tag=eslaawp-20

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/B08Y5Y1QLG?tag=eslaawp-20&linkCode=ogi&th=1&psc=1&keywords=jackie%20bolen

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/B011I2X424?tag=eslaawp-20&linkCode=osi&th=1&psc=1&keywords=jackie%20bolen

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/B0873BQDX9?tag=eslaawp-20&linkCode=ogi&th=1&psc=1&keywords=jackie%20bolen

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/1393069428?tag=eslaawp-20&linkCode=ogi&th=1&psc=1&keywords=jackie%20bolen

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/B094PM3FVM?tag=eslaawp-20&linkCode=osi&th=1&psc=1&keywords=jackie%20bolen

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/1393037615?tag=eslaawp-20&linkCode=ogi&th=1&psc=1&keywords=jackie%20bolen

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/1514244640?tag=eslaawp-20&linkCode=ogi&th=1&psc=1

Search URL Search Domain Scan URL

URL: https://eslactivity.org/about-jackie-bolen/
Title: About + Contact

Search URL Search Domain Scan URL

URL: https://eslactivity.org/privacy-policy/
Title: Privacy Policy and Terms of Use

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/eslspeaking/_created/
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://www.facebook.com/eslactivities
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@englishwithjackie?lang=en
Title: TikTok

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCAb9LpA9eTtwdSlo91c03Mg
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/jackiebolen/
Title: LinkedIn

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://eslactivity.org/ HTTP 301
https://www.eslactivity.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 106

https://um.simpli.fi/gp_match?google_gid=CAESEH6asPsQWhjuKlBnUqylX5I&google_cver=1&google_push=AYg5qPJCtmyUXX-dEPmGvyVO0pm00Y-8EdxUGNZxAgburorMaxSlcaqJpAAEd-oajmKhdpHu9U4Kx7kAJkJKFspCj70iHwzvqD0t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=9678B178869347E1AADBDD8E4E838C98&google_push=AYg5qPJCtmyUXX-dEPmGvyVO0pm00Y-8EdxUGNZxAgburorMaxSlcaqJpAAEd-oajmKhdpHu9U4Kx7kAJkJKFspCj70iHwzvqD0t

Request Chain 107

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEN7wZnfcqBOV8p4G15h-mhw&google_cver=1&google_push=AYg5qPKdTYrtAytHnEATXd94NIIBcisaLbX6gvwAR2ztXfWS7dtTkg2IzFjC4-DicbBa7bg8rvKiEmzFMhtuS8WMy8dWE6jMtyoP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwNzE2OTM0NTkxMzYxNjUzNA%3D%3D&google_push=AYg5qPKdTYrtAytHnEATXd94NIIBcisaLbX6gvwAR2ztXfWS7dtTkg2IzFjC4-DicbBa7bg8rvKiEmzFMhtuS8WMy8dWE6jMtyoP

Request Chain 108

https://a.c.appier.net/gcm?google_gid=CAESEJdT6YJv-xsJBBTkuxoSccs&google_cver=1&google_push=AYg5qPInhE1gLSoaXN16sk3H2stlLbmJlO2iVI1OpQQqf9faPhaD1CRXq0oHalIAI2HsHwmJ5AdDfQeFcZHxwcGzH13v3_LA7_uV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MTRINHVTRVlBVm1STWJOb1pYYy1ZUQ%3D%3D&google_push=AYg5qPInhE1gLSoaXN16sk3H2stlLbmJlO2iVI1OpQQqf9faPhaD1CRXq0oHalIAI2HsHwmJ5AdDfQeFcZHxwcGzH13v3_LA7_uV

Request Chain 110

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEE4ZKCCdTokxIq3mQHLwGAE&google_cver=1&google_push=AYg5qPL911S29hxNHDccAErn1BSqCjvgWy69pwmsIDbtiOtHj6ipkpH49V_grZdebuCl4KkTEiJ7Rz4Vi7gNAGwrmTTdqbLR95LG HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEE4ZKCCdTokxIq3mQHLwGAE&google_cver=1&google_push=AYg5qPL911S29hxNHDccAErn1BSqCjvgWy69pwmsIDbtiOtHj6ipkpH49V_grZdebuCl4KkTEiJ7Rz4Vi7gNAGwrmTTdqbLR95LG&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL911S29hxNHDccAErn1BSqCjvgWy69pwmsIDbtiOtHj6ipkpH49V_grZdebuCl4KkTEiJ7Rz4Vi7gNAGwrmTTdqbLR95LG&google_hm=4f787d2007f455cf3be4e928

Request Chain 111

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEH6b2pwyxzsfOmwaWIkW5T4&google_cver=1&google_push=AYg5qPK-kjxz71BdXN-heX82mhR6v9Xr1HCvTbVBLyzMwvDiifzNMoCLDk8_S5QEQR9SvCbids7WX2XihVzBxj3SfJ1hJVq3B_29 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-93360887-5ba9-4a90-936e-5719598df51e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPK-kjxz71BdXN-heX82mhR6v9Xr1HCvTbVBLyzMwvDiifzNMoCLDk8_S5QEQR9SvCbids7WX2XihVzBxj3SfJ1hJVq3B_29%26google_hm%3DA5M2CIdbqUqQk25XGVmN9R4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK-kjxz71BdXN-heX82mhR6v9Xr1HCvTbVBLyzMwvDiifzNMoCLDk8_S5QEQR9SvCbids7WX2XihVzBxj3SfJ1hJVq3B_29&google_hm=A5M2CIdbqUqQk25XGVmN9R4

Request Chain 114

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 211

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Request Chain 213

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=ODhGNEJBMjItQkEyRS00Nzk3LThDRjktMkRCRjAxQTI3MEE3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D88F4BA22-BA2E-4797-8CF9-2DBF01A270A7 HTTP 302
https://router.infolinks.com/dyn/pbm-usync?uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7

Request Chain 214

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
https://router.infolinks.com/dyn/apn-usync?user_id=8031856347569021699

Request Chain 215

https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
https://router.infolinks.com/dyn/VR-usync?uid=y-kwpLqptE2uFI55Y6IxEvZV2nQC626JztXzaJVE0-~A

Request Chain 216

https://sync.1rx.io/usersync2/infolinks HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=796353402 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=796353402 HTTP 302
https://sync.1rx.io/usersync/tradedesk/a30dfa7c-8092-4e07-aa09-48b6d8da3caf HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-93360887-5ba9-4a90-936e-5719598df51e-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-93360887-5ba9-4a90-936e-5719598df51e-003 HTTP 302
https://router.infolinks.com/dyn/r1-usync?uid=RX-93360887-5ba9-4a90-936e-5719598df51e-003

Request Chain 217

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
https://router.infolinks.com/dyn/zmn-usync?uid=

Request Chain 218

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D HTTP 302
https://router.infolinks.com/dyn/sonobi-usync?uid=ccd9119e-45a7-4855-89cd-64bf17703f34

Request Chain 219

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.eslactivity.org%252F&pid=12306&adnxs_uid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.eslactivity.org%25252F%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.eslactivity.org%2F&pid=12306&adnxs_uid=8031856347569021699

Request Chain 221

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP34624711-1414-11ec-92df-02378c853814 HTTP 302
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP34624711-1414-11ec-92df-02378c853814&verify=true HTTP 302
https://router.infolinks.com/dyn/outh-usync?uid=y-NbNE88hE2uGCBdqZ6Zg60mpn3fa7sOtm~A~UP34624711-1414-11ec-92df-02378c853814

Request Chain 222

https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D HTTP 302
https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID HTTP 302
https://match.bnmla.com/usersync?dspid=6&uuid=9678B178869347E1AADBDD8E4E838C98 HTTP 302
https://router.infolinks.com/dyn/enbd-usync?uid=8074b8b5-b976-48ad-8042-7a13173d02c9

Request Chain 223

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
https://router.infolinks.com/dyn/sovrn-usync?uid=4f787d2007f455cf3be4e928

Request Chain 224

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RThBQTQ1MTktMEFFNy00NzEwLTgxRUEtOTFGRDVDRjJEOUFE&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D88F4BA22-BA2E-4797-8CF9-2DBF01A270A7 HTTP 302
https://router.infolinks.com/dyn/pbm-usync?uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7

Request Chain 226

https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
https://router.infolinks.com/dyn/zeta-usync?uid=1875819622641186985

Request Chain 227

https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X HTTP 302
https://router.infolinks.com/dyn/33a-usync?uid=118675440248857

Request Chain 230

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YT53a7I2kcMZzjKWWWRDxAAABKwAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YT53a7I2kcMZzjKWWWRDxAAABKwAAAAB&dcc=t

Request Chain 231

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YT53a7I2kcMZzjKWWWRDxAAA

Request Chain 233

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YT53awABDxkBIAA6 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YT53awABDxkBIAA6&gdpr=1&_test=YT53awABDxkBIAA6

Request Chain 254

https://c1.adform.net/serving/cookie/match?party=14&cid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7

Request Chain 255

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGOVowN0NmTzhBQUNGdUNlQ3p6UQ&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAF9Z07CfO8AACFuCeCzzQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%252Cpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID

Request Chain 258

https://ums.acuityplatform.com/tum?umid=6 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=606854647843

Request Chain 259

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 260

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 261

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:HhoqhZ181Mpxs95&gdpr=0&gdpr_consent=

Request Chain 262

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-93360887-5ba9-4a90-936e-5719598df51e-003&rndcb=5863938416 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-93360887-5ba9-4a90-936e-5719598df51e-003&rndcb=5863938416 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=c4079583-010e-4bd9-89fd-ebce6d53ca22&google_hm=YzQwNzk1ODMtMDEwZS00YmQ5LTg5ZmQtZWJjZTZkNTNjYTIy

Request Chain 264

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 265

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=41a725a4-5d51-4ed4-87af-5c10295b9285-tuct837fcec&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 266

https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=QMWCWmDeRqt-4SMzBx-2F9iDcoU

Request Chain 267

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iPS6IrouR5eM-S2_AaJwpw%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 269

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=bf36613e-776c-4600-b9ef-d9b94133eb8a

Request Chain 270

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&google_error=15

Request Chain 272

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2649585943741526070&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 273

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a30dfa7c-8092-4e07-aa09-48b6d8da3caf

Request Chain 274

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YT53awABDxkBIAA6&gdpr=0&gdpr_consent=

Request Chain 275

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-n83Zf15E2uUqug1Eeg5njEdHNMQ2A_8-~A&gdpr=0&gdpr_consent=

Request Chain 277

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:6844613e-776d-4200-988a-ec6052a5dbb6&gdpr=0&gdpr_consent=

Request Chain 278

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8031856347569021699&gdpr=0&gdpr_consent=

Request Chain 280

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=c304d13b-f485-44b3-8a69-bb19bca717fd-613e776d-5553&gdpr=0&gdpr_consent=

Request Chain 281

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=35a17dc4-1414-11ec-88a4-1d112e311b04&gdpr=0&gdpr_consent=

Request Chain 282

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=pQ7CeqQIxyy-CZIt8VncfKNelH2-XpN8pFveT-Sb

Request Chain 283

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://ws.rqtrk.eu/pull?redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D193%26user_id%3D%24BROWSER_ID%26expires%3D1%26ssp%3D%24bidswitch_ssp_id&return-unstable=true&eb=&bidswitch_ssp_id=pubmatic&g=1&gdpr_pd=&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=193&user_id=&expires=1&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c4079583-010e-4bd9-89fd-ebce6d53ca22&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 284

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B341_E350EFA0_14EBFAAAD&r=https://pmp.mxptint.net/sn.ashx?ak=1

Request Chain 285

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2475098794899485673

Request Chain 286

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_5c8ebf1b-849a-4f3b-914d-876fce6ad3d0

Request Chain 287

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8031856347569021699

276 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.eslactivity.org/
Redirect Chain

https://eslactivity.org/
https://www.eslactivity.org/

131 KB
30 KB

374ms
360ms

Document
text/html

104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.20
Resource Hash: 34bf11f6093496f2c2b632bed86364f768feb5bf06690a64cd0b9ee3832211cf

Request headers

:method: GET
:authority: www.eslactivity.org
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: max-age=0, must-revalidate, no-cache, no-store
display: pub_site_sol
expires: Sat, 11 Sep 2021 21:55:46 GMT
link: <https://www.eslactivity.org/wp-json/>; rel="https://api.w.org/" <https://www.eslactivity.org/wp-json/wp/v2/pages/3995>; rel="alternate"; type="application/json" <https://www.eslactivity.org/>; rel=shortlink
pagespeed: off
response: 200
set-cookie: ezoadgid_118073=-1; Path=/; Domain=eslactivity.org; Expires=Sun, 12 Sep 2021 22:25:46 UTC ezoref_118073=; Path=/; Domain=eslactivity.org; Expires=Sun, 12 Sep 2021 23:55:46 UTC ezoab_118073=mod1-c; Path=/; Domain=eslactivity.org; Expires=Sun, 12 Sep 2021 23:55:46 UTC active_template::118073=pub_site.1631483746; Path=/; Domain=eslactivity.org; Expires=Tue, 14 Sep 2021 21:55:46 UTC ezopvc_118073=1; Path=/; Domain=eslactivity.org; Expires=Sun, 12 Sep 2021 22:25:46 UTC ezepvv=1090; Path=/; Domain=eslactivity.org; Expires=Mon, 13 Sep 2021 21:55:46 UTC ezovid_118073=796851360; Path=/; Domain=eslactivity.org; Expires=Sun, 12 Sep 2021 22:25:46 UTC lp_118073=https://www.eslactivity.org/; Path=/; Domain=eslactivity.org; Expires=Sun, 12 Sep 2021 22:25:46 UTC ezovuuidtime_118073=1631483746; Path=/; Domain=eslactivity.org; Expires=Tue, 14 Sep 2021 21:55:46 UTC ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; Path=/; Domain=eslactivity.org; Expires=Sun, 12 Sep 2021 22:25:46 UTC ezCMPCCS=true; Path=/; Domain=eslactivity.org; Expires=Mon, 12 Sep 2022 21:55:46 GMT
vary: Accept-Encoding Accept-Encoding,User-Agent
wpx: 1
x-ez-minify-html: 10.40% 133892 / 149430
x-ez-proxy-out: true 2.3
x-ezoic-cdn: Hit ds;mm;09afdf3af727200b580345557ed02e7f;2-118073-3;1e144d18-01c7-4e37-4ae6-c9e9b087e961
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-origin-cache-control
x-powered-by: PHP/7.4.20
x-sol: pub_site
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U3N%2F41HGKAeg5ibTjkmayD3JDBqNnmGyVBd5Me47Y%2BRoYx52V1X7AkkLge5zKo6b5DssDVzYKqzqayscQ9mzSnsymgI2oKef%2FB%2BFsqTkocNhppd4PwMwzfbugGqcslHyraAlc4h%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68dc61c8bdf32788-PRG
content-encoding: br

Redirect headers

date: Sun, 12 Sep 2021 21:55:46 GMT
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=259200
display: staticcontent_sol
location: https://www.eslactivity.org/
pagespeed: off
response: 301
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
wpx: 1
x-ez-minify-html: NaN% 0 / 0
x-ez-proxy-out: true 2.3
x-ezoic-cdn: Hit ds;mm;ccb40a42cb4778e564fc0af9a074ce78;2-118073-3;3f6d15c2-fb93-43c3-7955-2d24a80f2e69
x-middleton-display: staticcontent_sol
x-middleton-response: 301
x-origin-cache-control: max-age=3600
x-powered-by: PHP/7.4.20
x-redirect-by: WordPress
x-sol: pub_site
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7peO5J32xLITHKcHQ72XO3%2BCZ3DytXStiBmmTf8V%2FnLdENntV4J%2FaF%2FmjEPkFi5Mo9n3oGxRhkxFCOPIBEK298I2d2vo%2FD0RDnwEnEesolvMVQOCCjmlrZF9mBGfI6AvAjY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68dc61c80d312788-PRG

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 71 KB
25 KB 50ms
16ms Script
text/javascript 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.eslactivity.org
URL: https://www.eslactivity.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

sffe /

Resource Hash

b25347768fa0bbaf1c159ae73a9054f550c973770a58620fe32cd34114e0e747

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "985 / 82 of 1000 / last-modified: 1631311793"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25076
x-xss-protection: 0
expires: Sun, 12 Sep 2021 21:55:47 GMT

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 307 KB
94 KB 184ms
134ms Script
application/javascript 104.21.73.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.73.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0329f635aaddae39f7e692fcf0d22e887482777681b1270e0fbf4bce90187dd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 12 Sep 2021 21:55:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVLqz0%2FW7llSFBsbaNKGtYOtEOSQ%2BRQsh%2Fdd6A%2FTn9aIABLrJHEbdEk%2FCW7Rr25VmIwkW43%2FTFjyLXSyt0%2BowhDENnQ1Jd%2FXX2YaE%2FuGyfH5pVsaYwZJeBm4qY%2B%2BW9o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68dc61cb6dbd27c0-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 blocks.style.build.css
www.eslactivity.org/wp-content/plugins/structured-content/dist/ 0
858 B 20ms
19ms Stylesheet
text/css 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/plugins/structured-content/dist/blocks.style.build.css?ver=1.4.6&ez_used_css_s=15
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /wp-content/plugins/structured-content/dist/blocks.style.build.css?ver=1.4.6&ez_used_css_s=15
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
etag: "ca0-60f4f886-f16f9d98e877edf7;gz"
cf-cache-status: HIT
wpx: 1
age: 39143
x-ezoic-cdn: Hit ds;mm;54676701b22d5627c99c6c36c070e47e;2-118073-3;a9c57697-e9bb-4a61-62e8-b0165be41254
x-middleton-display: staticcontent_sol, orig_site_sol
x-ez-minify-css: NaN% 0 / 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
response: 200
last-modified: Mon, 19 Jul 2021 03:59:02 GMT
server: cloudflare
x-origin-cache-control: public, max-age=604800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DGvH7IUvaGNCQhq7ZEJYHYrIRNZzPWdyGBBHPm7kwpx4IkQK%2BrF4LleSITttqaorXPKVdhkwxanaD8R%2FfFZFvE2%2FyGe87H9zRhgDW1GQU0YUGT3gsXQY5o5I%2BZNZxcz3oPotI5o"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-sol: orig
x-middleton-response: 200
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
accept-ranges: bytes
cf-ray: 68dc61cb185b2788-PRG
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 style.min.css
www.eslactivity.org/wp-includes/css/dist/block-library/ 1 KB
1 KB 117ms
116ms Stylesheet
text/css 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1&ez_used_css_s=15
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c43212700772248a44755e84a6f92ce5046c05472b59beae6e7664cc45ca4394

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.8.1&ez_used_css_s=15
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: MISS
wpx: 1
display: staticcontent_sol, orig_site_sol
x-ezoic-cdn: Hit ds;mm;f5ae5242181a5a27d3c54beac289b499;2-118073-3;6115c6c5-1e83-4f94-659b-5d36c4cb9fc3
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Wed, 28 Jul 2021 19:47:43 GMT
server: cloudflare
etag: W/"13abe-6101b45f-e8966bf50eaefee2;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 0.69% 1449 / 1459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9QTYcd6aeBPvBHIanvUZwKC584uBYoPZkc0E3CJp6pO%2FCdRzx9dU1LZ0iHNxd1MNY79DmrjACFuNzCpm8COqYpcA9H3rifXiIp8W3zPBqlwNSnkLvFPu5VwoDho9EoCXor6YuEyR"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-sol: orig
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cb185c2788-PRG

GET
H2 200 styles.min.css
www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/ 25 KB
4 KB 104ms
103ms Stylesheet
text/css 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73f0eeb77f6d25bc6b00923c1de1301babbf46455ddda16cf1d4ea36e8868ae2

Request headers

:path: /wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: MISS
wpx: 1
display: staticcontent_sol, orig_site_sol
x-ezoic-cdn: Hit ds;mm;781bf59bf881602e66f21264f63654ee;2-118073-3;7cc42fe5-1da4-43e8-4e76-53e45206e42a
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"14b27-5fe4f12c-5e99e572e632af2e;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.06% 25654 / 25928
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YyZExhRcLJoGr13gXSdlat%2BmLceVL1x2BZTI6sZlZTZb88aJ1ZKaNwp03mE7m0ExiN0gAi%2BEj6Vq2Pp4ZZ%2FcKBoaPgDSl18uhwWfTynTO1cnBN%2BSxMfs3LRDesi%2FXLkqB76jupS%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-sol: orig
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cb185d2788-PRG

GET
H3 404 bg.png
www.eslactivity.org/images/ 42 KB
42 KB 1214ms
1212ms Image
text/html 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/images/bg.png?ezimgfmt=ng%3Awebp%2Fngcb3
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.20
Resource Hash: 6a8f8c9b9fce40401070cb89122e3ecde261196171394c067e0bd1a426ed57c8

Request headers

:path: /images/bg.png?ezimgfmt=ng%3Awebp%2Fngcb3
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, staticcontent_sol
x-powered-by: PHP/7.4.20
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol, staticcontent_sol, staticcontent_sol, staticcontent_sol
x-middleton-response: 404
wpx: 1
pagespeed: off
response: 404
x-ez-proxy-out: true 2.3
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EwP8ZiIg1CRgX781VTM0j9ryAmLVxCubsHCr8LWMkEto6Lx0%2FKM8HsEfV8FA5fnfiJJbzKjfMbmIzBNsnSaTdN3AMUgT18ffvsK0Jmab0L3pIJ%2Bqx2Y%2BWwEsqjYqbgmq6zfZoG2h"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-ray: 68dc61cbbb0c4114-PRG
link: <https://www.eslactivity.org/wp-json/>; rel="https://api.w.org/"
x-ez-minify-html: 4.99% 43318 / 45591
expires: Sat, 11 Sep 2021 21:55:48 GMT

GET
H2 200 cash.js Show response
sf.ezoiccdn.com/tardisrocinante/ 32 KB
12 KB 91ms
16ms Script
application/javascript 52.222.158.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sf.ezoiccdn.com/tardisrocinante/cash.js?cb=4
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.158.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-158-9.cdg52.r.cloudfront.net
Software: nginx/1.16.0 /
Resource Hash: 613d6bc3b776a6f38a7b3592c3a502e88d5d8d3b9f54bb4ad9002b318fa432ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 22 May 2021 09:42:33 GMT
content-encoding: gzip
server: nginx/1.16.0
age: 9807194
vary: Accept-Encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 69b4ccb4caed8bb6a3a45a0df08d1447.cloudfront.net (CloudFront)
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-amz-cf-pop: CDG52-P2
x-robots-tag: noindex
x-amz-cf-id: 94b8pP_ZISAWQb_9JxB-KTnkQ7Ipamivsdf_PXFSxWFA2UZmuTtoCg==

GET
H2 200 style.css
www.eslactivity.org/wp-content/themes/restored316-market/ 18 KB
5 KB 20ms
19ms Stylesheet
text/css 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/style.css?ff=1&ver=1.0.1&wps=true&ez_used_css_s=15
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81b16fd53c47bf9fa331391b9a29ae92eaddcb487e1ef760797a7ede05492887

Request headers

:path: /wp-content/themes/restored316-market/style.css?ff=1&ver=1.0.1&wps=true&ez_used_css_s=15
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
etag: W/"ba1b-6080a1d7-2d73fd43b866dec9;gz-gzip"
cf-cache-status: HIT
wpx: 1
age: 370758
x-ezoic-cdn: Hit ds;mm;ea3b5ea193b2c11cff6d26c2a1396069;2-118073-3;c90b8d30-f89a-44c5-7131-562bea10c2bb
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
x-origin-cache-control: public, max-age=604800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 2.22% 18435 / 18854
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9vPYh0sTuTr8sAxvN1ALsfdO581ovsf8870QQn14g1YSGA4Scpucm9g2KJgtMAT%2F4wixnNlzFqPvXahJ27FpXS8vcDIlgIx%2BiQ3sKuB5ROvD64CrLiYLM83x27tsTh%2FmUJ856Kuy"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-sol: orig
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cb185e2788-PRG
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 global.js Show response
www.eslactivity.org/wp-content/themes/restored316-market/js/ 963 B
959 B 19ms
19ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/js/global.js?ver=1.0.0
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 268eeeaa1051319d993f8c54254be0ced49f752a848dd74cfdcd30995803cb28

Request headers

:path: /wp-content/themes/restored316-market/js/global.js?ver=1.0.0
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
etag: W/"4e2-5fe4f158-97d67ef2cfa96498;gz-gzip"
cf-cache-status: HIT
wpx: 1
age: 135352
x-ezoic-cdn: Hit ds;mm;c422cfb56a9128bd59b59ad32720cefe;2-118073-3;14bc5545-8b46-4ac4-5c36-d5f0e8c81737
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
x-origin-cache-control: public, max-age=604800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fwIX6Kpf9qouN%2BPKPWKz%2BB7ZpmDnBGi%2BhfwwaCyRGikYohT%2FPGT8Io3vyhU0%2F5oG0Mn%2B4YYtCaUL0loBk6%2Fw1IUbakoUQxZ9JC1Q7bNSofxyKreQE64DJZucIqGFYnlxjm3Q1WRn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=259200
x-ez-minify-js: 22.96% 963 / 1250
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cb18602788-PRG
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H3 200 banger.js Show response
www.eslactivity.org/porpoiseant/ 45 KB
12 KB 27ms
25ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/banger.js?cb=195-2&bv=74&v=52&PageSpeed=off
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22ef0fab316505afd116cd06ee42770798c60a9c3ca0a8581f98377b85198095

Request headers

:path: /porpoiseant/banger.js?cb=195-2&bv=74&v=52&PageSpeed=off
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 86698
cf-polished: origSize=45888
cf-ray: 68dc61cbbb0d4114-PRG
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 11 Sep 2021 21:50:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJZOoVA%2Fko6KqcQK57HPNrxmKPOZOQgiCV852Z1S7oG0wAwBJdZQtKfgL5X5Wxe5tFU0r%2BLxjbxs3mgsWPyvZ55F4RZAbzpbVTFuqcW9bDZ6lX9YJjJ6o1rM8omGTM7wwuvP4nx9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H3 200 email-decode.min.js Show response
www.eslactivity.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 16ms
14ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.eslactivity.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.eslactivity.org
URL: https://www.eslactivity.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Sep 2021 12:26:08 GMT
server: cloudflare
etag: W/"61375a60-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DfVLTFQjBs%2FK%2Fc1h2iR3Unxtsp3DPdn81S6XI29LgkxvhEXndRyeHWr6M5054ogp5BfnNAGwfiK6tp7bKYltQ0y0bg0vgkwzmO0zotcK9YhXDQdm2gu6t%2BuIErFk%2BYsfSX8xnn%2Fq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68dc61cbbb084114-PRG
vary: Accept-Encoding
expires: Tue, 14 Sep 2021 21:55:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
41 KB 87ms
38ms Script
application/javascript 64.233.184.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-125056220-1

Requested by

Host: www.eslactivity.org
URL: https://www.eslactivity.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.184.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

101b3f10d740ff5ad07a1fe651138f5d82cc91fb8bbd5f6fdb4dbb513cd2c8e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41222
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 12 Sep 2021 21:55:47 GMT

GET
H3 200 jquery.localScroll.min.js Show response
www.eslactivity.org/wp-content/themes/restored316-market/js/ 1 KB
2 KB 19ms
17ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/js/jquery.localScroll.min.js?ver=1.2.8b
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d2cfdf46351e2430a4882ade5135f3f922fd354f63bb02b226967c3b894b3d3

Request headers

:path: /wp-content/themes/restored316-market/js/jquery.localScroll.min.js?ver=1.2.8b
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 140203
x-ezoic-cdn: Hit ds;mm;e92db68621c9a9934a1444dbd73333e5;2-118073-3;01407801-93e7-46a6-641d-d4a93daa410f
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"5fd-5fe4f158-277673ac34aaae2b;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1R9rq7ZtVFhpQjWabl%2FLv40NIPmJi1AjChQITxxumEnCBT0bfxvb%2BsL1lBVShvatfgHRU09Su7KLmuVbJ4gpD9iuxrAqAktB0IgtyK6nQZojVq9CeRIK8Zi%2B5G1cAXkKe4b%2FIyM9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=259200
x-ez-minify-js: 18.07% 1256 / 1533
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cbbb094114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H2 200 ezosuigeneris.js Show response
g.ezoic.net/ 555 B
556 B 83ms
13ms Script
text/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigeneris.js
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3b6d7072817e1fa92f8068125284235645845ed1db3710cb1ee3227cd3bb2339

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
etag: ebbefe46401a895c809457c0c99e2f92
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cache-control: max-age=999999, private
content-length: 275
expires: Mon, 29 Apr 2020 21:44:55 GMT

GET
H3 200 cmbv2.js Show response
www.eslactivity.org/detroitchicago/ 88 KB
27 KB 22ms
21ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e149aabe93fb5bf86c5bc63989f26cc718b94e14554e54cc6696f549da459dc

Request headers

:path: /detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 270929
cf-polished: origSize=89662
cf-ray: 68dc61cbbb0e4114-PRG
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 09 Sep 2021 18:40:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wshChXbFGxoE7yIDopSMDOVLQWOx64XEUmgcrW4RY9A7b1h9mg5jUng3C%2FBuRkf5s7zYCTiuMu752hjJwWGs6b8AxyGTlKhMTWwLEnqffC6CtAvG0KJrN%2FFighW8cU4nH4PHYk3W"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public, max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d694074b9d8d5e6c65359ed1c76732af149a49ef0d74b00e5d21e814cec7b65a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 border2.png
www.eslactivity.org/wp-content/themes/restored316-market/images/ 3 KB
4 KB 18ms
17ms Image
image/webp 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/images/border2.png?ezimgfmt=rs%3Adevice%2Frscb3-1%2Fng%3Awebp%2Fngcb3
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/wp-content/themes/restored316-market/style.css?ff=1&ver=1.0.1&wps=true&ez_used_css_s=15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3739075617d9fac0bf7accb8708f8c11c8ab3e3ac0c3a65614c73c8fb068c751

Request headers

:path: /wp-content/themes/restored316-market/images/border2.png?ezimgfmt=rs%3Adevice%2Frscb3-1%2Fng%3Awebp%2Fngcb3
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/wp-content/themes/restored316-market/style.css?ff=1&ver=1.0.1&wps=true&ez_used_css_s=15
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/wp-content/themes/restored316-market/style.css?ff=1&ver=1.0.1&wps=true&ez_used_css_s=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e43.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 129317
x-amzn-requestid: 7c48fadd-59b9-4c04-8108-0e6223b7bc9a
x-ezoic-cdn: Hit ds;mm;910472e0233e7382cc0cdac21c9e4584;2-118073-3;e8058f09-a530-47b5-65f5-3cb1101de0a4
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
x-amzn-trace-id: Root=1-6138cfd5-7c99962c537fdfce3d00235b;Sampled=0
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: FWVpZEhFoAMF7kA=
x-amz-cf-id: UNuWC_GZKEMDwNNjGzKJxKpw7JqSmMM23lc1FbhTxVyaJtG8x9YQxg==
response: 200
last-modified: Sat, 11 Sep 2021 10:00:30 GMT
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2QNvCPAS1nDlA6KA9ObzdhbBDirQ4%2Fbj%2BfJTn%2F9PFsBjsQFz8%2BgjNBvXIfK4ILSGMGHEp9Rb5OpZMctjeDhTeHU7mYo7BHQhX62FvY2%2F8m4mOdNuLWyEbbQweYzzagsI9G37%2FHI"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=2592000
access-control-allow-credentials: true
x-ez-proxy-out: true 2.3
x-amz-cf-pop: FRA56-P3
cf-ray: 68dc61cbbb0f4114-PRG
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c6ad4c01974171b5f5ba0353d422ba76768b384cfa0b653fb08ffe9deb19673

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e763b1504bc74af992faca17d0cfedb7a443c7555eb9b6eeed97563f7e0145c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05b8ccd1bea213958e9c043d48c63ce23e73054d515d601fd24effa8ce1c7299

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41b0cbbb5821972f1d4af16883ecbdf8b6e51b2f44dfe71bbdf1614c832a806b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 pubads_impl_2021090701.js Show response
securepubads.g.doubleclick.net/gpt/ 333 KB
117 KB 30ms
15ms Script
text/javascript 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

sffe /

Resource Hash

ac8d2f2be577b89fdbd26a497ece0c0bc127dd2ed5676119e0055b62e4daf48e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Sep 2021 08:38:19 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119497
x-xss-protection: 0
expires: Sun, 12 Sep 2021 21:55:47 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 74 B
100 B 48ms
26ms XHR
application/json 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

870b28af427b5cc83fea81f66b06e6f967f73f85fa3ea4eccda0dad9febb259a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75
x-xss-protection: 0
expires: Sun, 12 Sep 2021 21:55:47 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d77c8636e7131d17157d91e24c730940324d540b7dfc1caf1e065e997751b92b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 v2.svg
www.eslactivity.org/wp-content/plugins/aawp/public/assets/img/stars/ 15 KB
6 KB 18ms
17ms Image
image/svg+xml 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/img/stars/v2.svg
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 717212e6ee6ca732830c1b60abaa460bd7b448e2b712bf219a6d8762cbe77535

Request headers

:path: /wp-content/plugins/aawp/public/assets/img/stars/v2.svg
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 60745
x-ezoic-cdn: Hit ds;mm;c507ece3bae64f0d0bd0f19ddece593b;2-118073-3;2fa3d893-978c-47b2-692a-ac9a8ad68443
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"3cc2-5fe4f134-a243d648989d6b5c;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yecs3ZheZNTqOo2axcrjFhDjznEtwxb%2BUZp0hmNsPRD1oY%2FQck4Z6jnrAnFsMs%2FOj3AFZ943UrvEKR9Wux81%2F7VctZmPEKPleMl%2FjjXgnwe3MNr9IFBpcPzN338VfpEVv7SaZv2D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cc2b714114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H3 200 v2-active.svg
www.eslactivity.org/wp-content/plugins/aawp/public/assets/img/stars/ 15 KB
6 KB 18ms
18ms Image
image/svg+xml 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/img/stars/v2-active.svg
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77fb9fb42e5ca1801314b281ccc3f88cb728c0c9a8b354842fdacbab6bce83fa

Request headers

:path: /wp-content/plugins/aawp/public/assets/img/stars/v2-active.svg
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 405669
x-ezoic-cdn: Hit ds;ds;0d93efebafbae82aa2ea761ba25ea6fa;2-118073-3;562825d5-56e5-409b-608c-e7a17b3775da
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"3cc2-5fe4f134-a853ed14888f9b64;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yND3NmtZj9CsKfgtLS7hd1tnAHOUE0NhMnrwgrZtUyrBHJKUK7xW2Vg4vFoH2pLZrWOnPPVVufV%2FIogos%2FPkmKE5pQkv%2BJZYdZqgdu2T1wdM4cna13rUo00qXH0%2BpoURD75ceJQL"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cc2b724114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H3 200 icon-cart-black.svg
www.eslactivity.org/wp-content/plugins/aawp/public/assets/img/ 525 B
1 KB 19ms
19ms Image
image/svg+xml 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/img/icon-cart-black.svg
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc0fefee2a079504332404e345a34d07deb6cde64dfe9becee4fff7a12e748ce

Request headers

:path: /wp-content/plugins/aawp/public/assets/img/icon-cart-black.svg
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 60745
x-ezoic-cdn: Hit ds;mm;0da73b6cb7d52f81d21c22fbf7aa2864;2-118073-3;0605d243-3efe-470a-73f5-7c0e78c6f9bc
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"20d-5fe4f12c-63a941fdfe6a8827;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SBVlTeqYbw%2BfrkR98ck%2BFICWujy8WggtQ99NHner3Q5rGSIDGj3KxaNbkU5Ht%2Ba0B7bgOGTWsE20yIorMmSMIC%2FjbAmSMWiz7GrwfaPODxxoCs0iI8p5%2FKrdubdLlACn167HfLk4"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cc2b744114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H3 200 icon-check-prime.png
www.eslactivity.org/wp-content/plugins/aawp/public/assets/img/ 2 KB
2 KB 30ms
30ms Image
image/png 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/img/icon-check-prime.png
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3df712b94b9ab0cb41bedcace4da28a68f13822d61df80f2e5fe1c9f49049c09

Request headers

:path: /wp-content/plugins/aawp/public/assets/img/icon-check-prime.png
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
cf-cache-status: HIT
wpx: 1
age: 401465
x-ezoic-cdn: Hit ds;mm;ee5a4496447e498331e9e9ced52b98ba;2-118073-3;c1d436d8-8dad-4353-42d5-e867f145b388
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=5184000
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"63e-5fe4f12c-713919351ab84dd4;;;-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2FNSf2bzA%2BIm%2B1pzH4wd2hzntZZoagJrOCUfXZwkQS0%2Fyuf6tdF%2B9E19c4wQSP054DQsUIdty%2F3zrgPNUHWMk5lhgtMNO%2FKcV4kCBg3xYGF%2Bwjt1VgVFl1MOjIg3BZG2qirFIUr1"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cc2b754114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H3 200 denver.js Show response
www.eslactivity.org/detroitchicago/ 4 KB
2 KB 18ms
18ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/denver.js?gcb=2&cb=1
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e45818350fb6700935c0dce924d8317b166845c5516bc391a1dbda39203f143a

Request headers

:path: /detroitchicago/denver.js?gcb=2&cb=1
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 86697
cf-ray: 68dc61cc3b804114-PRG
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 11 Sep 2021 21:50:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgPh5aI%2BetEaZ816H2mqMlgXBVezLzd56M5sK1Auh8DNdtEH5%2F0WrDfqcvDrUNCGqVDJXhr5wE6MMH6Q2JAex712gLkLwvga5At7%2BKav17WGitKRfDklLaFWrGrWK3zZuQLCROeU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 68ms
7ms Image
image/png 143.204.207.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.207.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-207-111.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 10 Sep 2021 10:44:18 GMT
via: 1.1 e7377cc861b31102786678df3616bf69.cloudfront.net (CloudFront)
x-sol: middleton
age: 213089
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol
content-length: 1181
x-amz-cf-id: Icqnx5nG1XpnjkJBtrZUoFdv5K3_9TZyKX1ny0EE-uziTO3iAp8gHg==
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
etag: "49d-5bd497273b080-gzip-gzip"
vary: Accept-Encoding,Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA53-C1
display: staticcontent_sol
expires: Fri, 17 Sep 2021 10:44:18 GMT

GET
H3 200 imp.gif Show response
www.eslactivity.org/detroitchicago/ 43 B
652 B 75ms
75ms XHR
image/gif 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A4%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%226%2C5%2C31%2C3%2C22%2C30%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A3%2C%22city%22%3A%22%22%2C%22country%22%3A%22US%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A118073%2C%22domain_test_group%22%3A20210307%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22132%22%2C%22iab_category_1%22%3A%22147%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221006%2C1100%2C1199%2C1611%2C1612%2C1613%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22b3961c1e-271e-4d10-7989-8f6c6bab7c36%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%22%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A62090%2C%22response_time_orig%22%3A5%2C%22serverid%22%3A%223.68.87.4%3A16304%22%2C%22state%22%3A%22%22%2C%22sub_page_ad_positions%22%3A%221006%2C1100%2C1199%2C1611%2C1612%2C1613%22%2C%22t_epoch%22%3A1631483746%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwww.eslactivity.org%2F%22%2C%22user_id%22%3A0%2C%22weather_precipitation%22%3A0%2C%22weather_summary%22%3A%22%22%2C%22weather_temperature%22%3A0%2C%22word_count%22%3A983%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path: /detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A4%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%226%2C5%2C31%2C3%2C22%2C30%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A3%2C%22city%22%3A%22%22%2C%22country%22%3A%22US%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A118073%2C%22domain_test_group%22%3A20210307%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22132%22%2C%22iab_category_1%22%3A%22147%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221006%2C1100%2C1199%2C1611%2C1612%2C1613%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22b3961c1e-271e-4d10-7989-8f6c6bab7c36%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%22%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A62090%2C%22response_time_orig%22%3A5%2C%22serverid%22%3A%223.68.87.4%3A16304%22%2C%22state%22%3A%22%22%2C%22sub_page_ad_positions%22%3A%221006%2C1100%2C1199%2C1611%2C1612%2C1613%22%2C%22t_epoch%22%3A1631483746%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwww.eslactivity.org%2F%22%2C%22user_id%22%3A0%2C%22weather_precipitation%22%3A0%2C%22weather_summary%22%3A%22%22%2C%22weather_temperature%22%3A0%2C%22word_count%22%3A983%2C%22worst_bad_word_level%22%3A0%7D
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQpDSN271QSjusiKR6klHd110sFPSDneNBDpWXBg2yMnF%2F6hQlzp%2FghSC70%2BDfKm6QElLao3%2Bxbuc7DJd9CX8rTIfi53dTRhdfHiWpi2JwES1C1axxzBxSyI5nGjLv%2FSGcAwcW1w"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
cf-ray: 68dc61cc5b964114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 82ms
7ms Script
application/javascript 91.228.74.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.133 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
etag: "lp772EpWKwf8Kq7YKMhbuw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Sun, 19 Sep 2021 21:55:47 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 blocks.style.build.css
www.eslactivity.org/wp-content/plugins/structured-content/dist/ 0
936 B 19ms
19ms Image
text/css 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/plugins/structured-content/dist/blocks.style.build.css?ver=1.4.6&ez_used_css_s=15
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /wp-content/plugins/structured-content/dist/blocks.style.build.css?ver=1.4.6&ez_used_css_s=15
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
etag: "ca0-60f4f886-f16f9d98e877edf7;gz"
cf-cache-status: HIT
wpx: 1
age: 39143
x-ezoic-cdn: Hit ds;mm;54676701b22d5627c99c6c36c070e47e;2-118073-3;a9c57697-e9bb-4a61-62e8-b0165be41254
x-middleton-display: staticcontent_sol, orig_site_sol
x-ez-minify-css: NaN% 0 / 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
response: 200
last-modified: Mon, 19 Jul 2021 03:59:02 GMT
server: cloudflare
x-origin-cache-control: public, max-age=604800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OjrWGn38MD%2BDSmVE9t0n4wJkpJCNPvYahYXK11RvfAc4ZqNZzSHMMTsbwvL6AcpENy1P2Mz1NoNVWsJREiKsn8hGy37eK8PqWhj8%2B5az3cZqBp0c1DE3D8nacjQCg9c%2F%2BAOR4vhO"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-sol: orig
x-middleton-response: 200
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
accept-ranges: bytes
cf-ray: 68dc61cc5b974114-PRG
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H3 200 style.css
www.eslactivity.org/wp-content/themes/restored316-market/ 18 KB
18 KB 17ms
17ms Image
text/css 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/style.css?ff=1&ver=1.0.1&wps=true&ez_used_css_s=15
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /wp-content/themes/restored316-market/style.css?ff=1&ver=1.0.1&wps=true&ez_used_css_s=15
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
etag: W/"ba1b-6080a1d7-2d73fd43b866dec9;gz-gzip"
cf-cache-status: HIT
wpx: 1
age: 370758
x-ezoic-cdn: Hit ds;mm;ea3b5ea193b2c11cff6d26c2a1396069;2-118073-3;c90b8d30-f89a-44c5-7131-562bea10c2bb
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
x-origin-cache-control: public, max-age=604800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 2.22% 18435 / 18854
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8FDod9cjwmugTqgwWuuFF3NG9Cv%2FlLhFTbPts48ON8nM4ol2ijtkdFEdKd0h7wf2SBdG2%2B5QJgRb1tPh4WClFLjx0ZZdSwsuwuDbFgT8fRvE4jjw871JRWZAm2mSHl9F5oiKHsr9"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-sol: orig
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cc5b984114-PRG
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H3 200 style.min.css
www.eslactivity.org/wp-includes/css/dist/block-library/ 1 KB
1 KB 26ms
25ms Image
text/css 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1&ez_used_css_s=15
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.8.1&ez_used_css_s=15
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 0
x-ezoic-cdn: Hit ds;mm;f5ae5242181a5a27d3c54beac289b499;2-118073-3;6115c6c5-1e83-4f94-659b-5d36c4cb9fc3
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Wed, 28 Jul 2021 19:47:43 GMT
server: cloudflare
etag: W/"13abe-6101b45f-e8966bf50eaefee2;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 0.69% 1449 / 1459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3liz17dttP7pXJudtH5M69lHWpRGhHKRLngPP2MvAeoodnP1vhC0qmvYjE8PsEfGd0CF6lYh7B1t5PQ3ZmkV8LUL4UndSmd9kvoPbL9LPgqBXp%2Bqo8lNv5UMPWdp3Atk9hGweyQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-sol: orig
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cc5b994114-PRG
display: staticcontent_sol, orig_site_sol

GET
H3 200 styles.min.css
www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/ 25 KB
25 KB 26ms
25ms Image
text/css 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /wp-content/plugins/aawp/public/assets/css/styles.min.css?ver=3.14.3&ez_used_css_s=15
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 0
x-ezoic-cdn: Hit ds;mm;781bf59bf881602e66f21264f63654ee;2-118073-3;7cc42fe5-1da4-43e8-4e76-53e45206e42a
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"14b27-5fe4f12c-5e99e572e632af2e;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.06% 25654 / 25928
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lijYqHPtokk73xaEzHTP8aV7G%2FQQr58V5om5L530VWqzu0IS11Rgn0JfFL1pyiFW1ZyDFC0Sdj3dEwu%2B%2Fu%2B1L6bQFfaG8bYkjh%2BnoLr%2B%2F2Q68x8hLEG7Yp%2Br7Z6q2AQiNQe%2FGE9S"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-sol: orig
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61cc5b9a4114-PRG
display: staticcontent_sol, orig_site_sol

GET
H2 200 ezosuigenerisc.js Show response
g.ezoic.net/ 0
54 B 15ms
12ms Script
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
cache-control: max-age=300, private
server: nginx
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H3 200 cmbdv2.js Show response
www.eslactivity.org/detroitchicago/ 49 KB
13 KB 25ms
23ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/cmbdv2.js?gcb=195-2&cb=03-4y0c-5y18-4y33-21y56-21y5a-19&cmbcb=20&sj=x03x0cx18x33x56x5a
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93a81e4b76f70cfaf8e05eae272f373e0ec6ea7eedc65a08ce97a782a9f17b95

Request headers

:path: /detroitchicago/cmbdv2.js?gcb=195-2&cb=03-4y0c-5y18-4y33-21y56-21y5a-19&cmbcb=20&sj=x03x0cx18x33x56x5a
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 270929
cf-polished: origSize=50142
cf-ray: 68dc61cc5b9c4114-PRG
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 09 Sep 2021 18:40:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AC5m7cPOBPhVbv0GMyWBrpPahYqGtpz29iZImeylySoOsJ6L79N%2FT9LVS9URDGCjjPpysFiOVrGQtRGprCzC8bRBk%2FvlmMor%2B3CmCGd7D30WyYRW8Pw%2BTv24OhJifV3SLsqG7CBI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public, max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H3 200 nmash.js
www.eslactivity.org/porpoiseant/ 24 KB
7 KB 25ms
25ms Other
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/nmash.js?v=74
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 110ae568f2e30c7b0b34089d74e66abb1796ad9d9f6c5813e26f22de7eb9c1b8

Request headers

:path: /porpoiseant/nmash.js?v=74
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: same-origin
accept: */*
cache-control: no-cache
sec-fetch-dest: worker
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 233681
cf-polished: origSize=24753
cf-ray: 68dc61cc6ba74114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 10 Sep 2021 04:24:31 GMT
server: cloudflare
etag: W/"60b1-5cb9c7dee8691;5c701b9c2cf40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0GeMU5Oiv106maceLlwobMq8dAOM6sIOvyCWVFuu6LWl67nTytGqUD1LOLALMXQJQMw44P5S9CZ%2F45MQU386nJ7QN%2FJ3OXG7AN%2BMKJrgZIU5fJVjlSaYIZTV%2FKaQEKtJfTgDGeUL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H3 200 41leBPvWMLL.jpg
www.eslactivity.org/ezoimgfmt/m.media-amazon.com/images/I/ 6 KB
7 KB 18ms
17ms Image
image/webp 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/ezoimgfmt/m.media-amazon.com/images/I/41leBPvWMLL.jpg?ezimgfmt=rs:126x200/rscb3/ng:webp/ngcb3
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 697d644ccaabb9a1e27262b150d0c758ad7f087d20f30083eb91f9aace4d7a09

Request headers

:path: /ezoimgfmt/m.media-amazon.com/images/I/41leBPvWMLL.jpg?ezimgfmt=rs:126x200/rscb3/ng:webp/ngcb3
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
via: 1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13212
x-amzn-requestid: 3504fe11-c740-4f60-b7aa-0c99c2c44210
x-ezoic-cdn: Hit ds;mm;ae0bb5dde2862f6806e3728841441e33;2-118073-3;05635c6e-1fb5-4e6c-48ea-d2b3dfaa2aa7
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
x-amzn-trace-id: Root=1-613e3c07-261aba182a4528f357f0ec83;Sampled=0
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: Fj5ROGpooAMFVqA=
x-amz-cf-id: yjZqIU9IK-zsjUJRZtKeyK_BfhSL1WQeY4fdYYqNJf3zmG1vY_3RRw==
response: 200
last-modified: Sun, 12 Sep 2021 18:15:35 GMT
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rK8llcy7%2FFtdwbKKe3IiFFkjD6cY%2FJT2MtpE9RAUMmdpiZgvj1l4CjbeQ7wcmQfzlgNozfaN1WefASR6N%2BsJkopBpYGQIwzd4siMSU14OKyRExdb3e8RF4bF7c62DUE%2BurQsByJ3"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=2592000
access-control-allow-credentials: true
x-ez-proxy-out: true 2.3
x-amz-cf-pop: FRA56-P3
cf-ray: 68dc61cc7bae4114-PRG
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol

GET
H3 200 41dbQMwSEFL.jpg
www.eslactivity.org/ezoimgfmt/m.media-amazon.com/images/I/ 6 KB
7 KB 22ms
19ms Image
image/webp 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/ezoimgfmt/m.media-amazon.com/images/I/41dbQMwSEFL.jpg?ezimgfmt=rs:154x200/rscb3/ng:webp/ngcb3
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf1423b729730a3bdd26d9bd8723fa1a022b2c90c24ef7efb6579580941eab10

Request headers

:path: /ezoimgfmt/m.media-amazon.com/images/I/41dbQMwSEFL.jpg?ezimgfmt=rs:154x200/rscb3/ng:webp/ngcb3
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 25406
x-amzn-requestid: 94fc0696-baf3-473e-b925-3f439af38307
x-ezoic-cdn: Hit ds;mm;1e7c6ff02d8ba382b7979630a072a24e;2-118073-3;0f5d12b6-9ff6-4ec4-43c5-ce20343d0b24
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
x-amzn-trace-id: Root=1-613c46cc-20da863e031881f66b1bb3ac;Sampled=0
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: FfAADEUSoAMFUVQ=
x-amz-cf-id: ledKuIFGrYismkPTSm4HMm4Qi942w5BH4YReXk-LOfr355fna3EiAg==
response: 200
last-modified: Sun, 12 Sep 2021 14:52:21 GMT
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gw0wwXQHQ0fDnxhRYAlK1McmAWXZsYfg410hxDX6%2FD86A5AZaws6NYdFOBf0WY1bhjdq0VU58j4jip7ZDaLMUEF0L81uMq7bmaMALQT59wkxbPX7%2FH5p7bBlb4pphEFpMfPdI%2Bkx"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=2592000
access-control-allow-credentials: true
x-ez-proxy-out: true 2.3
x-amz-cf-pop: FRA6-C1
cf-ray: 68dc61cc7bb54114-PRG
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol

GET
H3 200 greenoaks.gif Show response
www.eslactivity.org/detroitchicago/ 0
636 B 74ms
72ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDktMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIyMSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIwIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImRvbWFpbl9pZCI6IjExODA3MyIsInRfZXBvY2giOjE2MzE0ODM3NDYsImRhdGEiOlt7Im5hbWUiOiJ1bml2ZXJzYWxfdXNlcl9pZCIsInZhbCI6ImViYmVmZTQ2NDAxYTg5NWM4MDk0NTdjMGM5OWUyZjkyIn1dfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDktMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIyMSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIwIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImRvbWFpbl9pZCI6IjExODA3MyIsInRfZXBvY2giOjE2MzE0ODM3NDYsImRhdGEiOlt7Im5hbWUiOiJ1bml2ZXJzYWxfdXNlcl9pZCIsInZhbCI6ImViYmVmZTQ2NDAxYTg5NWM4MDk0NTdjMGM5OWUyZjkyIn1dfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=to5UGRxsvwdh60ebQws5oWTHp1l8KcFxDjEMocH0CSPGg%2FSE5vfGrpUgI1Bq5etN6BfQUxpz4v8SkZBXGHDAxB2AIeLi9G%2BVmJA%2BgCDGoU7qDVMwuZVySlEEG3DggRZYNJNEVeWo"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61cc7bb84114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:46 UTC

GET
H3 200 esl-activities-200x300.jpg
www.eslactivity.org/wp-content/uploads/2021/02/ 11 KB
12 KB 109ms
109ms Image
image/webp 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/wp-content/uploads/2021/02/esl-activities-200x300.jpg?ezimgfmt=ng:webp/ngcb3
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df0d4d3bdcc8e00b7b9369179ba808576146fa502009caa7c33f4680cbded24f

Request headers

:path: /wp-content/uploads/2021/02/esl-activities-200x300.jpg?ezimgfmt=ng:webp/ngcb3
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e43.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, staticcontent_sol
x-amzn-requestid: 67748d1b-4c57-4b46-a94f-a5afb217fe0e
x-ezoic-cdn: Hit ds;dm;bf2dec83e06f2fa657c4e8e1e3369eca;2-118073-3;302310b8-81b9-4293-7246-1b15d317420a
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
x-amzn-trace-id: Root=1-613dc241-42f368386947635e695d7cd5;Sampled=0
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: FitKNFndoAMF57g=
response: 200
last-modified: Sun, 12 Sep 2021 21:55:47 GMT
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=utDe5iW4w0Kl3rGHX0oVmEgPidYlBL9U%2B69e%2FC9x0s%2BOc4sauNNmI85CmxkmT09sMgNZALVtKu%2FgTDzQ5ihTO5JiuqmQ3Z8rDbwzEzlOJ3rm4mxf7SQFPAV3KM8M%2Fwgn%2FhLa0Sms"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=2592000
access-control-allow-credentials: true
x-ez-proxy-out: true 2.3
x-amz-cf-pop: FRA56-P3
cf-ray: 68dc61cc7bc24114-PRG
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: MCn3U1JWngj8f6oX5kJ9nHLp5xo_7UkUg6eFXPRqBUkX5CvAh3rCdg==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 50ms
16ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 64 KB
18 KB 498ms
498ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=3755970945691499&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-medrectangle-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=a%3D%257C5%257C%26iid1%3D5715897027370207%26eid%3D5715897027370207%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1611%26sap%3D1611%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D22%26al%3D1022%26compid%3D0%26tap%3Deslactivity_org-medrectangle-4-5715897027370207%26eb_br%3D736e09a0771285737509ab8954c475a7%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26br1%3D1200%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1631483747&dt=1631483747317&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=460&adys=1024&adks=3360032353&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=820x250&msz=300x250&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

04d8fceacc9abcaebceff53cfb8cce58aa38bc70439f080db0d991e04a1e3574

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18495
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5675 6 KB
3 KB 72ms
15ms Document
text/html 64.233.166.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.166.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wm-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 12 Sep 2021 21:55:47 GMT
expires: Mon, 12 Sep 2022 21:55:47 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
427 B 78ms
7ms Script
application/javascript 13.32.22.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.22.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-22-109.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 19:49:15 GMT
via: 1.1 a7631312afe99e40229aa0da70662113.cloudfront.net (CloudFront)
age: 7593
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
x-amz-cf-id: UdOFycAI-mDZyegcygXYiJo4Bw8Q7wDzcMhl70BJDck3acypWXsQnA==

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 45ms
18ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 48ms
13ms Script
text/javascript 64.233.184.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-125056220-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.184.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f138.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 4548
date: Sun, 12 Sep 2021 20:39:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sun, 12 Sep 2021 22:39:59 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 466 B
282 B 400ms
400ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=1740353082313541&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C728x90&prev_scp=a%3D%257C251%257C%26iid1%3D3985041981374588%26eid%3D3985041981374588%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Deslactivity_org-medrectangle-2-3985041981374588%26eb_br%3D6dbaa2f5e27e83e2fcd15988d9095988%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D16%26bvm%3D0%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D1600%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D33%2C168%2C0%2C157%2C0%2C193%2C66%2C0%2C0%2C156%2C205%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C783%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1631483747&dt=1631483747412&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1110&adks=2551144693&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

f11599f88d95335f3ccaf938ca1fa176e8b36e85887583fd9957517a67d38aaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 252
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=143345380;labels=Domain.eslactivity_org%2CDomainId.118073;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fwww.eslactivity.org%2F;uht=2;fpan=1;fpa=P0-1614549141-1631483747418;pbcn=u;pbc=;ns=0;ce=1;...
pixel.quantserve.com/ 35 B
371 B 27ms
11ms Image
image/gif 91.228.74.133
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=143345380;labels=Domain.eslactivity_org%2CDomainId.118073;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fwww.eslactivity.org%2F;uht=2;fpan=1;fpa=P0-1614549141-1631483747418;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=eccc2c00-20210811224039;cm=;gdpr=0;ref=;d=eslactivity.org;je=0;sr=1600x1200x24;dst=0;et=1631483747418;tzo=0;ogl=locale.en_US%2Ctype.website%2Ctitle.ESL%20Activities%20and%20Games%3A%20Fun%20Ideas%20for%20the%20English%2FTEFL%20Classroom%2Cdescription.ESL%20Activities%20is%20your%20go-to%20source%20for%20fun%20and%20useful%20ESL%2FEFL%20games%20and%20activit%2Curl.https%3A%2F%2Fwww%252Eeslactivity%252Eorg%2F%2Csite_name.ESL%20Activities%2Cimage.https%3A%2F%2Fwww%252Eeslactivity%252Eorg%2Fwp-content%2Fuploads%2F2021%2F02%2Fesl-activities%252Ejpg%2Cimage%3Awidth.735%2Cimage%3Aheight.1102

Requested by

Host: www.eslactivity.org
URL: https://www.eslactivity.org/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.133 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:47 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 41kS+TkiiVL.jpg
www.eslactivity.org/ezoimgfmt/m.media-amazon.com/images/I/ 5 KB
6 KB 18ms
18ms Image
image/webp 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/ezoimgfmt/m.media-amazon.com/images/I/41kS+TkiiVL.jpg?ezimgfmt=rs:126x200/rscb3/ng:webp/ngcb3
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 036309cb21b0740e8d6c08eeac674efa09a130453d51d1213370b92ea28cd65f

Request headers

:path: /ezoimgfmt/m.media-amazon.com/images/I/41kS+TkiiVL.jpg?ezimgfmt=rs:126x200/rscb3/ng:webp/ngcb3
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
via: 1.1 82514a5a8cf35fb3132b0b5ab9cb724d.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13209
x-amzn-requestid: b28a2f19-8b52-491c-b28b-f1109449c3b4
x-ezoic-cdn: Hit ds;mm;b82821807a86afbdb48eafd53f6174a0;2-118073-3;c116e72a-1e23-4627-742c-39490da0c583
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
x-amzn-trace-id: Root=1-613c567e-5dda65894c98b9316f4c512a;Sampled=0
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: FfJz2FauoAMFh3g=
x-amz-cf-id: KZekkh5bTS5eH244njQ7tBksQyCLW57ZjotBmXdGzNEoldJlD6shAw==
response: 200
last-modified: Sun, 12 Sep 2021 18:15:38 GMT
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PJqJJc6DlKsrtCy9Ucm2lAFgen2mmt0YnJvasC9UKTKHATxYajniTdea541exWjCNOQhfmMfen%2BzGTQfYLVDML32roiHCZ8o88GBq0UxQOhdr1Tzo4sbZh7Kc3YJNoqlZxwjIpOt"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=2592000
access-control-allow-credentials: true
x-ez-proxy-out: true 2.3
x-amz-cf-pop: FRA56-P3
cf-ray: 68dc61cd7cab4114-PRG
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 29ms
14ms XHR
text/plain 64.233.184.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1221111038&t=pageview&_s=1&dl=https%3A%2F%2Fwww.eslactivity.org%2F&ul=en-us&de=UTF-8&dt=ESL%20Activities%20and%20Games%3A%20Fun%20Ideas%20for%20the%20English%2FTEFL%20Classroom&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=1766023263&gjid=1511332395&cid=92124532.1631483747&tid=UA-125056220-1&_gid=754323026.1631483747&_r=1&gtm=2ou910&z=1323529881

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f138.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 greenoaks.gif Show response
www.eslactivity.org/detroitchicago/ 0
636 B 76ms
75ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImRvbWFpbl9pZCI6IjExODA3MyIsInRfZXBvY2giOjE2MzE0ODM3NDYsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjE1MCJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiNTI0In0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiIxOSJ9LHsibmFtZSI6InBlcmZfaW50ZXJhY3RpdmUiLCJ2YWwiOiIxODkifSx7Im5hbWUiOiJwZXJmX2NvbnRlbnRsb2FkZWQiLCJ2YWwiOiIxOTEifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiNDQxIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiNjc3In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiI2NzcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImRvbWFpbl9pZCI6IjExODA3MyIsInRfZXBvY2giOjE2MzE0ODM3NDYsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjE1MCJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiNTI0In0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiIxOSJ9LHsibmFtZSI6InBlcmZfaW50ZXJhY3RpdmUiLCJ2YWwiOiIxODkifSx7Im5hbWUiOiJwZXJmX2NvbnRlbnRsb2FkZWQiLCJ2YWwiOiIxOTEifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiNDQxIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiNjc3In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiI2NzcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; __gads=ID=2b279435e9b4fc3d-22c79ec424cb00e1:T=1631483747:S=ALNI_MZfxRVpPhu5IVkhM_TokYnYGhfpYw
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RcxMq7ItqAoZUR3U%2Bfs1uglsz3okdM8N2eQNs97Ft%2FfilNiTVAfvxuMevUqUzIQ7umcqAytU%2FsJDj2lfj6nCICb7skRBEiGnDtGbJC8OXUpwJHARPby2cqjzgXV3K%2BKGcXGvR5Cm"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61cfeec94114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:46 UTC

GET
H3 200 greenoaks.gif Show response
www.eslactivity.org/detroitchicago/ 0
637 B 73ms
72ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImRvbWFpbl9pZCI6IjExODA3MyIsInRfZXBvY2giOjE2MzE0ODM3NDYsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiNzcxIn1dfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImRvbWFpbl9pZCI6IjExODA3MyIsInRfZXBvY2giOjE2MzE0ODM3NDYsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiNzcxIn1dfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; __gads=ID=2b279435e9b4fc3d-22c79ec424cb00e1:T=1631483747:S=ALNI_MZfxRVpPhu5IVkhM_TokYnYGhfpYw
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WRKrhTrNlL9gZ9RHudHYPk7Hp0qHsBTXIdKRnmYGhODNZ0dJDnDP4X2FMjGnCUyHbKj0Y0k%2FfI3IGTvwC3ztnjETgKf%2FMkiVL83IW2YX10TniMLtqTL4wx1Jq65mE5ziSjp%2BbBhX"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61cfeeca4114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:55 UTC

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 53ms
18ms XHR
application/json 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021090701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

cafe /

Resource Hash

3e4eeb78b3f84408b1ffea0201f867f5fcfe8d489abb300f749eedba7d57ffc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8500
x-xss-protection: 0

GET
H3 200 container.html Show response
7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FA81 6 KB
3 KB 29ms
14ms Document
text/html 64.233.166.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.166.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wm-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 12 Sep 2021 21:55:47 GMT
expires: Mon, 12 Sep 2022 21:55:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 69ms
21ms Script
text/javascript 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

sffe /

Resource Hash

74696de7db3cfc983f841facfdca75dbf4c114af467b05e23fe6d95694cab0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1631273431406706"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27627
x-xss-protection: 0
expires: Sun, 12 Sep 2021 21:55:47 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 60ms
25ms Script
text/javascript 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sun, 12 Sep 2021 21:55:47 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/ Frame FA81 18 KB
8 KB 47ms
13ms Script
text/javascript 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/abg_lite_fy2019.js

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

cafe /

Resource Hash

cc4cb1016499eb5d88379d9cdf358b0083b7c1b80f00889ce86649a88c746e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 18:15:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7641
x-xss-protection: 0
server: cafe
etag: 14368791910870210898
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 18:15:41 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FA81 8 KB
1 KB 76ms
24ms Stylesheet
text/css 74.125.133.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f95.1e100.net

Software

ESF /

Resource Hash

398b4849b670aa5659a8fe1d8a925591d3c581176db6313a9ef7208d77310ede

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 21:47:01 GMT
server: ESF
date: Sun, 12 Sep 2021 21:55:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 21:55:47 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210908_RC00/ Frame FA81 14 KB
3 KB 69ms
15ms Stylesheet
text/css 74.125.140.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210908_RC00/outstream.min.css

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.140.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f95.1e100.net

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 10 Sep 2021 00:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 250605
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 08 Sep 2021 22:21:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Sep 2022 00:19:02 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210908_RC00/ Frame FA81 357 KB
124 KB 69ms
16ms Script
text/javascript 74.125.140.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210908_RC00/outstream.min.js

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.140.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f95.1e100.net

Software

sffe /

Resource Hash

0aebcd38397f33a5e7c8d39dd1dcb0eb19618cd23cd430a535c9e8666542c815

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 10 Sep 2021 00:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 250605
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126725
x-xss-protection: 0
last-modified: Wed, 08 Sep 2021 22:21:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Sep 2022 00:19:02 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/ Frame FA81 14 KB
6 KB 48ms
16ms Script
text/javascript 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 12:33:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33722
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 12:33:45 GMT

GET
H3 200 greenoaks.gif Show response
www.eslactivity.org/detroitchicago/ 0
637 B 78ms
77ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjkxOCJ9XX1d
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjkxOCJ9XX1d
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; __gads=ID=bdeeeec8195198bb-22d026fef0ca0058:T=1631483747:S=ALNI_MaF6_Co1-rX4P2mBgoHncv171YYTA; ezouspvv=1200; ezouspva=1; ezouspvh=1200
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQm6t%2B4aRzV%2B5iiW9xYjnS4EwoGVwVRXKIqgHC6McGEIsd%2Fan80QxikS5AQ3dppspdrV0qyvgptnRlLXSCxdGCt2G52aqE8SCfDvl0hvepuJ35LTSGH1rGVBSLHRQRpyU%2F6YfkyO"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61d0df974114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:47 UTC

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
633 B 78ms
77ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI1NzE1ODk3MDI3MzcwMjA3IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJhZF9wb3NpdGlvbiI6MTYxMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiNzM2ZTA5YTA3NzEyODU3Mzc1MDlhYjg5NTRjNDc1YTcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjU3MTU4OTcwMjczNzAyMDciLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAxMiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAxMiwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI1NzE1ODk3MDI3MzcwMjA3IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJhZF9wb3NpdGlvbiI6MTYxMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM1MTcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjU3MTU4OTcwMjczNzAyMDciLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxNjExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI1NzE1ODk3MDI3MzcwMjA3IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJhZF9wb3NpdGlvbiI6MTYxMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiNzM2ZTA5YTA3NzEyODU3Mzc1MDlhYjg5NTRjNDc1YTcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjU3MTU4OTcwMjczNzAyMDciLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAxMiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAxMiwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI1NzE1ODk3MDI3MzcwMjA3IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJhZF9wb3NpdGlvbiI6MTYxMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM1MTcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjU3MTU4OTcwMjczNzAyMDciLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxNjExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; __gads=ID=bdeeeec8195198bb-22d026fef0ca0058:T=1631483747:S=ALNI_MaF6_Co1-rX4P2mBgoHncv171YYTA; ezouspvv=1200; ezouspva=1; ezouspvh=1200
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AeMfnstuU0JSA3Qyhsouaqj6DqO6c1qIYL7vGsNMlAUfNPKm5lVxXX8RG5IdKWAnQ2wojpqCGmqHtBDw9dqDM%2BS3QNHoHQ6BMAixhgxCWzXcNb3CekiSp1gRjtghXyijwzWTaBZF"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61d0df984114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:49 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
88 B 34ms
9ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/porpoiseant/banger.js?cb=195-2&bv=74&v=52&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 12 Sep 2021 21:55:47 GMT
cache-control: max-age=3600, public
server: nginx
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
633 B 35ms
34ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDktMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIyMSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIwIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDktMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIyMSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIwIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; __gads=ID=bdeeeec8195198bb-22d026fef0ca0058:T=1631483747:S=ALNI_MaF6_Co1-rX4P2mBgoHncv171YYTA; ezouspvv=1200; ezouspva=1; ezouspvh=1200
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:47 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dr9yBhLXnYcgOwyD14x1E0l3tIMSRQVVJpKrbO1HJObxlD4xdssXKzJhIhikYu5kiw1v2AwCw2xRSDsMoQXhcixKy%2Bd5DjPfgvadQOyguuL%2BlG9inC2BP499guxWStAXfnEr6hHs"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61d0df994114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:49 UTC

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
637 B 75ms
75ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYXVjdGlvbl9lcG9jaCI6MTYzMTQ4Mzc0OCwiYWRfcG9zaXRpb24iOjE2MTEsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTIwMCwiYmlkX2Zsb29yX3ByZXYiOm51bGwsImJpZF9mbG9vcl9maWxsZWQiOjEyMDAsImF1Y3Rpb25fY291bnQiOjEsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjY0MCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYXVjdGlvbl9lcG9jaCI6MTYzMTQ4Mzc0OCwiYWRfcG9zaXRpb24iOjE2MTEsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTIwMCwiYmlkX2Zsb29yX3ByZXYiOm51bGwsImJpZF9mbG9vcl9maWxsZWQiOjEyMDAsImF1Y3Rpb25fY291bnQiOjEsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjY0MCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; __gads=ID=bdeeeec8195198bb-22d026fef0ca0058:T=1631483747:S=ALNI_MaF6_Co1-rX4P2mBgoHncv171YYTA; ezouspvv=1200; ezouspva=1; ezouspvh=1200
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZ16jYQvZL20JKavw9hIEuURyz%2F3khfq45Vae3tQaqRK9hSPWmgYFcoz46NbZZBRimExdmHbAer8eNbG6HvD%2Bqg1%2F%2FRUU8O03w9KbDHhGpf8QCEm7mkgiJFqWhYx3ntyCwbPj6xv"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61d0df9a4114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:46 UTC

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 60EF 12 KB
5 KB 32ms
14ms Document
text/html 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Fri, 10 Sep 2021 22:00:06 GMT
expires: Sat, 10 Sep 2022 22:00:06 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 172541
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 958A 783 B
1 KB 80ms
32ms Document
text/html 74.125.133.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f106.1e100.net

Software

GSE /

Resource Hash

3d7485ea8fd6813615d78f79562a622ea41a64a6216f8c7eb0128024a2f3de9a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nf4I5y/suRf0xb55ZGJSxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

expires: Sun, 12 Sep 2021 21:55:48 GMT
date: Sun, 12 Sep 2021 21:55:48 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-nf4I5y/suRf0xb55ZGJSxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 csi
csi.gstatic.com/ Frame FA81 0
348 B 44ms
14ms Ping
image/gif 216.239.32.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kthrasob&c=1751016277933&slotId=875508138966.5&qqid=CMHE4Mm2-vICFVFSGwodlvEBwg&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44749185%2C324123032%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210908_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:48 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame FA81 15 KB
16 KB 51ms
14ms Font
font/woff2 66.102.1.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f94.1e100.net

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 10 Sep 2021 07:48:56 GMT
x-content-type-options: nosniff
age: 223612
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Sep 2022 07:48:56 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame FA81 15 KB
15 KB 58ms
26ms Font
font/woff2 66.102.1.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f94.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 01:26:17 GMT
x-content-type-options: nosniff
age: 592171
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Sep 2022 01:26:17 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA81 0
20 B 32ms
17ms Image
image/gif 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CNOTLY3c-YYGHF9GkbZbjh5AMvcnR42SRruSssg62t_C9-hcQASD0-cYlYMkGoAHmyaDeAsgBBagDAcgDmwSqBP8BT9D3vWggpkfyrgZ0zIDOmDz2g5xkddHaCOOmcPx_IHIowUP_PlPhEHIhbQGXTAzu8X0uJYH2fTNU5uDfIIw5GVDhnRIbXNgwVmL7r4IgwBWHPod40hZnhhckKu7L0XKqy7b1wA_1R9RwF1zwwioJWGyUWXKHqIPxxbm6igvBnlk60HFv3QXY9D0XOKF1YymnNEOPhem_n_Dz9ZDF0Tu2zkSWm52gjBbvr4xMN7OWhtv08VwaDPmwGj6OxOEqRj7VV0QgaRMG-zwwlIYBt_yPPDrWIKCp6_jT7ky8M3zpwT5hcIAJEYMd-v3efLGdbUyBLciZ0La8S8pmGev4Www9wAS4j8280wPgBAOQBgGgBk6AB4K236EBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01MzQyNjQ0MDczNjUwNjA0gAoDmAsByAsBgAwBsBPl-qkMyBPcmdzdA9ATANgTCogUBNgUAdAVAYAXAQ&eventType=clickstring&clientTime=1631483748015&ai=CNOTLY3c-YYGHF9GkbZbjh5AMvcnR42SRruSssg62t_C9-hcQASD0-cYlYMkGoAHmyaDeAsgBBagDAcgDmwSqBP8BT9D3vWggpkfyrgZ0zIDOmDz2g5xkddHaCOOmcPx_IHIowUP_PlPhEHIhbQGXTAzu8X0uJYH2fTNU5uDfIIw5GVDhnRIbXNgwVmL7r4IgwBWHPod40hZnhhckKu7L0XKqy7b1wA_1R9RwF1zwwioJWGyUWXKHqIPxxbm6igvBnlk60HFv3QXY9D0XOKF1YymnNEOPhem_n_Dz9ZDF0Tu2zkSWm52gjBbvr4xMN7OWhtv08VwaDPmwGj6OxOEqRj7VV0QgaRMG-zwwlIYBt_yPPDrWIKCp6_jT7ky8M3zpwT5hcIAJEYMd-v3efLGdbUyBLciZ0La8S8pmGev4Www9wAS4j8280wPgBAOQBgGgBk6AB4K236EBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01MzQyNjQ0MDczNjUwNjA0gAoDmAsByAsBgAwBsBPl-qkMyBPcmdzdA9ATANgTCogUBNgUAdAVAYAXAQ

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame FA81 22 KB
14 KB 91ms
43ms XHR
text/xml 74.125.71.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DbXmtKrO6MuVQvot0xuRv0fxkyONO5xyMwQ19jVHTp5ZaN_j31f8-82elpPodmI0fl8h35OPZCxGyyVutzMPyg_sdYvg&dbm_d=AKAmf-ABMXPlXwotOfMw_GKLH6PywW7fEroD8H30ZOQMBHXtl_iA_MxqyV5a2IK-NuJ4sihAJ8qUmW7newbnUPmFglmfRSa2ipUC1KKuip8sPWpzo_nV0DKbUH2_azrX_ZgPJ8jBN2y8TtwxIT3VTWeMbYxZluXUSONFcWpp5JqadHlKnJisG5GAS4DVg6RR6C8o_Ydtu01Mf7p89cL4NKkoPs8aoLZT5rKgEbnb_hIoGoVpzC0P0U8ji22cARGzPwJvCyVR81RmBIAWLaPavM5YP37I-Gzr6_WHz_YXILhTMKf0ESAXxXklWPSwDBJxUmR0qbRn4CPiT03vNbp-k41eWTydtd8gcn1B4Zlh72DxlGnQk565CGayBGAM8l9rbBl-pu69gNfZwZKvqKq3g4awdQoLSUBNoteP5CY5KLhiTp1MDjdeTIZSjaM4S6I0H3Fb2W42YNKereU9_jRcHzmI12ClGFjnp3BJLpUhkcWCBfjDO-Sc4K1O3INU-wvBm0UsGYN2XSESY8qQe1SVKCzfUvSvuJopRpeOC-D7gw3O0kJ6Y_hzYGbz70BZLPblQA640TGUkvon4uQ2zdn73V_sj7T3I2L3aHqGzzL1lCO-DGTAvGDUiI8Jp7WO1NKYbg_TLGSOZQryLQ2eNjFG6VBKFG0Jkmaf9dLJa7Co4axBYUuTXuDwRaU3ar8dWB1TF2r7Nz89BMv4blKgXSm_pCXvM_jLQHUc2h9zsUUjL7tJCl6-ejj27DzzL9_izzXdF4M5gB31YKhFqQyLonkuXxu01aPomWlXrPz6VLBnqdJJlMhs8Cp-1_dDbaAF6BcVhu6KvbAvY7poL-MElbbrZf4awESGUI3KBX1q86ZgVfaZv8qu78_6LJGI77FDbULcUZsSUL-u0YbYT_d_1TNH4ayXwI33wI666Wt2RgakxeFGAWEQUBe0my66UpRC5mnQhYZfMCtay90nKE91QMOFoF0KMItdd4rv05ltG61Psmy478yoVLjgm8h-46tQ4elN6PWSW5TdGJBeqRlz81CX-nX3sJrchRmLOVIOsh_9cN9x5sCnsb3bCPMYHqRFTDZwv657d9xwonC1UCtFiko6sFKUMRGUJREL2wVsyh7U0JJaIT0ti_cVQEyl0AbRoJc904k9ogIcBmMFpM_Z6rIHoX9zYGOjEhtKVUW-t11GtJKsZ-u8S7DNYkxdBsA_2t_SSbGge2VdV_P6uaioW_C7wrC6Q3_iIKy5JUdpVVeAW2rCVtJ05vHKyKe3LeiZH7ZmhjTk5emGCeMY2D5Ym-xeFPfoNwre7_3Yj8Jv0dl49awdW6E0YhwsZt6sfayB8rYzk8g0toRBHVA4vYBWePXbS71B8aRmSTVlC3TRfscCQGpqR4f-elvgPPQWj3jYhvC2c24Zg7_I_InJOvQqrTgKSH67RcVyNJd1SABmdl-7wPd5gpDr9N60azCkmOcnYXzOLdXI6DF9u4-SQJb1FG0Gn-BUWrhr1HNOqpeqCo70uWXrg6eIRggb08-QRElTgQ6Bb96NM0Sb8AxnoZ7qj5TWPSN7YcWTYLGV6AIDGlhwwtW0WMMBtZef_h9DJgK5SoEu45jmQyqNe9f7DXMus3_iZCFb9ZAgBpCSJCH7RYW9mHOoHGeDPCgOVaa8F21Eq1luu2TRiSl6BfeggnbbWYC91h09jebHjqAoqaWqQFUa8akTAcO-OX_IjuVOLxVPUkqxRw_kn1AxoUwFZDJ3x8EicYOPk01FO8V6DfAye-H3fRv2f8S1VSwzcNxn6-MpkIIZ-fmQKZz1FE2JWbfVOOteLjRtZYscXbmtzQ0UCIaj8SfA6_zPnOMDuXosfh_cYZx4_cP8AoMziaLcj4dZC8dHSj1RGDz96Bt1VsQBkxEISnjaXmPYqNkZtiLEoz0ce9sYD3DvarhMJDuGCZUHHd1sJ2NSTSodzCPm8hw2jpkWj4gZ2JdTbXECkYF1xp_rRk9uiYbVCCbox0GFTGT4CLEowcl2szhs7z6KkGXYMarHjo9zxRITQIfUsk5KR1OtQ9berKci783m2bFoplPpLSC4l7G1xr1TmsSczSJ-1-17WhzDblj5W4UG-wBL3LeIZ6rnrc6_Bk4FTHEDVLfoSFq4zvIbUylu0egq4ULJF1JMH6MpsVPYvR8WG4e-yD-JoT0Ic_zzbIZqU4kbDsIhmlSmd5NKZoZkDKC9Fo9n2AuLqd6n6rMiBB-dZcYSj_CWLSQXCruP_0Mlkw8wKrXfWr5FC33sFUll6FdrgkkCENiXCC6xVrbhJuXd846Vpop1g242rXJ-bE1OYGjtb02GiVbwfEBQ9FF0vC-gEcyx6dHPP9xwhzsW_CHgaqLzUsKEueKzJMrtS3o5coFNZxoi2Vw7k70Q350AeKZgPIw5bnhOkc8od3QOkeSPootaAhiwSrpbRujJM86Y5dWrKnVqIdeOhhLENPKcNc6NnednLVRgnmckpvjwU2e0v-pxfAKThBF-PoZJXrUJp_e7UVPm3vJEFkK9VdwqawX4X7V5fHGSxQ7q17goH8Arc3ERARn05NveEMkLd_ALY_DJIexjyRG97T4aBcQce_e5WK-gSwMyDf9a09GMsxd2sZktlCWSnDx8-S6uwJsfSEOM9XsvDevOUBvZT2Eu2CHe1baxy9Isb_QPVFhwoohQ4qGdBiAxDhBvpmyxWbk97J7SF0bf_foT2dQ7rin6KJi1ZK97Cns1Vp8BnVzaqcG1KZlQcCILSGFRNjfoV01OP4_Lmau9eNmIz9pcj90kUQfdUQZ5MhG94SbcdWmMl_3ylzaKQ_XxfgenMPK6G8zOuH7eQDncgWRvJdyTYdzMw2ghTymqmRYrKydPnoXcq3hMwgeTjk6uONGHdeF2R5IoK2I_uPSEuc-1SmAN-E8-voGpTdvbl9ZMhKN7Utak0Sp8Aj902cQGelPnN2lMMeN1zG1i-iCRtxPY52NKoyS8AWaijkQhVv5ZIkXCziOEJpcHNaIG_xXL2MmRRjDf5pWCBx3tRwU8PAFLL_UQD3sYM3i1HM4mS3GSUHZeJKpLuiiY1LjrRtCopZJ-c4wQzH7g3jBbMUp5xoiiEO_pLXLuiyGcL421RGhm_paotA6n86Lnp5yfwiWjO3fN8gn2k5NZSdxEr92XuNzryEtIHWX3L4CadT2ocZYjSUtqMAndQk3KDaDmDKIFdSFV33jg-23EaRrnDNPAEVFNMZqBIEkVNKnc1yvcPQfGimJepPDsyWwKAX8y2Pmt6zSCUxDpJL2GtKlCn9LBHSBYODwGJfO_5lFTq7vR0xlWLCzYDtf5Xa7SSQdB4K4aLj_1Qp-RZPyI8YRM&cid=CAASFeRo0l8h5_zZD-rKP5TwMAmCnYDbcQ&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210908_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.71.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wn-in-f157.1e100.net

Software

cafe /

Resource Hash

d3a57eeb0081ec7971666ef23ce17d53bf1b384680350db3c8134f41ba6e10e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12990
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FA81 0
0 18ms
17ms Fetch
text/html 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cw9jeY3c-YYGHF9GkbZbjh5AMvcnR42SRruSssg62t_C9-hcQASD0-cYlYMkGoAHmyaDeAsgBBagDAcgDmwSqBPwBT9D3vWggpkfyrgZ0zIDOmDz2g5xkddHaCOOmcPx_IHIowUP_PlPhEHIhbQGXTAzu8X0uJYH2fTNU5uDfIIw5GVDhnRIbXNgwVmL7r4IgwBWHPod40hZnhhckKu7L0XKqy7b1wA_1R9RwF1zwwioJWGyUWXKHqIPxxbm6igvBnlk60HFv3QXY9D0XOKF1YymnNEOPhem_n_Dz9ZDF0Tu2zkSWm52gjBbvr4xMN7OWhtv08VwaDPmwGj6OxOEqRj7VV0QgaRMG-zwwlIYBt_yPPDrWIKCp6_jT7ky8M3zpwT45cRr8ghF9aCZnndcijFBF8M9VDeUs5fP2n6HiwAS4j8280wPgBAOIBfL66I40kgUECAMYAZIFCggiEAMYAUj1hXKSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBk6AB4K236EBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G9gHAPIHCxDemfIOGK6t-7AB0ggHCIhhEAEYHfIIG2FkeC1zdWJzeW4tNTM0MjY0NDA3MzY1MDYwNIAKA8gLAbAT5fqpDMgT3Jnc3QPQEwDYEwqIFATYFAHQFQGAFwGyFx4KHAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOBi-yQc&sigh=paRgTOJgJVI&cid=CAQSPwCNIrLM7xcqaflEiTbl_UmtBcdw8I63uQluxpO8Tcjq6N1AtL_LGg_Zou07B3602jOomhF6eaR1qETRuVzh_Q&vt=10
Requested by: Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 64.233.184.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wa-in-f155.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame FA81 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 391bab3a29044118010924707eab52fcba1078d0f6bcf437ca7102df3200ab6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 63nx1wftg6VHOR-tiT7SbUA_tgXQN9sjUf-d_JpEnTc.js Show response
pagead2.googlesyndication.com/bg/ Frame 60EF 35 KB
13 KB 14ms
13ms Script
text/javascript 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/63nx1wftg6VHOR-tiT7SbUA_tgXQN9sjUf-d_JpEnTc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

sffe /

Resource Hash

eb79f1d707ed83a547391fad893ed26d403fb605d037db2351ff9dfc9a449d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 20:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5425
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13458
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 12 Sep 2022 20:25:23 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 958A 0
0 33ms
32ms Image
text/html 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021090701&jk=1928632745933239&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.140.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wq-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA81 0
20 B 15ms
15ms Image
image/gif 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=notify&exchange=adx&creative_id=371119790&creative_type=78&usl_id=705144409139&errorcode=1013&asseturi=[ASSETURI]&ord=[CACHEBUSTING]&offset=[CONTENTPLAYHEAD]&d=APEucNVaMTVOlgvgyAilEyDfWvvleirzn66JxCvA923c8R01nX43URXo86dsDDk8ggOWbcxjJrE2I9JvBZGdGTasrbAXvKZDkA

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame FA81 42 B
557 B 81ms
27ms Image
image/gif 173.194.76.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CNOTLY3c-YYGHF9GkbZbjh5AMvcnR42SRruSssg62t_C9-hcQASD0-cYlYMkGoAHmyaDeAsgBBagDAcgDmwSqBP8BT9D3vWggpkfyrgZ0zIDOmDz2g5xkddHaCOOmcPx_IHIowUP_PlPhEHIhbQGXTAzu8X0uJYH2fTNU5uDfIIw5GVDhnRIbXNgwVmL7r4IgwBWHPod40hZnhhckKu7L0XKqy7b1wA_1R9RwF1zwwioJWGyUWXKHqIPxxbm6igvBnlk60HFv3QXY9D0XOKF1YymnNEOPhem_n_Dz9ZDF0Tu2zkSWm52gjBbvr4xMN7OWhtv08VwaDPmwGj6OxOEqRj7VV0QgaRMG-zwwlIYBt_yPPDrWIKCp6_jT7ky8M3zpwT5hcIAJEYMd-v3efLGdbUyBLciZ0La8S8pmGev4Www9wAS4j8280wPgBAOQBgGgBk6AB4K236EBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01MzQyNjQ0MDczNjUwNjA0gAoDmAsByAsBgAwBsBPl-qkMyBPcmdzdA9ATANgTCogUBNgUAdAVAYAXAQ&sigh=Y_2yq1bRqpU&label=videoplayfailed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA81 0
20 B 17ms
17ms Image
image/gif 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-error&message=lima_error_fetching_ad%3A%20Invalid%20fetch%20from%20an%20empty%20ad%20tag.&eventType=ima_sdk_error&clientTime=1631483748137&ai=CNOTLY3c-YYGHF9GkbZbjh5AMvcnR42SRruSssg62t_C9-hcQASD0-cYlYMkGoAHmyaDeAsgBBagDAcgDmwSqBP8BT9D3vWggpkfyrgZ0zIDOmDz2g5xkddHaCOOmcPx_IHIowUP_PlPhEHIhbQGXTAzu8X0uJYH2fTNU5uDfIIw5GVDhnRIbXNgwVmL7r4IgwBWHPod40hZnhhckKu7L0XKqy7b1wA_1R9RwF1zwwioJWGyUWXKHqIPxxbm6igvBnlk60HFv3QXY9D0XOKF1YymnNEOPhem_n_Dz9ZDF0Tu2zkSWm52gjBbvr4xMN7OWhtv08VwaDPmwGj6OxOEqRj7VV0QgaRMG-zwwlIYBt_yPPDrWIKCp6_jT7ky8M3zpwT5hcIAJEYMd-v3efLGdbUyBLciZ0La8S8pmGev4Www9wAS4j8280wPgBAOQBgGgBk6AB4K236EBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi01MzQyNjQ0MDczNjUwNjA0gAoDmAsByAsBgAwBsBPl-qkMyBPcmdzdA9ATANgTCogUBNgUAdAVAYAXAQ

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 16ms
16ms Image
image/gif 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021090701&jk=1928632745933239&bg=!ISKlImbNAAYT0U73E9E7ACkAdvg8WjqFkB9_nRbf44ddEZjLlFESJgkKwIn-p8ft-8JtA58g1HsmVQIAAABgUgAAAApoAQcKABLAyE6HTqw7afYJ4OyL7SJcj-mZAndejeVE71OQC0TOgzlbMBQvBT6DgTsCTSBWBSqTGyk0BaszIcUeb9O3YJrn_GlZgk-QVl2NQHtb91rRiTBgbNM5mYtbyT0R9jND07nsH8DpIQoGLipbSGHFDqsDdwvvjjpgfYM6cUgpJfFCGsaDQFxgqitYHEjsDr1xMT2Legp97ugVUt09OZsf6fqLz_d9cvaEdSOUHm_6ur0UkoiAT-nnHJlBTJUhFAl0zsfgc9wakv65luBkuHyY6AR-rghxrvsRQKEJQYNRYw66sfTwFDok5GWtDzR2p76ShFyLAvWFO-bYkZDDtIbEWP-Cd-nN2UDRj0KDLvXv2ErjzPEwq23GxBCdgbgT7aWsTd8_upxCijIgLMg9RjKgqtKJrR36AWtX3y9KaSvcDMvHaFpFlk9PP4_v11kyuqFbnGblM0ZH7P3209O0ppDsyjpvZa6KnBPalC7gYITTZAAJJwBisK8dCAO0ZNUt0nBk0xP-O41Bmr0HTH4sk8ubYQqtheRntaPoJeuDsDK8nSEh-3bYENBndHfNLO-DeRLUSsSGSHNZ3JQwNMPZEy53XvIha8NzsqEWAIMqXkTgbe9NjMp85PLbaFWlHYhcF2jI-KvbfYkc94WaEs_6_YLyXsYPBAr6QfMUNDfS8jOVDnWJWVAlPyl2HuQM8Z0yOs99Y6KdEQ4odYYtbDSICQ8FJ83Qk4vSOguA6YNuBXQLTHiupja5xXljf0nhPBAvY3yIAhwe85B3-Csn1NqxsnhwqaJgd7JilmnMvG67UXtNOPOxzy8Gorx6yZvRloMrBhxJB-BT8BmBRUvIL4SOOonD_LRfRdQdLlMR6Kq7V5Y0

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 115 KB
29 KB 450ms
450ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=364273122311569&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-pixel1&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&fas=8&prev_scp=ga%3D2497208%26tap%3Deslactivity_org-pixel1-6046286761347941%26ap%3D9999%26iid1%3D6046286761347941%26bra%3Dmod1-c&eri=1&cookie=ID%3Dbdeeeec8195198bb-22d026fef0ca0058%3AT%3D1631483747%3AS%3DALNI_MaF6_Co1-rX4P2mBgoHncv171YYTA&bc=31&abxe=1&lmt=1631483748&dt=1631483748237&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=-9&adys=-9&adks=3478168906&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

8a53fe51b3dc43b563a714198aa1cd13ee455a0d1bb977b8d864c0bfd8905025

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30029
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_page_level_ads_2021090701.js Show response
securepubads.g.doubleclick.net/gpt/ 39 KB
14 KB 15ms
15ms Script
text/javascript 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2021090701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

sffe /

Resource Hash

efd71524bcffdd2f2a5854f34f1f9d2e867aea3566829b200fc8d58b6ddfbc9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Sep 2021 08:38:19 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14158
x-xss-protection: 0
expires: Sun, 12 Sep 2021 21:55:48 GMT

GET
H3 200 51d2M0U2tHL.jpg
www.eslactivity.org/ezoimgfmt/m.media-amazon.com/images/I/ 6 KB
7 KB 18ms
18ms Image
image/webp 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eslactivity.org/ezoimgfmt/m.media-amazon.com/images/I/51d2M0U2tHL.jpg?ezimgfmt=rs:126x200/rscb3/ng:webp/ngcb3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a4563f2f82f168d39bde9e3a413b7d4162a657fe25d657f1e18663f719240cb

Request headers

:path: /ezoimgfmt/m.media-amazon.com/images/I/51d2M0U2tHL.jpg?ezimgfmt=rs:126x200/rscb3/ng:webp/ngcb3
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; __gads=ID=bdeeeec8195198bb-22d026fef0ca0058:T=1631483747:S=ALNI_MaF6_Co1-rX4P2mBgoHncv171YYTA; ezouspvv=1200; ezouspva=1; ezouspvh=1200
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
via: 1.1 f046bfa1468bb4385e357c8c9128cf51.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13209
x-amzn-requestid: ea6c3824-c5ce-491d-ade8-ca36347103f3
x-ezoic-cdn: Hit ds;mm;bf19fa159b35738c8434a9317df3f717;2-118073-3;1acfe479-12a4-44c1-4a22-ddd4b216ac67
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
x-amzn-trace-id: Root=1-613d8dec-061c77d3785516b457748d42;Sampled=0
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: FiMc7HwsIAMFZ_Q=
x-amz-cf-id: JCmOOLdLPnjoxk5fCVa2uP7X8XZHV2jKEuBhwijebmCVLCtyrXOK7g==
response: 200
last-modified: Sun, 12 Sep 2021 18:15:39 GMT
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQXI7g9REzg2jK8ZVGdwC%2FGju0StBExmwG280fbowpX6NG4n9dprPR6SaTkc671q837a6TlA8e%2BhzJ5Fcv7XQPvkPXD13eUho65%2B%2BgDRzntuxBTAuiYUXbG424pvHpmKTKwvCrww"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: public, max-age=2592000
access-control-allow-credentials: true
x-ez-proxy-out: true 2.3
x-amz-cf-pop: FRA2-C1
cf-ray: 68dc61d42a834114-PRG
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol

GET
H3 200 container.html Show response
7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E889 6 KB
3 KB 14ms
13ms Document
text/html 64.233.166.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.166.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wm-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 12 Sep 2021 21:55:47 GMT
expires: Mon, 12 Sep 2022 21:55:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
638 B 80ms
80ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjA0NjI4Njc2MTM0Nzk0MSIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJlc2xhY3Rpdml0eV9vcmctcGl4ZWwxIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYXVjdGlvbl9lcG9jaCI6MTYzMTQ4Mzc0OSwiYWRfcG9zaXRpb24iOjk5OTksImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6bnVsbCwiYmlkX2Zsb29yX3ByZXYiOm51bGwsImJpZF9mbG9vcl9maWxsZWQiOm51bGwsImF1Y3Rpb25fY291bnQiOjEsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQ2MywibXVsdGlfYWRfdW5pdCI6bnVsbCwibXVsdGlfYWRfY291bnQiOm51bGwsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjA0NjI4Njc2MTM0Nzk0MSIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJlc2xhY3Rpdml0eV9vcmctcGl4ZWwxIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYXVjdGlvbl9lcG9jaCI6MTYzMTQ4Mzc0OSwiYWRfcG9zaXRpb24iOjk5OTksImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6bnVsbCwiYmlkX2Zsb29yX3ByZXYiOm51bGwsImJpZF9mbG9vcl9maWxsZWQiOm51bGwsImF1Y3Rpb25fY291bnQiOjEsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQ2MywibXVsdGlfYWRfdW5pdCI6bnVsbCwibXVsdGlfYWRfY291bnQiOm51bGwsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BC0oys0ObGVVoTuH5ARgFH%2FKl5ktC5SyNa0cgKAjVHb8yEE3E9Lq%2F4kp98y967v43DEEZlf79yImXkYO5uyyzRNUXwG8SKNb6AhenKBNY%2BJu2wYcAxmJbFDNLKEuSxbOr2blrbkr"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61d57bd14114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:46 UTC

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
643 B 80ms
80ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiNDYwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMDI0In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwNCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiNDYwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMDI0In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwNCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMZAovB2UkEmpg%2BS4zHdbXWs%2F0W3z0%2FB3tx3konNjJ7aswOyE6qsu8hO2wdFWR48T%2FXeRmJdj2gpz29p9KXF1JGog9GA%2BibINCZ%2B%2BYC4fJ1gZd%2B%2Fbg4KLK8DJuRlX8c2f4zpgPwN"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61d57bd24114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:49 UTC

GET
H3 200 css2
fonts.googleapis.com/ Frame E889 4 KB
633 B 33ms
18ms Stylesheet
text/css 74.125.133.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f95.1e100.net

Software

ESF /

Resource Hash

e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 21:43:27 GMT
server: ESF
date: Sun, 12 Sep 2021 21:55:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 21:55:48 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0CE8 3 KB
578 B 22ms
17ms Stylesheet
text/css 74.125.133.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f95.1e100.net

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 21:48:16 GMT
server: ESF
date: Sun, 12 Sep 2021 21:55:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 21:55:48 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/ Frame 0CE8 1 KB
857 B 14ms
14ms Script
text/javascript 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 18:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12590
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 18:25:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/ Frame 0CE8 18 KB
7 KB 15ms
14ms Script
text/javascript 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/abg_lite_fy2019.js

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

cafe /

Resource Hash

cc4cb1016499eb5d88379d9cdf358b0083b7c1b80f00889ce86649a88c746e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 18:15:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7641
x-xss-protection: 0
server: cafe
etag: 14368791910870210898
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 18:15:41 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/ Frame 0CE8 2 KB
1 KB 14ms
14ms Script
text/javascript 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/window_focus_fy2019.js

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 13:31:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30232
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 13:31:56 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0CE8 125 KB
38 KB 44ms
22ms Script
text/javascript 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

sffe /

Resource Hash

1b6abcd01d2337e70b8fdde5a150175d2d4a3231d464e25b9cbdb5bac2bfcd2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1631273423644667"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38649
x-xss-protection: 0
expires: Sun, 12 Sep 2021 21:55:48 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/ Frame 0CE8 14 KB
6 KB 15ms
14ms Script
text/javascript 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 12:33:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33723
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 12:33:45 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0CE8 0
0 74ms
25ms Image
text/html 74.125.133.106
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRrK_pz-HuCav-yhO9B0tan52QGsba3ShifgI9Ma8DWgTTYsV6D40FiDSGFHIuZtHO7VcZR0ganBt0JFzbIr4YQPpl2iw
Requested by: Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.133.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wo-in-f106.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 8b8c639f95e935c054a6465040a495ee.js Show response
www.gstatic.com/mysidia/ Frame 0CE8 26 KB
11 KB 48ms
13ms Script
text/javascript 66.102.1.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8b8c639f95e935c054a6465040a495ee.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f94.1e100.net

Software

sffe /

Resource Hash

42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 10 Sep 2021 03:04:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240697
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10883
x-xss-protection: 0
last-modified: Wed, 08 Sep 2021 00:31:01 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 09 Dec 2021 03:04:11 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/elements/html/ Frame E889 17 KB
8 KB 14ms
14ms Script
text/javascript 108.177.15.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

108.177.15.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f132.1e100.net

Software

cafe /

Resource Hash

4a813e1cf51a9ae7ee86be634312b025bc9f6b1a825308c717dcc9b43c0ce25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:07:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2884
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7693
x-xss-protection: 0
server: cafe
etag: 15492606927302909567
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 21:07:44 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E889 205 B
294 B 49ms
17ms Image
image/png 66.102.1.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f94.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 08:14:44 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 135664
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
expires: Sun, 11 Sep 2022 08:14:44 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E889 604 B
750 B 48ms
16ms Image
image/png 66.102.1.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f94.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 02:30:42 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 415506
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
expires: Thu, 08 Sep 2022 02:30:42 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8A46 143 B
163 B 28ms
13ms Document
text/html 173.194.76.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f157.1e100.net

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlMcylV3c1YnN5G9bsuWuVm3ROlfjvtX-6qh_968ORTgAOW8_8e6xU8IzJTef4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 12 Sep 2021 21:14:34 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2474
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E708 1 KB
749 B 16ms
14ms Document
text/html 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 12 Sep 2021 00:24:01 GMT
expires: Mon, 13 Sep 2021 00:24:01 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77507
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E708
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEH6asPsQWhjuKlBnUqylX5I&google_cver=1&google_push=AYg5qPJCtmyUXX-dEPmGvyVO0pm00Y-8EdxUGNZxAgburorMaxSlcaqJpAAEd-oajmKhdpHu9U4Kx7kAJkJKFspCj70iHwzvqD0t
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=9678B178869347E1AADBDD8E4E838C98&google_push=AYg5qPJCtmyUXX-dEPmGvyVO0pm00Y-8EdxUGNZxAgburorMaxSlcaqJpAAEd-oajmKhdpHu9U4Kx7kAJkJKFsp...

170 B
188 B

17ms
16ms

Image
image/png

74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=9678B178869347E1AADBDD8E4E838C98&google_push=AYg5qPJCtmyUXX-dEPmGvyVO0pm00Y-8EdxUGNZxAgburorMaxSlcaqJpAAEd-oajmKhdpHu9U4Kx7kAJkJKFspCj70iHwzvqD0t

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 12 Sep 2021 21:55:48 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=9678B178869347E1AADBDD8E4E838C98&google_push=AYg5qPJCtmyUXX-dEPmGvyVO0pm00Y-8EdxUGNZxAgburorMaxSlcaqJpAAEd-oajmKhdpHu9U4Kx7kAJkJKFspCj70iHwzvqD0t
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Sat, 11 Sep 2021 21:55:48 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E708
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEN7wZnfcqBOV8p4G15h-mhw&google_cver=1&google_push=AYg5qPKdTYrtAytHnEATXd94NIIBcisaLbX6gvwAR2ztXfWS7dtTkg2IzFjC4-DicbBa7bg8rvKiEmzFMhtuS8...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwNzE2OTM0NTkxMzYxNjUzNA%3D%3D&google_push=AYg5qPKdTYrtAytHnEATXd94NIIBcisaLbX6gvwAR2ztXfWS7dtTkg2IzFjC4-DicbBa7bg8rvKiEmzFMhtuS8WMy8...

170 B
188 B

17ms
16ms

Image
image/png

74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwNzE2OTM0NTkxMzYxNjUzNA%3D%3D&google_push=AYg5qPKdTYrtAytHnEATXd94NIIBcisaLbX6gvwAR2ztXfWS7dtTkg2IzFjC4-DicbBa7bg8rvKiEmzFMhtuS8WMy8dWE6jMtyoP

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwNzE2OTM0NTkxMzYxNjUzNA%3D%3D&google_push=AYg5qPKdTYrtAytHnEATXd94NIIBcisaLbX6gvwAR2ztXfWS7dtTkg2IzFjC4-DicbBa7bg8rvKiEmzFMhtuS8WMy8dWE6jMtyoP
Date: Sun, 12 Sep 2021 21:55:49 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E708
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEJdT6YJv-xsJBBTkuxoSccs&google_cver=1&google_push=AYg5qPInhE1gLSoaXN16sk3H2stlLbmJlO2iVI1OpQQqf9faPhaD1CRXq0oHalIAI2HsHwmJ5AdDfQeFcZHxwcGzH13v3_LA7_uV
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MTRINHVTRVlBVm1STWJOb1pYYy1ZUQ%3D%3D&google_push=AYg5qPInhE1gLSoaXN16sk3H2stlLbmJlO2iVI1OpQQqf9faPhaD1CRXq0oHalIAI2HsHwmJ5AdDfQeFcZHxw...

170 B
188 B

19ms
18ms

Image
image/png

74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MTRINHVTRVlBVm1STWJOb1pYYy1ZUQ%3D%3D&google_push=AYg5qPInhE1gLSoaXN16sk3H2stlLbmJlO2iVI1OpQQqf9faPhaD1CRXq0oHalIAI2HsHwmJ5AdDfQeFcZHxwcGzH13v3_LA7_uV

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MTRINHVTRVlBVm1STWJOb1pYYy1ZUQ%3D%3D&google_push=AYg5qPInhE1gLSoaXN16sk3H2stlLbmJlO2iVI1OpQQqf9faPhaD1CRXq0oHalIAI2HsHwmJ5AdDfQeFcZHxwcGzH13v3_LA7_uV
date: Sun, 12 Sep 2021 21:55:49 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 243
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H/1.1 200
OK us.php
c.eu1.dyntrk.com/adx/ga/ Frame E708 0
215 B 58ms
7ms Image
text/plain 135.125.160.77
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEB4zVmIXosr1kqozN7byyH0&google_cver=1&google_push=AYg5qPIGghIfdeVQGP365G8uLLmGNPtWVZWowRau5zEIeJezZb_l16A6UnPOCnM95skXxXU5-h7BDISWalwvB2JdXUAZEXFFoVQY
Requested by: Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.160.77 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3195934.ip-135-125-160.eu
Software: proxy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate, no-transform
x-rc: 14
server: proxy
content-length: 0
content-type: text/plain

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E708
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEE4ZKCCdTokxIq3mQHLwGAE&google_cver=1&google_push=AYg5qPL911S29hxNHDccAErn1BSqCjvgWy69pwmsIDbtiOtHj6ipkpH49V_grZdebuCl4KkTEiJ7Rz4Vi7gNAGwrm...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEE4ZKCCdTokxIq3mQHLwGAE&google_cver=1&google_push=AYg5qPL911S29hxNHDccAErn1BSqCjvgWy69pwmsIDbtiOtHj6ipkpH49V_grZdebuCl4KkTEiJ7Rz4Vi7gNAGwrm...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL911S29hxNHDccAErn1BSqCjvgWy69pwmsIDbtiOtHj6ipkpH49V_grZdebuCl4KkTEiJ7Rz4Vi7gNAGwrmTTdqbLR95LG&google_hm=4f787d2007f455cf3be4e928

170 B
188 B

18ms
17ms

Image
image/png

74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL911S29hxNHDccAErn1BSqCjvgWy69pwmsIDbtiOtHj6ipkpH49V_grZdebuCl4KkTEiJ7Rz4Vi7gNAGwrmTTdqbLR95LG&google_hm=4f787d2007f455cf3be4e928

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 12 Sep 2021 21:55:48 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL911S29hxNHDccAErn1BSqCjvgWy69pwmsIDbtiOtHj6ipkpH49V_grZdebuCl4KkTEiJ7Rz4Vi7gNAGwrmTTdqbLR95LG&google_hm=4f787d2007f455cf3be4e928
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E708
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEH...
https://sync.targeting.unrulymedia.com/csync/RX-93360887-5ba9-4a90-936e-5719598df51e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPK-kjxz71BdXN-heX82m...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK-kjxz71BdXN-heX82mhR6v9Xr1HCvTbVBLyzMwvDiifzNMoCLDk8_S5QEQR9SvCbids7WX2XihVzBxj3SfJ1hJVq3B_29&google_hm=A5M2CIdbqUqQk25XGVmN9R4

170 B
188 B

18ms
18ms

Image
image/png

74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK-kjxz71BdXN-heX82mhR6v9Xr1HCvTbVBLyzMwvDiifzNMoCLDk8_S5QEQR9SvCbids7WX2XihVzBxj3SfJ1hJVq3B_29&google_hm=A5M2CIdbqUqQk25XGVmN9R4

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK-kjxz71BdXN-heX82mhR6v9Xr1HCvTbVBLyzMwvDiifzNMoCLDk8_S5QEQR9SvCbids7WX2XihVzBxj3SfJ1hJVq3B_29&google_hm=A5M2CIdbqUqQk25XGVmN9R4
date: Sun, 12 Sep 2021 21:55:49 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX933608875ba94a90936e5719598df51e003
content-type: text/html

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame E708 0
44 B 947ms
250ms Image
text/plain 3.115.67.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEMJ5wFbrKsBPDSkCvnkTgsw&google_cver=1&google_push=AYg5qPJ_jHiH7UC5mZgpqS8Hns-ZRvzaFho0jLdPmMob_42vZPh_hoIlssL7zr75LLZgjYgE1FVZ-Kgu-mPIjY38ev7SwAcs0UVa
Requested by: Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.115.67.144 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-115-67-144.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:49 GMT
server: awselb/2.0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame E708 0
244 B 50ms
15ms Image
text/html 74.125.140.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KFXdGH6q5AYuIf6ciznR2gVndUXE3p2P765ykl0Wqn9AYHejxzqmt6xfTG1S79NLSf_8wi

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.140.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8A46
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

17ms
16ms

Document
text/html

173.194.76.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
URL: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f157.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlMcylV3c1YnN5G9bsuWuVm3ROlfjvtX-6qh_968ORTgAOW8_8e6xU8IzJTef4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 12 Sep 2021 21:55:48 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 12-Sep-2021 22:55:48 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 21:55:48 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 12 Sep 2021 21:55:48 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
645 B 74ms
74ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxNjExLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxNjExLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:49 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2BbOz%2FP0Tf37VJLs%2Fkwb5u10iPSY8VlHu8WFU0X6QAFTiWb7XGGPxwWiEjcfd%2F%2BsD%2FirPG15%2Fqo1Y85kjOM3%2BQ1XbJK5sJ%2FlGRKeY1c%2FkMGdplJYGQ0vRY3V0x1ZPVYJl5VrtM16"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61d7fe2a4114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:49 UTC

POST
H3 204 csi
csi.gstatic.com/ Frame FA81 0
17 B 28ms
14ms Ping
image/gif 216.239.32.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kthrasoh&c=1751016277933&slotId=875508138966.5&qqid=CMHE4Mm2-vICFVFSGwodlvEBwg&fb=outstream-lima&ulv=1&cll=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210908_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:49 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
638 B 36ms
36ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI1NzE1ODk3MDI3MzcwMjA3IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJhZF9wb3NpdGlvbiI6MTYxMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjU3MTU4OTcwMjczNzAyMDciLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxNjExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI1NzE1ODk3MDI3MzcwMjA3IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS00LTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJhZF9wb3NpdGlvbiI6MTYxMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjU3MTU4OTcwMjczNzAyMDciLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTQtMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxNjExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:49 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ysu1hezOXqRzwfUtu6bf%2BsUlg2ln%2BE716QbxwmNBYv785qZgssE65AlimSBMmQ%2BwKlPYA4N8%2FPr%2B7EwpxFQAp40xDaZoLU4QH21eer8bCwL770y3I40MmL%2BHHFQVhmMtsma5KcYy"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61d97fd94114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:48 UTC

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
637 B 77ms
76ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjA0NjI4Njc2MTM0Nzk0MSIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJlc2xhY3Rpdml0eV9vcmctcGl4ZWwxIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjk5OTksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6bnVsbCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzE2MDAsMTIwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjYwNDYyODY3NjEzNDc5NDEiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZXNsYWN0aXZpdHlfb3JnLXBpeGVsMSIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjo5OTk5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOm51bGwsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjA0NjI4Njc2MTM0Nzk0MSIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJlc2xhY3Rpdml0eV9vcmctcGl4ZWwxIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjk5OTksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6bnVsbCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiJ1bmRlZmluZWQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjA0NjI4Njc2MTM0Nzk0MSIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJlc2xhY3Rpdml0eV9vcmctcGl4ZWwxIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjk5OTksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6bnVsbCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzE2MDAsMTIwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjYwNDYyODY3NjEzNDc5NDEiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZXNsYWN0aXZpdHlfb3JnLXBpeGVsMSIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjo5OTk5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOm51bGwsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjA0NjI4Njc2MTM0Nzk0MSIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJlc2xhY3Rpdml0eV9vcmctcGl4ZWwxIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjk5OTksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6bnVsbCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiJ1bmRlZmluZWQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:50 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gv%2FHc8U0%2F2KAm%2FOZHQ4b4HhOp2T8c08jNd5J7oyaRM%2B38pAMgFUxD8d6WKUtjjMHIi0jzZZFvS8utW65TMdmbGOH8gafqNH7E1dcCnK7dkl1mOJz729pFltcfTl%2B06QVBDxoGO5G"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61decd924114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:49 UTC

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 345 B
175 B 408ms
408ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=3173901077340512&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C728x90&ris=3&rcs=1&prev_scp=a%3D%257C251%257C%26iid1%3D3985041981374588%26eid%3D3985041981374588%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Deslactivity_org-medrectangle-2-3985041981374588%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D16%26bvm%3D0%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D800%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D33%2C168%2C0%2C157%2C0%2C193%2C66%2C0%2C0%2C156%2C205%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C783%2C15%2C16%26ax_ssid%3D10082%26lb%3D1600%26reqt%3D1631483750816&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483750&dt=1631483750822&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1110&adks=2551144693&ucis=2&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

5c086c83715aa5eff9f5b62589f7cbd656232fde0464b5eac6ae9291e95f7dea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:51 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 jquery.min.js Show response
www.eslactivity.org/wp-includes/js/jquery/ 91 KB
34 KB 18ms
18ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-includes/js/jquery/jquery.min.js?screx=1&sxcb=3a&ver=3.6.0
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7371660bc165dcb561da1a896e5dd656e43871cb9ae22471beab98ed49be73b1

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?screx=1&sxcb=3a&ver=3.6.0
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 116895
x-ezoic-cdn: Hit ds;mm;79d923542e7447366a12582e22857ea2;2-118073-3;2c3e6b35-f299-4240-786e-659a010bdd35
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Wed, 28 Jul 2021 19:47:43 GMT
server: cloudflare
etag: W/"15db1-6101b45f-3055ecacc972a24e;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4P91mkEVES7Ry2A3YKRmY3rAroMt4B1%2F6iUYQep8nS%2FJ0qC%2B36ZhJrnlQpHDXkbc%2FH7emBzUVPL32nsixoP2%2F2DGRwYBOVLHq5csdeJA%2FbZWUu4kdp72%2FFZ%2B%2FVHW%2FxZlvaRJj8UK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=259200
x-ez-minify-js: 0.35% 93547 / 93877
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61eb9bad4114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 71 KB
24 KB 15ms
15ms Script
text/javascript 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.eslactivity.org
URL: https://www.eslactivity.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

sffe /

Resource Hash

1e2cbb79672e3641293b4f1acab798d4abad59e6097fbad0964af960a9585c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "985 / 337 of 1000 / last-modified: 1631311949"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25039
x-xss-protection: 0
expires: Sun, 12 Sep 2021 21:55:52 GMT

GET
H3 200 mc-validate.js Show response
www.eslactivity.org/ezossp/unknown/s3.amazonaws.com/downloads.mailchimp.com/js/ 139 KB
48 KB 22ms
21ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/ezossp/unknown/s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js?screx=1&sxcb=3a
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d97d83108d09d96f0bac00aecbed70ae15d567422acb36cb8ff2004e9628b60

Request headers

:path: /ezossp/unknown/s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js?screx=1&sxcb=3a
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 57412
cf-polished: origSize=148911
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: H5AP9ABRZ22X912Z
x-amz-id-2: THFyHYiHzQWROyeZOPRSBZI9BW4SFhyRUqP0sc8BKTWCDej2kGcrfLTJkYOO84jgnioTREveZ1U=
x-origin-cache-control: public,max-age=2592000
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"6465dd4a8331265e6629cd069e03504c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8aAvqAxTXXKUz57q%2FztclnJqRixNDLNoN8NBpaJ%2Fe6ha8mZY5MauB2T9pVAHylBMMwtx2vyAj4gPueoW7v6DejsG67PHsunNr00oY2n9O3T0HYtnKBzcaClqgNJaP1M%2F3HF27sl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=259200
x-ez-proxy-out: true 2.3
cf-ray: 68dc61ebdbef4114-PRG
cf-bgj: minify

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 345 B
175 B 372ms
372ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=159383816815351&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C728x90&ris=2&rcs=2&prev_scp=a%3D%257C251%257C%26iid1%3D3985041981374588%26eid%3D3985041981374588%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Deslactivity_org-medrectangle-2-3985041981374588%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D16%26bvm%3D0%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D500%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D33%2C168%2C0%2C157%2C0%2C193%2C66%2C0%2C0%2C156%2C205%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C783%2C15%2C16%2C12%2C13%2C14%2C15%2C16%26ax_ssid%3D10082%26lb%3D800%26reqt%3D1631483751325&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483752&dt=1631483752331&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1110&adks=2551144693&ucis=2&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

fda625550c4655fe0a08c5a57d980eb29fce43981e72bca22024895a9f9b2068

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 75ms
8ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: F3WYFBQ44Q2G0CFD
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-08-10 08:54:27
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Kzgb2dwdVDwyLCTvHsZXncN4YdFhrPX778n3LamJ4MTck7tfGc58WNZzyg1g3dO3XdsQwE6N+/s=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:12 GMT
server: BunnyCDN-DE1-756
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=600
cdn-requestid: 064af90fdcadf7b5cff700d13f2939b0
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 jquery.scrollTo.min.js Show response
www.eslactivity.org/wp-content/themes/restored316-market/js/ 2 KB
2 KB 18ms
18ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/js/jquery.scrollTo.min.js?screx=1&sxcb=3a&ver=1.4.5-beta
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 380e2d413fd0a920eb7146ffc14c4fa32efc47eff373638b0e4b935dfc1f9720

Request headers

:path: /wp-content/themes/restored316-market/js/jquery.scrollTo.min.js?screx=1&sxcb=3a&ver=1.4.5-beta
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 140208
x-ezoic-cdn: Hit ds;mm;029c53c4c9fd067e38ed2a743152c1e3;2-118073-3;561cd521-8732-4040-76d5-237bd7dbc8eb
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"986-5fe4f158-9e6ef5365e518d32;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=euRu9F9j1DjHiDy4VUBaTOdBSpitEJ2nMIgSemIXpxYLtUDMDBTj%2B4OjncADSnk5lNNJjGdB4BcGSgKzPGwbI4tm20e5afE%2FRBGSL8C5qdx5keavEE2K5tX1oiWO0Xg7ITPoSsSX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=259200
x-ez-minify-js: 19.48% 1963 / 2438
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61ec7c894114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H3 200 fadeup.js Show response
www.eslactivity.org/wp-content/themes/restored316-market/js/ 473 B
1 KB 18ms
17ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/js/fadeup.js?screx=1&sxcb=3a&ver=1.0.0
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c8a96264597d3c45a3a1666ed9e495cb0f49805d5bf26d7aab2db2399a3e0dd

Request headers

:path: /wp-content/themes/restored316-market/js/fadeup.js?screx=1&sxcb=3a&ver=1.0.0
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
etag: W/"320-5fe4f158-670d6c6961adc9a0;gz-gzip"
cf-cache-status: HIT
wpx: 1
age: 128612
x-ezoic-cdn: Hit ds;mm;456ee8893d36e680d9cb434e9e924c0a;2-118073-3;386a5b8d-10a8-4021-76b2-19afdc31763c
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
x-origin-cache-control: public, max-age=604800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H1vyzbxr7hMrc%2ByXsBCnRnXbfdulkmNSQnIMckyGCH5zlnLwi2AABErGU2v02OgOziVxsOhhluqowJet51Babyzrr1x2v07snXwGcqe8y76ZvHPy34Z%2BLhyO0kztZtRp%2Bij38H72"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=259200
x-ez-minify-js: 48.64% 473 / 921
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61ec9cb94114-PRG
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H3 200 jquery.matchHeight-min.js Show response
www.eslactivity.org/wp-content/themes/restored316-market/js/ 4 KB
2 KB 20ms
19ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/js/jquery.matchHeight-min.js?screx=1&sxcb=3a&ver=1.0.0
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5f30c8ec6448e3f08c56351cae9cb846381e05f2686561fdc279a3705ad3683

Request headers

:path: /wp-content/themes/restored316-market/js/jquery.matchHeight-min.js?screx=1&sxcb=3a&ver=1.0.0
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 116895
x-ezoic-cdn: Hit ds;dm;2d7b8cf098905e7181b72d0a6cc6927a;2-118073-3;0f3b5a52-dc49-4ead-57aa-2d9a29b2ecfe
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"be5-5fe4f158-751ed718788af43d;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aSVROoZu%2Bz3lmr83qj1Zz2xTKkfT3IX9ixzdUQurl9ZDEhWl582cSKqHRdKjD%2FNgMPSxoDQ1Bqc89NmgFBgkabHTDq9fBtfle2uRXKEWDe41%2FQnUAbY9prL20nOyOkyx2prW2oLg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=259200
x-ez-minify-js: 3.73% 3899 / 4050
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61ecbcd94114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H3 200 matchheight-init.js Show response
www.eslactivity.org/wp-content/themes/restored316-market/js/ 308 B
1 KB 22ms
22ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/themes/restored316-market/js/matchheight-init.js?screx=1&sxcb=3a&ver=1.0.0
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75354b56690f6df16b081585d5731ab2548528e8e10d792babd079834a9740b4

Request headers

:path: /wp-content/themes/restored316-market/js/matchheight-init.js?screx=1&sxcb=3a&ver=1.0.0
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
etag: W/"c4-5fe4f158-d35d2bdaefad53d9;;;-gzip"
cf-cache-status: HIT
wpx: 1
age: 86702
x-ezoic-cdn: Hit ds;ds;1619b0847b9d90a0039bb72b6c266be1;2-118073-3;039e5ba0-5c36-4339-4015-09cc98a2224f
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
x-origin-cache-control: public, max-age=604800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rB4qrbEANHoGAwDv%2BX%2BOYH76FUtaXca4rtZPY%2Bvqz0zJEm4Vhb6NGtNvkuH6NUvuleje38ifjl3gopcgzvIAZc8B%2BPXufKmab1mbETtkwy7Kv7SeN2X3w5iGANfULms%2BHtEdUOKQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
cache-control: public, max-age=259200
x-ez-minify-js: 3.75% 308 / 320
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61ececf24114-PRG
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 6ms
6ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 1ZQEWHAMVKQ7GYB9
cdn-cachedat: 08/11/2021 08:27:12
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: kmFKyXlcNfWRvLk73k8+XQ19wYCytEHCTISpCux9qKXgMmTWTauGgYuQX+XFo3SzIUCSissBAiY=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:49 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 6dc261af176d63d3044a463290816bf8
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 14ms
14ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: TBY01K4HP9CGD4T8
cdn-cachedat: 08/11/2021 06:56:09
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: zxdeegSWyj0r5KeMe1/TVBrRHqZLd4efcDcAMD1YkADnK6T70g4ma5XkPClgzRKwYXb8pz26pBk=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:50 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 1e1728fac9f8c76188ced1b1d9b0145b
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 scripts.min.js Show response
www.eslactivity.org/wp-content/plugins/aawp/public/assets/js/ 6 KB
3 KB 18ms
18ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-content/plugins/aawp/public/assets/js/scripts.min.js?screx=1&sxcb=3a&ver=3.14.3
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88c1e3816a68c706ed64ebcd5f488218401ac27ccf31a8e6b091584f66089d07

Request headers

:path: /wp-content/plugins/aawp/public/assets/js/scripts.min.js?screx=1&sxcb=3a&ver=3.14.3
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 140208
x-ezoic-cdn: Hit ds;mm;a017711431f0d66ebae1f5233b61f145;2-118073-3;e4c5fa48-d42e-4d1f-4bf8-01a1e69298ce
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"1689-5fe4f12c-3d9660abe44fffe4;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6GCPXxOAxcMy5cWi%2BDacCelscS%2BQHAI0Vf%2FyZA5uUroGrUjbWBvSnoKgTBm5vhzKbuButpHjUInp1dKw7G5FZK9N8BnMZiFZRLbaDxj8xOJS5wIEQdN4Wl3mJpgCMiZ692%2B5abm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=259200
x-ez-minify-js: -0.02% 6153 / 6152
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61ed0d0f4114-PRG
display: staticcontent_sol, staticcontent_sol

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
640 B 76ms
76ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjI0MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjI0MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTcxNTg5NzAyNzM3MDIwNyIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtNC0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjE2MTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjI0MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjI0MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YqlAO4MYEbeP2g2hXISdGfE9RH18ILKVCES6TXus7TQ11zP9uzznwjrT9aCt%2BsQUawiInMGh7MngSWo%2F2Ki56L%2FX1N0lV2xSPFJ%2BjGoGYgEjfMV%2FxKnsvMWyTGOcN%2FK0ONXLc36n"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61ed1d1e4114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:59 UTC

GET
H3 200 wp-embed.min.js Show response
www.eslactivity.org/wp-includes/js/ 2 KB
2 KB 18ms
18ms Script
application/javascript 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/wp-includes/js/wp-embed.min.js?screx=1&sxcb=3a&ver=5.8.1
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4ab40913e42197d665b5a038ab417d5b20c8ebfecdfa52573a366b489bea263

Request headers

:path: /wp-includes/js/wp-embed.min.js?screx=1&sxcb=3a&ver=5.8.1
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezux_lpl_118073=1631483747486|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; ezouspvv=1200; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
wpx: 1
age: 44429
x-ezoic-cdn: Hit ds;mm;4d3ae761ecf1c1675ff2e91f19512d42;2-118073-3;404e14fb-7175-472f-61b1-85d1ec3f4c99
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-origin-cache-control: public, max-age=604800
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: W/"592-601b45e5-8730141036d93fd8;gz-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ui71f9WEePuBb0surcbDT3b6goBqPmw5RIkvFq%2FcfuXR1NHwlmKz0vd%2B4UYDQH%2BTf5%2BnFaM3U%2F2Ee7bOAWvONcUJO1JV0vSqBL9KtlV0YZK%2BXrL%2BbWBHgEP8bW1o73KLznHr%2FCWJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=259200
x-ez-minify-js: 0.86% 1605 / 1619
x-turbo-charged-by: LiteSpeed
x-ez-proxy-out: true 2.3
cf-ray: 68dc61ed2d254114-PRG
display: staticcontent_sol, staticcontent_sol

POST
H2 200 / Show response
sumo.com/api/load/ 878 B
1 KB 517ms
170ms XHR
application/json 52.34.133.113

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 -, , ASN (),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

091d25fe4d01ee6fb81ac7e60614d2fb70c7c2aaf56acba4bb107c45ae5634d2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 878

GET
H2 200 / Show response
geolocation-db.com/jsonp/ 176 B
280 B 88ms
26ms Script
text/html 159.89.102.253

General

Check archive.org

Show headers Download Go to

Full URL: https://geolocation-db.com/jsonp/?callback=callback&_=1631483752287
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/wp-includes/js/jquery/jquery.min.js?screx=1&sxcb=3a&ver=3.6.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.89.102.253 -, , ASN (),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e827304636e3d6a3cf282d69a86d9fbd52c2f4c14088fc949aee215c3aa683a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 55ms
17ms Preflight
application/json 178.250.0.157

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.eslactivity.org%2F&domain=www.eslactivity.org&cw=1&lsw=1

Protocol

Server

178.250.0.157 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.eslactivity.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1372
date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 json Show response
gum.criteo.com/sid/ 350 B
629 B 47ms
17ms XHR
application/json 178.250.0.157

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.eslactivity.org%2F&domain=www.eslactivity.org&cw=1&lsw=1

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 -, , ASN (),

Reverse DNS

Software

Resource Hash

6c7a7e0de859cf35f40448fd8e2e2c10973d9d1dd0e71dbac23985c02703c608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Sun, 12 Sep 2021 21:55:52 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2407
expires: 0

POST
H2 200 cookie_sync Show response
pb-server.ezoic.com/ 269 B
674 B 184ms
98ms XHR
application/json 52.222.158.21

General

Check archive.org

Show headers Download Go to

Full URL: https://pb-server.ezoic.com/cookie_sync
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.158.21 -, , ASN (),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 14375082f18c8501a36b803a80a3489476d037a97867ffa2a1aae1b65df4fa57

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:52 GMT
via: 1.1 0e5084c3f3749abdd1195ad293d2faa2.cloudfront.net (CloudFront)
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: CDG52-P2
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 269
x-amz-cf-id: ibEcG-PTdUu6WgHfrG3nkLGaMVV-uyzLCRu9BwRvq_dcdJZ9bLrQnw==
expires: 0

POST
H2 200 auction Show response
pb-server.ezoic.com/openrtb2/ 152 B
544 B 205ms
120ms XHR
application/json 52.222.158.21

General

Check archive.org

Show headers Download Go to

Full URL: https://pb-server.ezoic.com/openrtb2/auction
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.158.21 -, , ASN (),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: cfae1836e960b80fc6e22941a3bc4c428f233e1eb3b9b4d1e45302236f66ab95

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:52 GMT
via: 1.1 0e5084c3f3749abdd1195ad293d2faa2.cloudfront.net (CloudFront)
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: CDG52-P2
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 152
x-amz-cf-id: QLRcwkU_7-4EbMtt3wk0UeAtz60n3TVLH65mYfmQDYCEcei2XYdEig==
expires: 0

POST
H2 204 ortb Show response
bid.contextweb.com/header/ 0
525 B 317ms
98ms XHR
text/plain 198.148.27.134

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.148.27.134 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
server: envoy
cwdl: 22/148,22/148,22/148,22/148,22/148
access-control-allow-origin: https://www.eslactivity.org
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
cw-server: bid-deployment-678b656b95-hs5vg

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
117 B 100ms
58ms XHR
text/plain 35.157.23.185

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.23.185 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.eslactivity.org
date: Sun, 12 Sep 2021 21:55:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 131ms
89ms XHR
text/plain 35.157.23.185

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.23.185 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.eslactivity.org
date: Sun, 12 Sep 2021 21:55:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 119ms
77ms XHR
text/plain 35.157.23.185

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.23.185 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.eslactivity.org
date: Sun, 12 Sep 2021 21:55:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 129ms
88ms XHR
text/plain 35.157.23.185

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.23.185 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.eslactivity.org
date: Sun, 12 Sep 2021 21:55:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
116 B 131ms
90ms XHR
text/plain 35.157.23.185

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.23.185 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.eslactivity.org
date: Sun, 12 Sep 2021 21:55:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
288 B 83ms
48ms XHR
application/json 178.250.2.131

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.10.0&cb=45448854172
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 -, , ASN (),
Reverse DNS
Software: Finatra /
Resource Hash: ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 13 KB
7 KB 624ms
281ms XHR
application/json 204.237.133.116

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7095dcf04504716b0978275ecf2747212e7481d87cf42438edc18a4cfabc2faa

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.eslactivity.org
date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: gzip
x-openrtb-version: 2.3
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
479 B 370ms
62ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691b20174742046e2210bface012a&pos=8a969573017474204a2a2112183c0007&cmd=bid&eidquantcast.com=P0-1614549141-1631483747418&secure=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/7.1.2.138 /
Resource Hash: 3b3b8eef8b98faaafd592e4ffe1723831862017715ac0a716f56a9750dfc37a1

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 12 Sep 2021 21:55:53 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.eslactivity.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 370ms
61ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691b20174742046e2210bface012a&pos=8a9691b20174742046e2211258fd01b2&cmd=bid&eidquantcast.com=P0-1614549141-1631483747418&secure=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/7.1.2.138 /
Resource Hash: 2e08c25e8793291f91e03d929d125cc24a4b8203b4872c2afceacf5ce8739b7c

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 12 Sep 2021 21:55:53 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.eslactivity.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4685

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 370ms
62ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691b20174742046e2210bface012a&pos=8a9691b20174742046e221122739019e&cmd=bid&eidquantcast.com=P0-1614549141-1631483747418&secure=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/7.1.2.138 /
Resource Hash: a3c7ee1296179d8896272e3b0e05b800eb7852c93ece1a5318d2fe08d4eb9e92

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 12 Sep 2021 21:55:53 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.eslactivity.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4683

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 371ms
62ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691b20174742046e2210bface012a&pos=8a9691b20174742046e2211192be014f&cmd=bid&eidquantcast.com=P0-1614549141-1631483747418&secure=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/7.1.2.138 /
Resource Hash: b9eed48a68c7908209d36fc554a5952d21964c8d365d83818381a3cc202e02da

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 12 Sep 2021 21:55:53 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.eslactivity.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4685

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 376ms
68ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691b20174742046e2210bface012a&pos=8a9691b20174742046e22111a2e4015c&cmd=bid&eidquantcast.com=P0-1614549141-1631483747418&secure=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/7.1.2.138 /
Resource Hash: 2b223c3e63eb2dbec436d1732f82e501b41cb56a6d8d4365ab714b1a31ab0e88

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 12 Sep 2021 21:55:53 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.eslactivity.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4670

POST
H2 204 mvo Show response
tag.1rx.io/rmp/215626/0/ 0
175 B 60ms
22ms XHR
text/plain 213.19.147.42

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/215626/0/mvo?z=1r&hbv=5.10,2.1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 -, , ASN (),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.eslactivity.org
pragma: no-cache
date: Sun, 12 Sep 2021 21:55:52 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
823 B 72ms
36ms XHR
application/json 34.107.148.139

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUBCB617
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: d34b8c6d9b727729c03059d4edae8f9b47b911293e7307098d963c49e67d05e6

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
377 B 127ms
99ms XHR
application/json 23.37.38.181

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=305141&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22545a8b9e3b9f223%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.eslactivity.org%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%2C%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A5%2C%22ren%22%3Afalse%2C%22version%22%3A%225.10.0%22%2C%22userIds%22%3A%5B%22quantcastId%22%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%225566712f0b94053%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22728x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22563c8f0c00eb46a%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22305145%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%225729cb50e66abd3%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22305139%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%225803c2922d0d88c%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22305143%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22597f9bacab24f6c%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22305144%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22ezoic.ai%22%2C%22sid%22%3A%2244c1a52cb466fe2c7ca353f64031bfaa%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 8826a7fb8727405ff5cfcc64823ef78fc108bfe127f8bef2daf24ac0e7e6866e

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.114.133], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.eslactivity.org
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 12
expires: Sun, 12 Sep 2021 21:55:52 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 677 B
183 B 432ms
431ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=3107057042340311&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-box-4%2Ceslactivity_org-banner-1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%2C300x250&prev_scp=a%3D%257C3%257C%26iid1%3D690533925349915%26eid%3D690533925349915%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1612%26sap%3D1612%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Deslactivity_org-box-4-690533925349915%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D1300%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%26ax_ssid%3D10082%7Ca%3D%257C251%257C%26iid1%3D3252502759358285%26eid%3D3252502759358285%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1613%26sap%3D1613%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D30%26al%3D1030%26compid%3D0%26tap%3Deslactivity_org-banner-1-3252502759358285%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D1000%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%26ax_ssid%3D10082&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483752&dt=1631483752785&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=460%2C460&adys=1513%2C1968&adks=1240438188%2C1628932059&ucis=4%7C5&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=820x250%7C820x250&msz=300x250%7C300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=0%2C0&ohw=0%2C0&btvi=1%7C2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

4a6adebcc057c7bf12ac6fed0388fd970f17198396c911aa89bb8e9417a31006

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154
x-xss-protection: 0
google-lineitem-id: -2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 345 B
175 B 461ms
461ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=3425279859402502&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C728x90&ris=1&rcs=3&prev_scp=a%3D%257C251%257C%26iid1%3D3985041981374588%26eid%3D3985041981374588%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Deslactivity_org-medrectangle-2-3985041981374588%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D16%26bvm%3D0%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D260%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D33%2C168%2C0%2C157%2C0%2C193%2C66%2C0%2C0%2C156%2C205%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C783%2C15%2C16%2C12%2C13%2C14%2C15%2C16%2C20%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%26ax_ssid%3D10082%26lb%3D500%26reqt%3D1631483752849&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483752&dt=1631483752854&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1110&adks=2551144693&ucis=2&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

0d285670abc42058dce9cd3cf01685cad860ef59ac0b1df07f583f26bb4dc4c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 5953 2 KB
872 B 66ms
7ms Document
text/html 51.89.9.253

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?redir=https%3A%2F%2Fpb-server.ezoic.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BUSER_TOKEN%7D

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 -, , ASN (),

Reverse DNS

Software

Resource Hash

ee22f683394ec9d609b8c7b90e446dc4fde1cdcf0895322f7004078b5d3ed549

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?redir=https%3A%2F%2Fpb-server.ezoic.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BUSER_TOKEN%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 780
strict-transport-security: max-age=15552000

GET
H2 200 setuid
pb-server.ezoic.com/ Frame 5953 0
597 B 54ms
53ms Image
text/plain 52.222.158.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pb-server.ezoic.com/setuid?bidder=onetag&gdpr=0&gdpr_consent=&uid=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fpb-server.ezoic.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BUSER_TOKEN%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.158.21 -, , ASN (),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:52 GMT
via: 1.1 0e5084c3f3749abdd1195ad293d2faa2.cloudfront.net (CloudFront)
server: nginx/1.14.0 (Ubuntu)
x-amz-cf-pop: CDG52-P2
x-cache: Hit from cloudfront
cache-control: no-cache, no-store, must-revalidate
content-length: 0
x-amz-cf-id: bk1DFWvf8z0ouwqi3mz6s-RnSzfpH8d1dSjqh6RztWuCQ86gKO1Y5A==
expires: 0

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 163ms
163ms Preflight 52.34.133.113

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Server: 52.34.133.113 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-sumo-auth
Origin: https://www.eslactivity.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.18.0
date: Sun, 12 Sep 2021 21:55:53 GMT
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

POST
H2 200 services Show response
sumo.com/ 31 KB
4 KB 177ms
177ms XHR
application/json 52.34.133.113

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 -, , ASN (),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

963baee209f295e1df6e581c9962b5d93abb8e95ec1ebddd147105bf471b9322

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
X-Sumo-Auth: OT9QVe9uQBCzEo0qXHP0MAH3
Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-credentials: true
content-type: application/json; charset=utf-8

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
34 KB 17ms
17ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: CJCF7CW3MV8N7Q6G
cdn-cachedat: 08/11/2021 03:14:52
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: CNkELBse4Y593KQCSQRX1oicsKF7scX+YJuwfC6ldz4XD7H1DIWNNU10iOgfiLXPokfuDShuseU=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:47 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 5ef6a1dec7bf29cc40f7836049a9a461
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 6ms
5ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: N4YGPYHRDAC7QXZH
cdn-cachedat: 08/11/2021 01:00:42
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ZyN3peb0mEdiK4szAABWta3Npp/s6aFp7SGneDOBlLz3RaDSa8Ho9RodM0lRLwgOOWsqwAYTQsw=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:24 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 66f90917c841ee80f3a23f671c662030
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 7ms
6ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 2SS2EKNC96E2ZWBC
cdn-cachedat: 08/11/2021 07:55:22
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: om0ubvn3AJVIJeo5FDAPngcnCeGFDV5cdl7Dh1LWb3Mu8+tH0a0qkWEe40YkJMrjWEKHYhxQ8Po=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:08 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 24a766262f9653ba4a0af9ee165e2a13
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 7ms
6ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: MER4KM6F7Q2JNQ5W
cdn-cachedat: 08/11/2021 07:29:34
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: E5dcQp/o1cIppfojsowKVOXW7ZUiiNp7ocDAMKJh6oiooddIklNQ5UOgh1R9uM2pZdkJYmHadl8=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:54 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 7bcb41d0dc5b7515800f54a53a0ca928
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 7ms
6ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: SDRMZCHBH8JCG4EW
cdn-cachedat: 08/11/2021 01:39:03
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Mh4g/5w6u8Sn3oSvTIRlHjXYmlpmbUcVAuUhwYOrgj1kCeipGQke7R0i5izHPL985rLtaJBDcAk=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:10 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 6bf1250226e6ab5aa3c71ae89cfc620e
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 9ms
8ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 9XQCP7NW3WVDSYTB
cdn-cachedat: 08/11/2021 03:15:25
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ld40Pz0CH+lzXng12qFYRohEmnjI9dEBceKZ2sX+7mdR6hnYe912+QkcLiFlJd9TnthnETGE3YM=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:10 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 3cedd21c9043fb8fcde98db7e8c9e3fc
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 12ms
12ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: PC6V8XNR7Q61HHSG
cdn-cachedat: 08/11/2021 04:57:29
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ZHXqsNODWdp8QMufVJkeNZ8Xe+OkUm7aygEJNy5f/FZIdtn7oJxkd0gh20eHC6PhK+QjRbS0Qac=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:09 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 91ac521db71ce9f0daed096057b22980
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 15ms
14ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: HA5WXKDDR49J14S5
cdn-cachedat: 08/11/2021 02:58:39
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: tdwIiEVSoIoFjCT91hbXGtcKx2WNNGkRfehwR63674L7CkYizIxkDrZIK4AWzM2dkDrPOU4IpNM=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:44 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 63503fd490f351195dac4f411d4c2688
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 7ms
6ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 72BJV4V2M6106661
cdn-cachedat: 08/11/2021 06:53:00
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: geN8VZqyqgjzxGHn+iZxJjzqyPacwIfonJ7M/Gfx/SPZ8YbafYphswHvw0hJB5OpVkDQ305Tt6o=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:53 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 42c38632226882836e289d700097552b
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
80 KB 8ms
7ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: ETN9Y2CB4JR36VS8
cdn-cachedat: 08/11/2021 06:56:51
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: hmfe8ryATIBRescEh6v33eH8sJ61l9gyYCWqjtX5MgK5uVzXNqi4XzjIlkZQAGWsnUd8ANzMelg=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:08 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 36e8245b1266b0499c3c7b9ad645566b
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
958 B 8ms
7ms Script
text/javascript 89.187.169.47

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: XX71XTHVAZ9WHXF5
cdn-cachedat: 08/11/2021 01:00:39
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: IrAr89qZVaMDRwNGV7DkBYLlhQduKqBlKagxiVs2XoSkMpsnw5sFcxxojABTLTuponGysrE/vDc=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:09 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 822c734c451f0e8ea561522d3549cfc1
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 css
fonts.googleapis.com/ 20 KB
1 KB 16ms
16ms Stylesheet
text/css 74.125.133.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f95.1e100.net

Software

ESF /

Resource Hash

aabe0a1289af95490826f7c9d04dcdb59736ec069a6c794a82e4f808c69ea70e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 20:43:13 GMT
server: ESF
date: Sun, 12 Sep 2021 21:55:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 21:55:53 GMT

OPTIONS
H2 204 features
sumo.com/api/site/8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351/ Frame 0
0 166ms
166ms Preflight 52.34.133.113

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351/features?site_id=8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351
Protocol: H2
Server: 52.34.133.113 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Origin: https://www.eslactivity.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.18.0
date: Sun, 12 Sep 2021 21:55:53 GMT
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

GET
H2 200 features Show response
sumo.com/api/site/8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351/ 3 KB
1 KB 170ms
170ms XHR
application/json 52.34.133.113

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351/features?site_id=8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 -, , ASN (),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
X-Sumo-Auth: OT9QVe9uQBCzEo0qXHP0MAH3

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.18.0
etag: "-362431178"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

GET
H2 200 features Show response
sumo.com/api/site/8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351/ 3 KB
1 KB 170ms
170ms XHR
application/json 52.34.133.113

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351/features?site_id=8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 -, , ASN (),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
X-Sumo-Auth: OT9QVe9uQBCzEo0qXHP0MAH3

Response headers

date: Sun, 12 Sep 2021 21:55:53 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.18.0
etag: "-362431178"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351/ Frame 0
0 166ms
166ms Preflight 52.34.133.113

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351/features?site_id=8722fcff40035642fce025a76fc26975a1a742559cbed70d47078a87b67a0351
Protocol: H2
Server: 52.34.133.113 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Origin: https://www.eslactivity.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.18.0
date: Sun, 12 Sep 2021 21:55:53 GMT
access-control-allow-origin: https://www.eslactivity.org
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 sumo-convert
micro-cdn.sumo.com/image-resize/ 586 B
735 B 16ms
7ms Image
image/svg+xml 89.187.169.47

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://micro-cdn.sumo.com/image-resize/sumo-convert?uri=//media.sumo.com/4720b373859b04afd757651cd6d7fb201973415db9d188b41026f6b394d52c88&supported=webp,webp.alpha,webp.animation,webp.lossless&hash=2bb0c17780878006fd0ea8bc72d150f2541ec03d29592fc4a65a5604924259f3&format=webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 -, , ASN (),
Reverse DNS
Software: BunnyCDN-DE1-756 / Express
Resource Hash: d8282c6a4c6ca3d158d75674d00345a50cee1cef971be4017cf4d15be8428f1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
content-encoding: br
cdn-edgestorageid: 756
x-powered-by: Express
cdn-cachedat: 08/11/2021 06:18:14
cdn-pullzone: 31536
server: BunnyCDN-DE1-756
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: image/svg+xml
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: dc093f835144cd8ad832e3fc37f9c841
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
166 B 393ms
392ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=2626627471217747&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=1&prev_scp=a%3D%257C3%257C%26iid1%3D690533925349915%26eid%3D690533925349915%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1612%26sap%3D1612%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Deslactivity_org-box-4-690533925349915%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D650%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%2C13%2C14%2C15%26ax_ssid%3D10082%26lb%3D1300%26reqt%3D1631483753289&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483754&dt=1631483754296&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=460&adys=1513&adks=1240438188&ucis=4&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=820x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=0&ohw=0&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

243d13f51a121b03af49b88c51c4dbcd2cfcea5fc494599471763cf89b990ce5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
166 B 442ms
442ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=640461068877222&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=1&prev_scp=a%3D%257C251%257C%26iid1%3D3252502759358285%26eid%3D3252502759358285%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1613%26sap%3D1613%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D30%26al%3D1030%26compid%3D0%26tap%3Deslactivity_org-banner-1-3252502759358285%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D500%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%2C12%2C13%2C14%2C15%26ax_ssid%3D10082%26lb%3D1000%26reqt%3D1631483753290&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483754&dt=1631483754302&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=460&adys=1968&adks=1628932059&ucis=5&ifi=10&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=820x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=0&ohw=0&btvi=4&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

6497e5d7b6a70f40c6cf72e855f06b4d3ba0235ad9c8cf61e0dc72cedf4715a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
7 KB 354ms
354ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=4130016948918878&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C728x90&ris=2&rcs=4&prev_scp=a%3D%257C251%257C%26iid1%3D3985041981374588%26eid%3D3985041981374588%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Deslactivity_org-medrectangle-2-3985041981374588%26eb_br%3Da495ce7dbb4cefcd3e0a722048894f41%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D16%26bvm%3D0%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D100%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D33%2C168%2C0%2C157%2C0%2C193%2C66%2C0%2C0%2C156%2C205%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C783%2C15%2C16%2C12%2C13%2C14%2C15%2C16%2C20%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C19%2C20%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C915%2C874%2C835%26ax_ssid%3D10082%26lb%3D260%26reqt%3D1631483753356&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483754&dt=1631483754361&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1110&adks=2551144693&ucis=2&ifi=11&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

9cb7411a5b1db84ba9b9568c211ccaf8a34c8bfa386c7253888f82bc9750055a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
google-lineitem-id: 5566408270
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138334401158
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ 0
0 20ms
19ms Fetch
image/gif 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu5Oa_IcsjEVN6P-iLxVfNjvcJk3cUHs5Fx-iHX8y57ARIapSV3MHOmeobWAw51DcMCclhxFqQ1sDB8ZH7WoCRWTiOK_oU4oFrwDJuOfBVLTMtKexcc3YlMqNGeP0T-dC8lSMEHDw_9u4Qzl8baykTOwHZbP6_JVtEAryxmXMhWXmt0R-OOPI75zMPlvqo5sekZNo-ypr-69owkHnVVqOIvY72I72HRyz_yLqCHMxQxtIlET1DIp6cIJtPvf5VPr28y1fVx0GPw72PKPnZuRJs2na40XsJo5FFAz9A8aICkJO08acb2OEaX7N2OKsnNjBbDkFKW1uRjsaaJffNskvvev5-cMbiioLeVYWRB&sig=Cg0ArKJSzHlhHYZcOHLaEAE&urlfix=1&adurl=

Requested by

Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 3 KB
2 KB 97ms
24ms Script
application/javascript 104.22.2.144

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: ec476360a0ab6a94e3b29fd399796fae6e47d4e3617f93e4152a8c68b0ef0989

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

cf-ray: 68dc61fbab0127bc-PRG
date: Sun, 12 Sep 2021 21:55:54 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Sun, 12 Sep 2021 09:29:34 GMT
server: cloudflare
age: 1568
etag: W/"d74-5cbc8fc887961"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
content-encoding: gzip
expires: Sun, 12 Sep 2021 22:29:46 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ 125 KB
38 KB 22ms
21ms Script
text/javascript 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

sffe /

Resource Hash

1b6abcd01d2337e70b8fdde5a150175d2d4a3231d464e25b9cbdb5bac2bfcd2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38649
x-xss-protection: 0
server: sffe
etag: "1631273423644667"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Sun, 12 Sep 2021 21:55:54 GMT

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
638 B 70ms
69ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo1NTY2NDA4MjcwLCJjcmVhdGl2ZV9pZCI6MTM4MzM0NDAxMTU4LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5ODUwNDE5ODEzNzQ1ODgiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MCwiY3JlYXRpdmVfaWQiOjEzODMzNDQwMTE1OCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6ImE0OTVjZTdkYmI0Y2VmY2QzZTBhNzIyMDQ4ODk0ZjQxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTg1MDQxOTgxMzc0NTg4IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDEsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDEsImJpZF9mbG9vcl9wcmV2IjowLjAwMjYsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MCwiY3JlYXRpdmVfaWQiOjEzODMzNDQwMTE1OCwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5ODUwNDE5ODEzNzQ1ODgiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MCwiY3JlYXRpdmVfaWQiOjEzODMzNDQwMTE1OCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzM0NDAxMTU4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTg1MDQxOTgxMzc0NTg4IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjU1NjY0MDgyNzAsImNyZWF0aXZlX2lkIjoxMzgzMzQ0MDExNTgsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjU1NjY0MDgyNzAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo1NTY2NDA4MjcwLCJjcmVhdGl2ZV9pZCI6MTM4MzM0NDAxMTU4LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5ODUwNDE5ODEzNzQ1ODgiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MCwiY3JlYXRpdmVfaWQiOjEzODMzNDQwMTE1OCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6ImE0OTVjZTdkYmI0Y2VmY2QzZTBhNzIyMDQ4ODk0ZjQxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTg1MDQxOTgxMzc0NTg4IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDEsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDEsImJpZF9mbG9vcl9wcmV2IjowLjAwMjYsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MCwiY3JlYXRpdmVfaWQiOjEzODMzNDQwMTE1OCwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5ODUwNDE5ODEzNzQ1ODgiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MCwiY3JlYXRpdmVfaWQiOjEzODMzNDQwMTE1OCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzM0NDAxMTU4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIzOTg1MDQxOTgxMzc0NTg4IiwiZG9tYWluX2lkIjoiMTE4MDczIiwidW5pdCI6ImRpdi1ncHQtYWQtZXNsYWN0aXZpdHlfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjU1NjY0MDgyNzAsImNyZWF0aXZlX2lkIjoxMzgzMzQ0MDExNTgsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjU1NjY0MDgyNzAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; __smVID=3a2ec5a9ca158014d8a5e451860bf929f1dc435e3fd784904d4e950616d4f8c8; ezux_lpl_118073=1631483752560|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; aawp-geotargeting=US; _pbjs_userid_consent_data=3524755945110770; cto_bidid=doO2hl96dEtla2pjbjRrZVNZNzJZS041elI4SWtNSnBPcCUyRnYwMW9DdDZnNEFaSFNJQTljZUhCOWhqYiUyRnA3c2NSMVFOeDZ5UzFsZXdGM09tNkR4UzU2RGRaaEElM0QlM0Q; cto_bundle=yOPADl9Qc0pVUW1hWSUyRmV3U0FyZ2NXM0pRMUtkY09yM2dhR0V2Ylp2VXJ4MFVuekZ0M2IzZ3U1cmthMlk1M1prS3hqbzZoaWxHOHkzYm1tOUJyUyUyQjhQJTJCcFFVYTRMdyUyQkx4eXJYeEFzVzdubkd0cHZJRkclMkZtb3pBd1ZNcmw3UWRaeEFCM2M; __smToken=OT9QVe9uQBCzEo0qXHP0MAH3; ezouspvv=1300; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y56hjnUyImvkxpP6AJwxwvp7HlVVz1jLRQhdFAYp47gmjdwoKJyFX0Gbj3BdQNUclO15sNv6xNy7LyOOsKIJBVPPn4ZzGO%2BQNLIXA4LYkp%2Bgzp1hzxfLuwlzTM8rx%2F2wWQVwmZGk"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61fb3aaf4114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:53 UTC

GET
H2 200 5566408270 Show response
g.ezoic.net/dac/ 0
88 B 66ms
44ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/5566408270
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/porpoiseant/banger.js?cb=195-2&bv=74&v=52&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 12 Sep 2021 21:55:54 GMT
cache-control: max-age=3600, public
server: nginx
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
639 B 75ms
74ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo1NTY2NDA4MjcwLCJjcmVhdGl2ZV9pZCI6MTM4MzM0NDAxMTU4LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wOS0xMiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjIxIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjAifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo1NTY2NDA4MjcwLCJjcmVhdGl2ZV9pZCI6MTM4MzM0NDAxMTU4LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wOS0xMiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjIxIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjAifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; __smVID=3a2ec5a9ca158014d8a5e451860bf929f1dc435e3fd784904d4e950616d4f8c8; ezux_lpl_118073=1631483752560|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; aawp-geotargeting=US; _pbjs_userid_consent_data=3524755945110770; cto_bidid=doO2hl96dEtla2pjbjRrZVNZNzJZS041elI4SWtNSnBPcCUyRnYwMW9DdDZnNEFaSFNJQTljZUhCOWhqYiUyRnA3c2NSMVFOeDZ5UzFsZXdGM09tNkR4UzU2RGRaaEElM0QlM0Q; cto_bundle=yOPADl9Qc0pVUW1hWSUyRmV3U0FyZ2NXM0pRMUtkY09yM2dhR0V2Ylp2VXJ4MFVuekZ0M2IzZ3U1cmthMlk1M1prS3hqbzZoaWxHOHkzYm1tOUJyUyUyQjhQJTJCcFFVYTRMdyUyQkx4eXJYeEFzVzdubkd0cHZJRkclMkZtb3pBd1ZNcmw3UWRaeEFCM2M; __smToken=OT9QVe9uQBCzEo0qXHP0MAH3; ezouspvv=1300; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=74ZK3tZzlTruYpD6OwQ22i06WGZXNRdpHnFnzMB9XWekKpbLv%2BUkX8oBuMVst88npRqi9XGg%2B596TT3BpBm8EHanyG%2Bp%2Bsekb%2FDXY0KLe4fAml%2F2AgiSuBsI73FlbLLL7b11hVch"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61fb3ab34114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:54 UTC

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
634 B 76ms
75ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYXVjdGlvbl9lcG9jaCI6MTYzMTQ4Mzc1NSwiYWRfcG9zaXRpb24iOjExMDAsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTYwMCwiYmlkX2Zsb29yX3ByZXYiOjI2MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MTAwLCJhdWN0aW9uX2NvdW50Ijo1LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjozNzcsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MH1d
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYXVjdGlvbl9lcG9jaCI6MTYzMTQ4Mzc1NSwiYWRfcG9zaXRpb24iOjExMDAsImNvdW50cnlfY29kZSI6IlVTIiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTYwMCwiYmlkX2Zsb29yX3ByZXYiOjI2MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MTAwLCJhdWN0aW9uX2NvdW50Ijo1LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjozNzcsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MH1d
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; __smVID=3a2ec5a9ca158014d8a5e451860bf929f1dc435e3fd784904d4e950616d4f8c8; ezux_lpl_118073=1631483752560|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; aawp-geotargeting=US; _pbjs_userid_consent_data=3524755945110770; cto_bidid=doO2hl96dEtla2pjbjRrZVNZNzJZS041elI4SWtNSnBPcCUyRnYwMW9DdDZnNEFaSFNJQTljZUhCOWhqYiUyRnA3c2NSMVFOeDZ5UzFsZXdGM09tNkR4UzU2RGRaaEElM0QlM0Q; cto_bundle=yOPADl9Qc0pVUW1hWSUyRmV3U0FyZ2NXM0pRMUtkY09yM2dhR0V2Ylp2VXJ4MFVuekZ0M2IzZ3U1cmthMlk1M1prS3hqbzZoaWxHOHkzYm1tOUJyUyUyQjhQJTJCcFFVYTRMdyUyQkx4eXJYeEFzVzdubkd0cHZJRkclMkZtb3pBd1ZNcmw3UWRaeEFCM2M; __smToken=OT9QVe9uQBCzEo0qXHP0MAH3; ezouspvv=1300; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kx6LFVldd94KoK55BFrYXGWpjVCJC%2B5Tt5axJHSSFqGLbTHtKq3x53jdmCs11MSGojvrwrWcSSqc29MsiXAXE7g%2B3h5AW8dSI7y631jpOHNc2rTK4ULUCNcYOB801ek7nBSZcIDM"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61fb3ab44114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:53 UTC

GET
DATA 200
OK truncated
/ 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c237f7d584dc8820bb04467d8c928d2091a943ae05113d544f052d0a0741b023

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
166 B 481ms
481ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=3712699478842711&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=a%3D%257C3%257C%26iid1%3D690533925349915%26eid%3D690533925349915%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1612%26sap%3D1612%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Deslactivity_org-box-4-690533925349915%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D450%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%2C13%2C14%2C15%2C11%2C12%2C13%2C14%2C15%26ax_ssid%3D10082%26lb%3D650%26reqt%3D1631483754801%26hb_bidder%3Donemobile%26hb_adid%3D62b541750962a11%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D11293%26hb_opt%3D0.01&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483754&dt=1631483754805&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=-9&adys=-9&adks=1240438188&ucis=4&ifi=12&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&psts=AGkb-H_Nk0M6odFiHUJ0RNn9alIogzYM2uVepd54ab6zr1-mSKzppaRsv0d_wlTfdfIur7X2PEy2c3LYkA%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

ce5619c350a87ae309248657602cfec3b177d566a5d9ff020a8d2f8aa4f2e0cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
166 B 529ms
528ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=1313970408373444&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=a%3D%257C251%257C%26iid1%3D3252502759358285%26eid%3D3252502759358285%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1613%26sap%3D1613%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D30%26al%3D1030%26compid%3D0%26tap%3Deslactivity_org-banner-1-3252502759358285%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D260%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%2C12%2C13%2C14%2C15%2C20%2C9%2C10%2C11%2C12%2C13%2C14%2C15%26ax_ssid%3D10082%26lb%3D500%26reqt%3D1631483754815%26hb_bidder%3Donemobile%26hb_adid%3D6431a5ad6a8c3b4%26hb_pb%3D0.00%26hb_format%3Dbanner%26hb_ssid%3D11293%26hb_opt%3D0.00&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483754&dt=1631483754819&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=-9&adys=-9&adks=1628932059&ucis=5&ifi=13&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&psts=AGkb-H_Nk0M6odFiHUJ0RNn9alIogzYM2uVepd54ab6zr1-mSKzppaRsv0d_wlTfdfIur7X2PEy2c3LYkA%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

704d5f9e8c228450eae14a886d5a15b1daee1cb31c91eaf39bc1d7f0069303c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 greenoaks.gif Show response
www.eslactivity.org/detroitchicago/ 0
644 B 77ms
76ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX3ZpZXdwb3J0X2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoiZGlzcGxheV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoiZGlzcGxheV9hZF9kb2NfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6InZpZXdwb3J0X3NpemUiLCJ2YWwiOiIxNjAweDEyMDAifSx7Im5hbWUiOiJ2aWV3cG9ydF9weCIsInZhbCI6IjE5MjAwMDAifSx7Im5hbWUiOiJkb2NfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX2hlaWdodCIsInZhbCI6IjEyMDAifV19XQ==
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJiMzk2MWMxZS0yNzFlLTRkMTAtNzk4OS04ZjZjNmJhYjdjMzYiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ0X2Vwb2NoIjoxNjMxNDgzNzQ2LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX3ZpZXdwb3J0X2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoiZGlzcGxheV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoiZGlzcGxheV9hZF9kb2NfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6InZpZXdwb3J0X3NpemUiLCJ2YWwiOiIxNjAweDEyMDAifSx7Im5hbWUiOiJ2aWV3cG9ydF9weCIsInZhbCI6IjE5MjAwMDAifSx7Im5hbWUiOiJkb2NfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX2hlaWdodCIsInZhbCI6IjEyMDAifV19XQ==
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; __smVID=3a2ec5a9ca158014d8a5e451860bf929f1dc435e3fd784904d4e950616d4f8c8; ezux_lpl_118073=1631483752560|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; aawp-geotargeting=US; _pbjs_userid_consent_data=3524755945110770; cto_bidid=doO2hl96dEtla2pjbjRrZVNZNzJZS041elI4SWtNSnBPcCUyRnYwMW9DdDZnNEFaSFNJQTljZUhCOWhqYiUyRnA3c2NSMVFOeDZ5UzFsZXdGM09tNkR4UzU2RGRaaEElM0QlM0Q; cto_bundle=yOPADl9Qc0pVUW1hWSUyRmV3U0FyZ2NXM0pRMUtkY09yM2dhR0V2Ylp2VXJ4MFVuekZ0M2IzZ3U1cmthMlk1M1prS3hqbzZoaWxHOHkzYm1tOUJyUyUyQjhQJTJCcFFVYTRMdyUyQkx4eXJYeEFzVzdubkd0cHZJRkclMkZtb3pBd1ZNcmw3UWRaeEFCM2M; __smToken=OT9QVe9uQBCzEo0qXHP0MAH3; ezouspvv=1300; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOa%2Ff2abevsg1kUL5jhEOABfylbOzdIVLE9uNtlP%2F85VvgtpK6C0%2BjkA5ByFKckAAz4atRYA2%2BlOl8qHAk%2FuMO66HxYxW8uis%2F9thhG7JjtLOuVSIw8%2FAJqCvcOT3d%2B2lSi8gG8%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc61fbbb734114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:48 UTC

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1752.003-3.025/ 584 KB
187 KB 26ms
26ms Script
application/javascript 104.22.2.144

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1752.003-3.025/ice.js
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: fa859b974c6b616c7c15dd7dbd776a7a3ea469d99c306680b7f22e293b60b84d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

cf-ray: 68dc61fbcb1b27bc-PRG
date: Sun, 12 Sep 2021 21:55:54 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 30 Aug 2021 07:35:34 GMT
server: cloudflare
age: 4275
etag: W/"91e0b-5cac1e0e6891f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Tue, 12 Oct 2021 20:44:39 GMT

GET
H2 200 pbice.js Show response
resources.infolinks.com/js/pbice/3.025/ 279 KB
86 KB 37ms
37ms Script
application/javascript 104.22.2.144

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/pbice/3.025/pbice.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1752.003-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 95efc6a1b0e18636b608c1280049e1e31e5dac2f28c111ae489cea912f8b927b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

cf-ray: 68dc61fc5b9c27bc-PRG
date: Sun, 12 Sep 2021 21:55:54 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 30 Jun 2021 09:40:59 GMT
server: cloudflare
age: 3581
etag: W/"45adc-5c5f8851c3ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Tue, 12 Oct 2021 20:56:13 GMT

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame 1958 8 KB
2 KB 204ms
197ms Document
text/html 104.22.2.144

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1752.003-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 708e9d87164846166df91defc9cf72131635df30f9ad6f7212dfe73483894e5e

Request headers

:method: GET
:authority: router.infolinks.com
:scheme: https
:path: /usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store
p3p: CP="NON DSP NID OUR COR"
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 68dc61fc8bbf27bc-PRG
content-encoding: gzip

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
44 B 197ms
193ms Script
text/plain 104.22.2.144

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1752.003-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 68dc61fc8bc027bc-PRG
content-length: 0

GET
H2 200 gsd Show response
router.infolinks.com/ 325 B
550 B 164ms
161ms Script
text/javascript 104.22.2.144

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/gsd?evt=afterGSD&pid=3301753&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F&jsv=1752.003-3.025&_cb=16314837549570
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1752.003-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c945480c75752b6e8255eaefd83d62064e49bc34550f99b2806612c0e92851a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cache-control: max-age=0
cf-ray: 68dc61fc8bc127bc-PRG
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 doq.htm Show response
rt3027.infolinks.com/action/ 0
456 B 218ms
160ms XHR
text/html 104.22.3.144

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3027.infolinks.com/action/doq.htm?pcode=utf-8&r=16314837551331
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1752.003-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.3.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
cf-cache-status: DYNAMIC
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
content-length: 0
x-application-context: application:prod
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-language: de-DE
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
cf-ray: 68dc61fdfcb5277c-PRG
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
de.tynt.com/deb/ Frame DFEC 75 B
289 B 345ms
110ms Document
text/html 208.100.17.190

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.190 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://router.infolinks.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

cache-control: max-age=86400
expires: Mon, 13 Sep 2021 21:55:55 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Sun, 12 Sep 2021 21:55:55 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 15F7
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

2 KB
3 KB

17ms
17ms

Document
text/html

104.76.200.247

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.76.200.247 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 63937aa7d263b418f26a640e11eecfa7d1c19a2c4b781ecac58b9d9c5f5dfa5e

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://router.infolinks.com/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YT53a7I2kcMZzjKWWWRDxAAA; CMPS=3174
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|230|241|45|156|88|176|41
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1661
Expires: Sun, 12 Sep 2021 21:55:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Connection: keep-alive
Set-Cookie: CMID=YT53a7I2kcMZzjKWWWRDxAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 12 Sep 2022 21:55:55 GMT CMPS=3174;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 11 Dec 2021 21:55:55 GMT CMPRO=1196;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 11 Dec 2021 21:55:55 GMT CMRUM3=58613e776b05a0&b0613e776b05a00&f1613e776b05a0&e6613e776b2760&27613e776b0b40&9c613e776b05a00&2d613e776b05a0&29613e776b05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 12 Sep 2022 21:55:55 GMT CMST=YT53a2E+d2sA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 13 Sep 2021 21:55:55 GMT

Redirect headers

Server: Apache
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Sun, 12 Sep 2021 21:55:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Connection: keep-alive
Set-Cookie: CMID=YT53a7I2kcMZzjKWWWRDxAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 12 Sep 2022 21:55:55 GMT CMPS=3174;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 11 Dec 2021 21:55:55 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame BCB2 2 KB
823 B 9ms
8ms Document
text/html 51.89.9.253

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 -, , ASN (),

Reverse DNS

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=598ce3ddaee8c90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://router.infolinks.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2

200

pbm-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=ODhGNEJBMjItQkEyRS00Nzk3LThDRjktMkRCRjAxQTI3MEE3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
https://router.infolinks.com/dyn/pbm-usync?uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7

0
40 B

187ms
187ms

Image
text/html

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/pbm-usync?uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, private
cf-ray: 68dc620968ec27bc-PRG
content-length: 0
expires: Sat, 12 Sep 2020 21:55:57 GMT

Redirect headers

location: https://router.infolinks.com/dyn/pbm-usync?uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

apn-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
https://router.infolinks.com/dyn/apn-usync?user_id=8031856347569021699

35 B
187 B

198ms
198ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/apn-usync?user_id=8031856347569021699
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc61fe5dae27bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
X-Proxy-Origin: 216.131.114.133; 216.131.114.133; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 653f3438-0da9-47d3-afc3-9d8a45c73bd2
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://router.infolinks.com/dyn/apn-usync?user_id=8031856347569021699
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

VR-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://ups.analytics.yahoo.com/ups/58422/occ
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
https://router.infolinks.com/dyn/VR-usync?uid=y-kwpLqptE2uFI55Y6IxEvZV2nQC626JztXzaJVE0-~A

35 B
210 B

197ms
197ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/VR-usync?uid=y-kwpLqptE2uFI55Y6IxEvZV2nQC626JztXzaJVE0-~A
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc61fe8e3827bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://router.infolinks.com/dyn/VR-usync?uid=y-kwpLqptE2uFI55Y6IxEvZV2nQC626JztXzaJVE0-~A
Connection: keep-alive
Content-Length: 0

GET
H2

200

r1-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://sync.1rx.io/usersync2/infolinks
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=796353402
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=796353402
https://sync.1rx.io/usersync/tradedesk/a30dfa7c-8092-4e07-aa09-48b6d8da3caf
https://sync.targeting.unrulymedia.com/csync/RX-93360887-5ba9-4a90-936e-5719598df51e-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-93360887-5ba9-4a90-936e-5719598df51e-003
https://router.infolinks.com/dyn/r1-usync?uid=RX-93360887-5ba9-4a90-936e-5719598df51e-003

35 B
205 B

200ms
200ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/r1-usync?uid=RX-93360887-5ba9-4a90-936e-5719598df51e-003
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc61ff4ed127bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

location: https://router.infolinks.com/dyn/r1-usync?uid=RX-93360887-5ba9-4a90-936e-5719598df51e-003
date: Sun, 12 Sep 2021 21:55:55 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX933608875ba94a90936e5719598df51e003
content-type: text/html

GET
H2

200

zmn-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
https://router.infolinks.com/dyn/zmn-usync?uid=

35 B
177 B

194ms
194ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc6200382227bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 70
Content-Type: text/html; charset=utf-8

GET
H2

200

sonobi-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D
https://router.infolinks.com/dyn/sonobi-usync?uid=ccd9119e-45a7-4855-89cd-64bf17703f34

35 B
203 B

215ms
215ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/sonobi-usync?uid=ccd9119e-45a7-4855-89cd-64bf17703f34
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc61fe6db627bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://router.infolinks.com/dyn/sonobi-usync?uid=ccd9119e-45a7-4855-89cd-64bf17703f34
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

ca.png
s.cpx.to/ Frame 1958
Redirect Chain

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.eslactivity.org%252F&pid=12306&adnxs_uid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.eslactivity.org%25252F%26pid%3D12306%26adnxs_uid%3D%24UID
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.eslactivity.org%2F&pid=12306&adnxs_uid=8031856347569021699

95 B
945 B

305ms
31ms

Image
image/png

34.243.225.216

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.eslactivity.org%2F&pid=12306&adnxs_uid=8031856347569021699

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.243.225.216 -, , ASN (),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache, no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Sun, 12 Sep 2021 21:55:55 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Sun, 12 Sep 2021 21:55:55 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
X-Proxy-Origin: 216.131.114.133; 216.131.114.133; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b72d07f0-4a0e-4c4d-9379-6d1619d99e10
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.eslactivity.org%2F&pid=12306&adnxs_uid=8031856347569021699
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 1958 42 B
233 B 263ms
84ms Image
image/gif 174.137.133.49

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

200

outh-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP34624711-1414-11ec-92df-02378c853814
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP34624711-1414-11ec-92df-02378c853814&verify=true
https://router.infolinks.com/dyn/outh-usync?uid=y-NbNE88hE2uGCBdqZ6Zg60mpn3fa7sOtm~A~UP34624711-1414-11ec-92df-02378c853814

35 B
234 B

257ms
257ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/outh-usync?uid=y-NbNE88hE2uGCBdqZ6Zg60mpn3fa7sOtm~A~UP34624711-1414-11ec-92df-02378c853814
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc61fe9e3d27bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://router.infolinks.com/dyn/outh-usync?uid=y-NbNE88hE2uGCBdqZ6Zg60mpn3fa7sOtm~A~UP34624711-1414-11ec-92df-02378c853814
Connection: keep-alive
Content-Length: 0

GET
H2

200

enbd-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
https://match.bnmla.com/usersync?dspid=6&uuid=9678B178869347E1AADBDD8E4E838C98
https://router.infolinks.com/dyn/enbd-usync?uid=8074b8b5-b976-48ad-8042-7a13173d02c9

35 B
201 B

198ms
198ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/enbd-usync?uid=8074b8b5-b976-48ad-8042-7a13173d02c9
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc6200684a27bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/enbd-usync?uid=8074b8b5-b976-48ad-8042-7a13173d02c9
Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

sovrn-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
https://router.infolinks.com/dyn/sovrn-usync?uid=4f787d2007f455cf3be4e928

35 B
249 B

187ms
187ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/sovrn-usync?uid=4f787d2007f455cf3be4e928
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc61fdfd1e27bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: nginx
Location: https://router.infolinks.com/dyn/sovrn-usync?uid=4f787d2007f455cf3be4e928
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

pbm-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RThBQTQ1MTktMEFFNy00NzEwLTgxRUEtOTFGRDVDRjJEOUFE&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
https://router.infolinks.com/dyn/pbm-usync?uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7

0
253 B

156ms
156ms

Image
text/html

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/pbm-usync?uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, private
cf-ray: 68dc620968ea27bc-PRG
content-length: 0
expires: Sat, 12 Sep 2020 21:55:57 GMT

Redirect headers

location: https://router.infolinks.com/dyn/pbm-usync?uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 iq-usync
router.infolinks.com/dyn/ Frame 1958 0
35 B 268ms
268ms Image
text/plain 104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/iq-usync
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 68dc61ff8f1927bc-PRG
content-length: 0

GET
H2

200

zeta-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://p.rfihub.com/cm?pub=43153&in=1
https://router.infolinks.com/dyn/zeta-usync?uid=1875819622641186985

35 B
276 B

188ms
188ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zeta-usync?uid=1875819622641186985
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc6200281227bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/zeta-usync?uid=1875819622641186985
Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

33a-usync
router.infolinks.com/dyn/ Frame 1958
Redirect Chain

https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
https://router.infolinks.com/dyn/33a-usync?uid=118675440248857

35 B
208 B

190ms
190ms

Image
image/gif

104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/33a-usync?uid=118675440248857
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3301753&wsid=0&pdom=www.eslactivity.org&purl=https%3A%2F%2Fwww.eslactivity.org%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:56 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc6201e99327bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
referrer-policy: unsafe-url
server: 33XP004
x-33x-status: 20000100000000008200000C
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://router.infolinks.com/dyn/33a-usync?uid=118675440248857
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 15F7 70 B
265 B 75ms
31ms Image
image/gif 76.223.111.131

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 15F7 170 B
188 B 18ms
18ms Image
image/png 74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YT53a7I2kcMZzjKWWWRDxAAABKwAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 15F7
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YT53a7I2kcMZzjKWWWRDxAAABKwAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YT53a7I2kcMZzjKWWWRDxAAABKwAAAAB&dcc=t

43 B
645 B

96ms
96ms

Image
image/gif

209.54.178.82

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YT53a7I2kcMZzjKWWWRDxAAABKwAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.178.82 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: E9VFCDDDG5MBY00VMRQ8
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 16XQHX5JTP9DD9TYE2XP
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YT53a7I2kcMZzjKWWWRDxAAABKwAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15F7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YT53a7I2kcMZzjKWWWRDxAAA

170 B
188 B

16ms
16ms

Image
image/png

74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YT53a7I2kcMZzjKWWWRDxAAA

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YT53a7I2kcMZzjKWWWRDxAAA
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 325
Expires: Sun, 12 Sep 2021 21:55:55 GMT

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 15F7 35 B
380 B 401ms
95ms Image
image/gif 192.132.33.46

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 -, , ASN (),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

X-ServerName: Track004-dc3
Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:06 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 15F7
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YT53awABDxkBIAA6
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YT53awABDxkBIAA6&gdpr=1&_test=YT53awABDxkBIAA6

43 B
990 B

12ms
12ms

Image
image/gif

104.76.200.247

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YT53awABDxkBIAA6&gdpr=1&_test=YT53awABDxkBIAA6
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.76.200.247 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 12 Sep 2021 21:55:55 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1631483755.389304,VS0,VE0
x-served-by: cache-hhn4076-HHN
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YT53awABDxkBIAA6&gdpr=1&_test=YT53awABDxkBIAA6
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 113
match.deepintent.com/usersync/ Frame 15F7 0
44 B 356ms
94ms Image
text/plain 169.197.150.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/113
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 -, , ASN (),
Reverse DNS
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:54 GMT
content-length: 0
server: b

GET
H/1.1 200
OK bridge
cm.adgrx.com/ Frame 15F7 43 B
408 B 60ms
14ms Image
image/gif 173.231.181.122

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.181.122 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:55 GMT
server: Cowboy
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
X-RealServer-NX: ams-delivery-3
Content-Length: 43
Expires: Thu, 23 Sep 2004 17:42:04 GMT

GET
H2 200 ix-usync
router.infolinks.com/dyn/ Frame 15F7 35 B
198 B 193ms
193ms Image
image/gif 104.22.2.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/ix-usync?uid=YT53a7I2kcMZzjKWWWRDxAAA%261196
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 68dc61fe4d8627bc-PRG
content-length: 35
expires: Sat, 12 Sep 2020 21:55:55 GMT

GET
H2 200 publishertag.prebid.105.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 73ms
25ms Script
text/javascript 178.250.2.130

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.105.js
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.130 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 83bcdfa5df8e5f84aa8715b0aefb06e9909b30290843475a0ecc6887650f811f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
content-encoding: gzip
last-modified: Tue, 23 Feb 2021 11:00:30 GMT
server: nginx
etag: W/"6034e04e-14008"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 13 Sep 2021 21:55:55 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 84 KB
27 KB 43ms
16ms XHR
text/javascript 178.250.2.130

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.105.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.130 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 9b34825eb68ebbe49410251b863c07e811c9e406286c7a8f00f88e83d9729c68

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
content-encoding: gzip
last-modified: Thu, 12 Aug 2021 15:58:00 GMT
server: nginx
etag: W/"61154508-14e39"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 13 Sep 2021 21:55:55 GMT

GET
H3 200 army.gif Show response
www.eslactivity.org/porpoiseant/ 0
637 B 35ms
35ms XHR
text/plain 104.21.74.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eslactivity.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo1NTY2NDA4MjcwLCJjcmVhdGl2ZV9pZCI6MTM4MzM0NDAxMTU4LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo1NTY2NDA4MjcwLCJjcmVhdGl2ZV9pZCI6MTM4MzM0NDAxMTU4LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5ODUwNDE5ODEzNzQ1ODgiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MCwiY3JlYXRpdmVfaWQiOjEzODMzNDQwMTE1OCwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNjgifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.eslactivity.org
URL: https://www.eslactivity.org/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1e-2y1d-4y1f-3y32-21y51-1y55-21y59-19&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1ex1dx1fx32x51x55x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.74.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo1NTY2NDA4MjcwLCJjcmVhdGl2ZV9pZCI6MTM4MzM0NDAxMTU4LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMzk4NTA0MTk4MTM3NDU4OCIsImRvbWFpbl9pZCI6IjExODA3MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWVzbGFjdGl2aXR5X29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzMTQ4Mzc0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJVUyIsInBhZ2V2aWV3X2lkIjoiYjM5NjFjMWUtMjcxZS00ZDEwLTc5ODktOGY2YzZiYWI3YzM2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo1NTY2NDA4MjcwLCJjcmVhdGl2ZV9pZCI6MTM4MzM0NDAxMTU4LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjM5ODUwNDE5ODEzNzQ1ODgiLCJkb21haW5faWQiOiIxMTgwNzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1lc2xhY3Rpdml0eV9vcmctbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MzE0ODM3NDYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiVVMiLCJwYWdldmlld19pZCI6ImIzOTYxYzFlLTI3MWUtNGQxMC03OTg5LThmNmM2YmFiN2MzNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NTU2NjQwODI3MCwiY3JlYXRpdmVfaWQiOjEzODMzNDQwMTE1OCwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNjgifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_118073=-1; ezoref_118073=; ezoab_118073=mod1-c; active_template::118073=pub_site.1631483746; ezopvc_118073=1; ezepvv=1090; ezovid_118073=796851360; lp_118073=https://www.eslactivity.org/; ezovuuidtime_118073=1631483746; ezovuuid_118073=09f1e67c-e995-4b6e-65b8-9694948d3b86; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=ebbefe46401a895c809457c0c99e2f92; _dlt=1; __qca=P0-1614549141-1631483747418; _ga=GA1.2.92124532.1631483747; _gid=GA1.2.754323026.1631483747; _gat_gtag_UA_125056220_1=1; ezouspvh=1200; __gads=ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA; __smVID=3a2ec5a9ca158014d8a5e451860bf929f1dc435e3fd784904d4e950616d4f8c8; ezux_lpl_118073=1631483752560|b3961c1e-271e-4d10-7989-8f6c6bab7c36|false; aawp-geotargeting=US; _pbjs_userid_consent_data=3524755945110770; cto_bidid=doO2hl96dEtla2pjbjRrZVNZNzJZS041elI4SWtNSnBPcCUyRnYwMW9DdDZnNEFaSFNJQTljZUhCOWhqYiUyRnA3c2NSMVFOeDZ5UzFsZXdGM09tNkR4UzU2RGRaaEElM0QlM0Q; cto_bundle=yOPADl9Qc0pVUW1hWSUyRmV3U0FyZ2NXM0pRMUtkY09yM2dhR0V2Ylp2VXJ4MFVuekZ0M2IzZ3U1cmthMlk1M1prS3hqbzZoaWxHOHkzYm1tOUJyUyUyQjhQJTJCcFFVYTRMdyUyQkx4eXJYeEFzVzdubkd0cHZJRkclMkZtb3pBd1ZNcmw3UWRaeEFCM2M; __smToken=OT9QVe9uQBCzEo0qXHP0MAH3; ezouspvv=1300; ezouspva=3; logglytrackingsession=43e632b6-bcec-4ce3-ba72-f87be1920466
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.eslactivity.org
referer: https://www.eslactivity.org/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2OZUsEGkk0%2FAXi2JSFTmDjshgiRo4jAJsp5SGQJ90DJTztjrrX7jjVVyUUuEtPUhEfMLK74EZzV5u1D4LzPAdDb%2BxNUvdEhIqJxjxmBjG2it4qhJM%2F6GiBIGLBy0J9qmxBYq4Ic"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 68dc62048cb04114-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
expires: Sat, 11 Sep 2021 21:55:57 UTC

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
166 B 272ms
272ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=4019892350383580&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=3&prev_scp=a%3D%257C3%257C%26iid1%3D690533925349915%26eid%3D690533925349915%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1612%26sap%3D1612%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Deslactivity_org-box-4-690533925349915%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D260%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%2C13%2C14%2C15%2C11%2C12%2C13%2C14%2C15%2C20%2C9%2C10%2C11%2C12%2C13%2C14%2C15%26ax_ssid%3D10082%26lb%3D450%26reqt%3D1631483755306%26hb_bidder%3Donemobile%26hb_adid%3D62b541750962a11%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D11293%26hb_opt%3D0.01&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483756&dt=1631483756312&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=-9&adys=-9&adks=1240438188&ucis=4&ifi=14&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&psts=AGkb-H_Nk0M6odFiHUJ0RNn9alIogzYM2uVepd54ab6zr1-mSKzppaRsv0d_wlTfdfIur7X2PEy2c3LYkA%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

519f382ffd9d3a31f6aaa855d1a609ffa2e1c4cfbadbc1612a77396e42d3f5a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
9 KB 304ms
304ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=2154469886479754&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=3&prev_scp=a%3D%257C251%257C%26iid1%3D3252502759358285%26eid%3D3252502759358285%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1613%26sap%3D1613%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D30%26al%3D1030%26compid%3D0%26tap%3Deslactivity_org-banner-1-3252502759358285%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26br1%3D80%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%2C12%2C13%2C14%2C15%2C20%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C17%2C19%2C20%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C916%2C915%2C874%2C835%26ax_ssid%3D10082%26lb%3D260%26reqt%3D1631483755353%26hb_bidder%3Donemobile%26hb_adid%3D6431a5ad6a8c3b4%26hb_pb%3D0.00%26hb_format%3Dbanner%26hb_ssid%3D11293%26hb_opt%3D0.00&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483756&dt=1631483756357&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=-9&adys=-9&adks=1628932059&ucis=5&ifi=15&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&psts=AGkb-H_Nk0M6odFiHUJ0RNn9alIogzYM2uVepd54ab6zr1-mSKzppaRsv0d_wlTfdfIur7X2PEy2c3LYkA%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

e8184c9461d5e99e5def6d94555391f01b6519302eeb483ac8fb4647e6c72e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9553
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 457.json Show response
id5-sync.com/g/v2/ 213 B
537 B 1067ms
8ms XHR
application/json 51.89.21.10

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/457.json

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.10 -, , ASN (),

Reverse DNS

Software

Resource Hash

1285b83831c2a258a4d4323b613795f9c62586f84c7b4cfaa09011ebef7d9b24

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.eslactivity.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.eslactivity.org
Date: Sun, 12 Sep 2021 21:55:54 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 visitormatch Show response
bh.contextweb.com/ Frame 9028 27 B
497 B 313ms
94ms Document
text/html 198.148.27.140

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 -, , ASN (),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

ec2f44e7dbd2ebb1268ac7e7a0602ec2106bc7fd9da17b9012db81be55cbd485

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: bh.contextweb.com
:scheme: https
:path: /visitormatch
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
cookie: vf=1; V=2EhcwvuKdzb6; wf=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-6f6777ddf8-gl5nv
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: de-DE
content-type: text/html;charset=iso-8859-1
set-cookie: V=;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Sun, 12-Sep-2021 21:55:56 GMT;Max-Age=0;SameSite=None INGRESSCOOKIE=bd7cb74fa74aa499; path=/; HttpOnly; Secure; SameSite=None
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame E28B 2 KB
1 KB 32ms
6ms Document
text/html 104.76.200.247

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.76.200.247 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.eslactivity.org/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 12 Sep 2021 21:55:56 GMT
Content-Length: 1151
Connection: keep-alive

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 2244 14 KB
5 KB 36ms
6ms Document
text/html 104.76.200.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.76.200.201 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=156983
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
cookie: KTPCACOOKIE=YES; SyncRTB3=1632614400%3A220; chkChromeAb67Sec=1; ipc=156872^https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID^1^0; KADUSERCOOKIE=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7; PUBMDCID=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=139480
expires: Tue, 14 Sep 2021 12:40:36 GMT
date: Sun, 12 Sep 2021 21:55:56 GMT
vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame B21D 22 KB
8 KB 52ms
23ms Document
text/html 104.76.200.23

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUBCB617&prvid=2033%2C2030%2C251%2C175%2C132%2C233%2C178%2C3018%2C2028%2C157%2C3017%2C2027%2C3016%2C236%2C214%2C159%2C2025%2C238%2C97%2C99%2C55%2C77%2C56%2C3012%2C3010%2C182%2C262%2C141%2C241%2C222%2C3007%2C223%2C201%2C4%2C246%2C203%2C148%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.76.200.23 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

45ef483801ec883507814c8ce126b8945d67f411179d5663d21084f3537f202b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUBCB617&prvid=2033%2C2030%2C251%2C175%2C132%2C233%2C178%2C3018%2C2028%2C157%2C3017%2C2027%2C3016%2C236%2C214%2C159%2C2025%2C238%2C97%2C99%2C55%2C77%2C56%2C3012%2C3010%2C182%2C262%2C141%2C241%2C222%2C3007%2C223%2C201%2C4%2C246%2C203%2C148%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Wed, 16 Mar 2022 21:55:56 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Tue, 14 Sep 2021 21:55:56 GMT
date: Sun, 12 Sep 2021 21:55:56 GMT
content-length: 8150

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame CA75 2 KB
823 B 8ms
8ms Document
text/html 51.89.9.253

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1631483752981

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 -, , ASN (),

Reverse DNS

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?cb=1631483752981
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eslactivity.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H/1.1 403
Forbidden Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame A60C 0
758 B 17ms
17ms Document
text/html 104.76.200.247

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.eslactivity.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.76.200.247 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YT53a7I2kcMZzjKWWWRDxAAA; CMPS=3174; CMPRO=1196; CMST=YT53a2E+d2sA; CMRUM3=9c613e776b05a00&2d613e776b05a0&29613e776b05a0&58613e776b2760YT53awABDxkBIAA6&b0613e776b05a00&f1613e776b05a0&27613e776b0b40&e6613e776b2760
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html
ETag: "0"
Last-Modified: Fri, 14 May 2021 17:23:37 GMT
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Sun, 12 Sep 2021 21:55:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:56 GMT
Connection: keep-alive
Set-Cookie: CMID=YT53a7I2kcMZzjKWWWRDxAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 12 Sep 2022 21:55:56 GMT CMPS=3174;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 11 Dec 2021 21:55:56 GMT CMPRO=1196;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 11 Dec 2021 21:55:56 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 2244 5 KB
6 KB 487ms
160ms Script
text/html 104.36.113.23

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=92641580&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.23 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15c73cd18915762b640c81bfe3a1435a6c3e0fda0d24535f1949af40445fc7ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 74.125.140.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.eslactivity.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 21:55:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
165 B 263ms
263ms XHR
text/plain 64.233.184.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1928632745933239&correlator=2991579946872940&output=ldjh&impl=fifs&eid=21065724%2C31062297&vrg=2021090701&ptt=17&sc=1&sfv=1-0-38&ecs=20210912&iu_parts=1254144%3A22476021904%2Ceslactivity_org-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=a%3D%257C3%257C%26iid1%3D690533925349915%26eid%3D690533925349915%26t%3D134%26d%3D118073%26t1%3D134%26pvc%3D0%26ap%3D1612%26sap%3D1612%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Deslactivity_org-box-4-690533925349915%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26asau%3D8492401833%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D120%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C168%2C0%2C34%2C0%2C193%2C132%2C20%2C71%2C30%2C192%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C783%2C16%2C13%2C14%2C15%2C11%2C12%2C13%2C14%2C15%2C20%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C17%2C20%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C915%2C874%2C835%26ax_ssid%3D10082%26lb%3D260%26reqt%3D1631483756814%26hb_bidder%3Donemobile%26hb_adid%3D62b541750962a11%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D11293%26hb_opt%3D0.01&eri=1&cookie=ID%3Dbdeeeec8195198bb%3AT%3D1631483747%3AS%3DALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA&bc=31&abxe=1&lmt=1631483756&dt=1631483756818&dlt=1631483747030&idt=253&frm=20&biw=1600&bih=1200&oid=3&adxs=-9&adys=-9&adks=1240438188&ucis=4&ifi=16&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.eslactivity.org%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&psts=AGkb-H_Nk0M6odFiHUJ0RNn9alIogzYM2uVepd54ab6zr1-mSKzppaRsv0d_wlTfdfIur7X2PEy2c3LYkA&ga_vid=92124532.1631483747&ga_sid=1631483747&ga_hid=1221111038&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.184.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f155.1e100.net

Software

cafe /

Resource Hash

8fe3dc511756c23b3f3a4885cccad71ee8bd42f22213e38ee12d210cd6826beb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.eslactivity.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.eslactivity.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 3034
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7

35 B
477 B

16ms
16ms

Document
image/gif

37.157.6.247

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?CC=1&party=14&cid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: C=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 12 Sep 2021 21:55:57 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=2475098794899485673; expires=Thu, 11 Nov 2021 21:55:57 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Sun, 12 Sep 2021 21:55:57 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: C=1; expires=Tue, 12 Oct 2021 21:55:57 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET

redir
rtb-csync.smartadserver.com/ Frame 6441
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGOVowN0NmTzhBQUNGdUNlQ3p6UQ&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAF9Z07CfO8AACFuCeCzzQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%252Cpp%252Cpm%26bee_sy...

0
0

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 5A2D 43 B
334 B 154ms
15ms Document
image/gif 178.250.0.163

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Sun, 12 Sep 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 490156

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 322E 43 B
408 B 13ms
13ms Document
image/gif 173.231.181.122

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.181.122 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Date: Sun, 12 Sep 2021 21:55:56 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-3
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7B6D
Redirect Chain

https://ums.acuityplatform.com/tum?umid=6
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=606854647843

42 B
205 B

159ms
159ms

Document
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=606854647843
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=606854647843
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7; PUBMDCID=1; chkChromeAb67Sec=2; DPSync3=1631491200%3A174%7C1632614400%3A197_201%7C1632009600%3A164; SyncRTB3=1632614400%3A5_166_3_48_56_231_234_54_55_176_189_233_13_71_104_165_204_220_222_22_7_8_99_21%7C1632009600%3A2_15_223_38%7C1632700800%3A35%7C1632268800%3A63%7C1633996800%3A224
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 12 Sep 2021 21:55:56 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_469=8273-606854647843; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 11-Dec-2021 21:55:56 GMT; path=/ PugT=1631483756; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 12-Oct-2021 21:55:56 GMT; path=/ PUBMDCID=1; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 11-Dec-2021 21:55:56 GMT; path=/
x-lat: sfopug012:0:381
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

content-length: 0
access-control-allow-origin: *
set-cookie: auid=606854647843; Domain=.acuityplatform.com; Expires=Mon, 12-Sep-2022 21:55:57 GMT; Path=/; SameSite=None; Secure aum="OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBPXcAKA6omGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAT13ACgOqI90aGlyZFBhcnR5VXNlcklkIfv7hnZlcnNpb27C+w=="; Version=1; Domain=.acuityplatform.com; Max-Age=31536000; Expires=Mon, 12-Sep-2022 21:55:57 GMT; Path=/; SameSite=None; Secure
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=606854647843

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 5229
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
414 B

197ms
177ms

Document
image/gif

104.18.13.5

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.13.5 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: ANON_ID=axnoeUsKBRwFmDqS86d91OtarYMTBBS91eo2sCZds
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sun, 12 Sep 2021 21:55:57 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aons6Eq0I1e9yNy6Qw64BpZaWnUU38ChucwvaqtZbTSZbABUkQVndKUstMNxsdwevmpqcisjhaHaKvHnCVpKZcgn; path=/; domain=.tribalfusion.com; expires=Sat, 11-Dec-2021 21:55:57 GMT; SameSite=None; Secure; ANON_ID_old=aons6Eq0I1e9yNy6Qw64BpZaWnUU38ChucwvaqtZbTSZbABUkQVndKUstMNxsdwevmpqcisjhaHaKvHnCVpKZcgn; path=/; domain=.tribalfusion.com; expires=Sat, 11-Dec-2021 21:55:57 GMT;
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 68dc620acd5f2788-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Sun, 12 Sep 2021 21:55:57 GMT
content-type: text/html
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 9
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=axnoeUsKBRwFmDqS86d91OtarYMTBBS91eo2sCZds; path=/; domain=.tribalfusion.com; expires=Sat, 11-Dec-2021 21:55:57 GMT; SameSite=None; Secure; ANON_ID_old=axnoeUsKBRwFmDqS86d91OtarYMTBBS91eo2sCZds; path=/; domain=.tribalfusion.com; expires=Sat, 11-Dec-2021 21:55:57 GMT;
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 68dc62098bf52788-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1

200
OK

noop Show response
px.owneriq.net/ Frame 86D2
Redirect Chain

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

8ms
8ms

Document
image/gif

88.221.62.154

General

Check archive.org

Show headers Download Go to

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.62.154 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: px.owneriq.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 0
Content-Type: image/gif
Date: Sun, 12 Sep 2021 21:55:57 GMT
Connection: keep-alive

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Sun, 12 Sep 2021 21:55:57 GMT
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7653
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:HhoqhZ181Mpxs95&gdpr=0&gdpr_consent=

42 B
210 B

159ms
159ms

Document
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:HhoqhZ181Mpxs95&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:HhoqhZ181Mpxs95&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7; PUBMDCID=1; chkChromeAb67Sec=2; DPSync3=1631491200%3A174%7C1632614400%3A197_201%7C1632009600%3A164; SyncRTB3=1632614400%3A5_166_3_48_56_231_234_54_55_176_189_233_13_71_104_165_204_220_222_22_7_8_99_21%7C1632009600%3A2_15_223_38%7C1632700800%3A35%7C1632268800%3A63%7C1633996800%3A224
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 12 Sep 2021 21:55:56 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_107=1471-uid:HhoqhZ181Mpxs95; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 11-Dec-2021 21:55:56 GMT; path=/ PugT=1631483756; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 12-Oct-2021 21:55:56 GMT; path=/ PUBMDCID=1; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 11-Dec-2021 21:55:56 GMT; path=/
x-lat: sfopug016:0:396
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Cache-Control: no-cache, must-revalidate
Date: Sun, 12 Sep 2021 21:55:57 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:HhoqhZ181Mpxs95&gdpr=0&gdpr_consent=
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Pragma: no-cache
Server: PingMatch/v2.0.30-675-ga433434#rel-ec2-master i-0ba344ce46fae568e@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Set-Cookie: wfivefivec=HhoqhZ181Mpxs95; Domain=.w55c.net; Expires=Wed, 12-Oct-2022 21:55:57 GMT; Path=/; SameSite=None; Secure matchpubmatic=5; Domain=.w55c.net; Expires=Tue, 12-Oct-2021 21:55:57 GMT; Path=/; SameSite=None; Secure
Strict-Transport-Security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H3

200

pixel Show response
cm.g.doubleclick.net/ Frame 3772
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-93360887-5ba9-4a90-936e-5719598df51e-003&rndcb=5863938416
https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-93360887-5ba9-4a90-936e-5719598df51e-003&rndcb=5863938416
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=c4079583-010e-4bd9-89fd-ebce6d53ca22&google_hm=YzQwNzk1ODMtMDEwZS00YmQ5LTg5ZmQtZWJjZTZkNTNj...

170 B
188 B

17ms
17ms

Document
image/png

74.125.140.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=c4079583-010e-4bd9-89fd-ebce6d53ca22&google_hm=YzQwNzk1ODMtMDEwZS00YmQ5LTg5ZmQtZWJjZTZkNTNjYTIy

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=c4079583-010e-4bd9-89fd-ebce6d53ca22&google_hm=YzQwNzk1ODMtMDEwZS00YmQ5LTg5ZmQtZWJjZTZkNTNjYTIy
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlMcylV3c1YnN5G9bsuWuVm3ROlfjvtX-6qh_968ORTgAOW8_8e6xU8IzJTef4; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

content-type: image/png
date: Sun, 12 Sep 2021 21:55:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

date: Sun, 12 Sep 2021 21:55:57 GMT
content-length: 0
cache-control: no-cache, no-store, must-revalidate
location: //cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=c4079583-010e-4bd9-89fd-ebce6d53ca22&google_hm=YzQwNzk1ODMtMDEwZS00YmQ5LTg5ZmQtZWJjZTZkNTNjYTIy
set-cookie: tuuid=c4079583-010e-4bd9-89fd-ebce6d53ca22; path=/; expires=Mon, 12-Sep-2022 21:55:57 GMT; domain=.bidswitch.net; samesite=none; secure tuuid_lu=1631483757; path=/; expires=Mon, 12-Sep-2022 21:55:57 GMT; domain=.bidswitch.net; samesite=none; secure

GET
H2 200 141 Show response
match.deepintent.com/usersync/ Frame E4AD 0
39 B 97ms
92ms Document
text/plain 169.197.150.8

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 -, , ASN (),
Reverse DNS
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.deepintent.com
:scheme: https
:path: /usersync/141?gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

content-length: 0
date: Sun, 12 Sep 2021 21:55:56 GMT
server: b

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2742
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
88 B

159ms
159ms

Document
text/html

104.36.113.17

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7; PUBMDCID=1; chkChromeAb67Sec=2; DPSync3=1631491200%3A174%7C1632614400%3A197_201%7C1632009600%3A164; SyncRTB3=1632614400%3A5_166_3_48_56_231_234_54_55_176_189_233_13_71_104_165_204_220_222_22_7_8_99_21%7C1632009600%3A2_15_223_38%7C1632700800%3A35%7C1632268800%3A63%7C1633996800%3A224
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 12 Sep 2021 21:55:56 GMT
content-type: text/html; charset=utf-8
x-lat: sfopug011:2:235
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

set-cookie: viewer_token=243cb123-42de-475e-9060-092aa632835c; path=/; domain=csync.loopme.me; Expires=Tue, 12-Oct-2021 21:55:57 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Sun, 12 Sep 2021 21:55:57 GMT
server: _

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame A039
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=41a725a4-5d51-4ed4-87af-5c10295b9285-tuct837fcec&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
148 B

36ms
13ms

Document
text/plain

199.232.137.44

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=41a725a4-5d51-4ed4-87af-5c10295b9285-tuct837fcec&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=41a725a4-5d51-4ed4-87af-5c10295b9285-tuct837fcec&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: t_gid=41a725a4-5d51-4ed4-87af-5c10295b9285-tuct837fcec
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Sun, 12 Sep 2021 21:55:57 GMT
via: 1.1 varnish
x-served-by: cache-hhn11554-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1631483757.035327,VS0,VE8
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=41a725a4-5d51-4ed4-87af-5c10295b9285-tuct837fcec;Version=1;Path=/;Domain=.taboola.com;Expires=Mon, 12-Sep-2022 21:55:56 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=41a725a4-5d51-4ed4-87af-5c10295b9285-tuct837fcec&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Sun, 12 Sep 2021 21:55:57 GMT
via: 1.1 varnish
x-served-by: cache-fra19158-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1631483757.996270,VS0,VE9
x-vcl-time-ms: 9
content-length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D327
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=QMWCWmDeRqt-4SMzBx-2F9iDcoU

42 B
218 B

159ms
159ms

Document
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=QMWCWmDeRqt-4SMzBx-2F9iDcoU
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=QMWCWmDeRqt-4SMzBx-2F9iDcoU
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7; PUBMDCID=1; chkChromeAb67Sec=2; DPSync3=1631491200%3A174%7C1632614400%3A197_201%7C1632009600%3A164; SyncRTB3=1632614400%3A5_166_3_48_56_231_234_54_55_176_189_233_13_71_104_165_204_220_222_22_7_8_99_21%7C1632009600%3A2_15_223_38%7C1632700800%3A35%7C1632268800%3A63%7C1633996800%3A224; SPugT=1631483756; KRTBCOOKIE_218=22978-YT53awABDxkBIAA6&KRTB&23194-YT53awABDxkBIAA6&KRTB&23209-YT53awABDxkBIAA6&KRTB&23244-YT53awABDxkBIAA6; KRTBCOOKIE_377=6810-a30dfa7c-8092-4e07-aa09-48b6d8da3caf&KRTB&22918-a30dfa7c-8092-4e07-aa09-48b6d8da3caf&KRTB&23031-a30dfa7c-8092-4e07-aa09-48b6d8da3caf; KRTBCOOKIE_469=8273-606854647843; KRTBCOOKIE_27=16735-uid:6844613e-776d-4200-988a-ec6052a5dbb6&KRTB&16736-uid:6844613e-776d-4200-988a-ec6052a5dbb6&KRTB&23019-uid:6844613e-776d-4200-988a-ec6052a5dbb6&KRTB&23114-uid:6844613e-776d-4200-988a-ec6052a5dbb6; KRTBCOOKIE_57=22776-8031856347569021699; KRTBCOOKIE_107=1471-uid:HhoqhZ181Mpxs95; KRTBCOOKIE_22=14911-2649585943741526070; KRTBCOOKIE_188=3189-c304d13b-f485-44b3-8a69-bb19bca717fd-613e776d-5553; KRTBCOOKIE_391=22924-2475098794899485673&KRTB&23263-2475098794899485673; KRTBCOOKIE_466=16530-c4079583-010e-4bd9-89fd-ebce6d53ca22; PugT=1631483756
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 12 Sep 2021 21:55:56 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_860=16335-QMWCWmDeRqt-4SMzBx-2F9iDcoU; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 11-Dec-2021 21:55:56 GMT; path=/ PugT=1631483756; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 12-Oct-2021 21:55:56 GMT; path=/ PUBMDCID=1; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 11-Dec-2021 21:55:56 GMT; path=/
x-lat: sfopug004:0:287
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Sun, 12 Sep 2021 21:55:57 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=QMWCWmDeRqt-4SMzBx-2F9iDcoU
Set-Cookie: sa-user-id=s%3A0-40c5825a-60de-46ab-7ee1-2333071fb617.dhZTbQKKCcf%2B5u7AblOdq1fgsiMr6VaDFFD1X9Yrpic; Max-Age=31536000; Secure; SameSite=None sa-user-id-v2=s%3A0-40c5825a-60de-46ab-7ee1-2333071fb617%24ip%24216.131.114.133.ytkasEEaXw5S4QeEt%2FrWrQTl8TzEnsVnPF6B8KowJ5o; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None
Content-Length: 159
Connection: keep-alive

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2244
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iPS6IrouR5eM-S2_AaJwpw%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

6ms
6ms

Image
text/html

104.76.200.201

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.76.200.201 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=139480
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Tue, 14 Sep 2021 12:40:36 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 420486.gif
idsync.rlcdn.com/ Frame 2244 0
66 B 71ms
21ms Image
text/plain 35.244.174.68

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/420486.gif?partner_uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:57 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=bf36613e-776c-4600-b9ef-d9b94133eb8a

0
48 B

159ms
159ms

Image
text/plain

104.36.113.24

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=bf36613e-776c-4600-b9ef-d9b94133eb8a
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.24 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sun, 12 Sep 2021 21:55:56 GMT
Server: MT3 3944 2bcb57b master cdg-pixel-x24 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=bf36613e-776c-4600-b9ef-d9b94133eb8a
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 12 Sep 2021 21:55:55 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&google_error=15

42 B
129 B

161ms
161ms

Image
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&google_error=15
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug019:0:2938
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&google_error=15
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 333
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 2244 43 B
409 B 17ms
13ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sat, 11 Sep 2021 21:55:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2649585943741526070&gdpr=0&gdpr_consent=&us_privacy=

1 B
167 B

159ms
159ms

Image
text/html

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2649585943741526070&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug001:0:496
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2649585943741526070&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a30dfa7c-8092-4e07-aa09-48b6d8da3caf

42 B
372 B

161ms
161ms

Image
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a30dfa7c-8092-4e07-aa09-48b6d8da3caf
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug006:0:2418
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:56 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a30dfa7c-8092-4e07-aa09-48b6d8da3caf
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YT53awABDxkBIAA6&gdpr=0&gdpr_consent=

1 B
410 B

166ms
159ms

Image
text/html

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YT53awABDxkBIAA6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug017:0:421
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:56 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1631483757.973887,VS0,VE0
x-served-by: cache-hhn4076-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YT53awABDxkBIAA6&gdpr=0&gdpr_consent=
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-n83Zf15E2uUqug1Eeg5njEdHNMQ2A_8-~A&gdpr=0&gdpr_consent=

0
128 B

159ms
159ms

Image
text/plain

104.36.113.24

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-n83Zf15E2uUqug1Eeg5njEdHNMQ2A_8-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.24 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sun, 12 Sep 2021 21:55:56 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-n83Zf15E2uUqug1Eeg5njEdHNMQ2A_8-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 88F4BA22-BA2E-4797-8CF9-2DBF01A270A7
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 2244 43 B
921 B 307ms
47ms Image
image/gif 212.82.100.176

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/88F4BA22-BA2E-4797-8CF9-2DBF01A270A7?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.176 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:57 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:6844613e-776d-4200-988a-ec6052a5dbb6&gdpr=0&gdpr_consent=

42 B
341 B

159ms
159ms

Image
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:6844613e-776d-4200-988a-ec6052a5dbb6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug013:0:364
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sun, 12 Sep 2021 21:55:56 GMT
Server: MT3 3944 2bcb57b master cdg-pixel-x29 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:6844613e-776d-4200-988a-ec6052a5dbb6&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 12 Sep 2021 21:55:55 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8031856347569021699&gdpr=0&gdpr_consent=

42 B
209 B

159ms
159ms

Image
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8031856347569021699&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug007:0:462
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:57 GMT
X-Proxy-Origin: 216.131.114.133; 216.131.114.133; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f303de43-6699-4dad-98cb-d9ecec62f885
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8031856347569021699&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 2244 0
104 B 62ms
24ms Image
text/plain 89.207.16.204

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.207.16.204 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:57 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=c304d13b-f485-44b3-8a69-bb19bca717fd-613e776d-5553&gdpr=0&gdpr_consent=

42 B
232 B

225ms
159ms

Image
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=c304d13b-f485-44b3-8a69-bb19bca717fd-613e776d-5553&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug017:0:364
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:56 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=c304d13b-f485-44b3-8a69-bb19bca717fd-613e776d-5553&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=35a17dc4-1414-11ec-88a4-1d112e311b04&gdpr=0&gdpr_consent=

1 B
214 B

159ms
159ms

Image
text/html

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=35a17dc4-1414-11ec-88a4-1d112e311b04&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug003:0:324
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=35a17dc4-1414-11ec-88a4-1d112e311b04&gdpr=0&gdpr_consent=
Date: Sun, 12 Sep 2021 21:55:57 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 35a17dc5-1414-11ec-88a4-1d112e311b04

GET

Pug
image2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=pQ7CeqQIxyy-CZIt8VncfKNelH2-XpN8pFveT-Sb

0
0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://ws.rqtrk.eu/pull?redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D193%26user_id%3D%24BROWSER_ID%26expires%3D1%26ssp%3D%24bidswitch_ssp_id&return-unstable=true&eb=&bidswitch_ssp_id=p...
https://x.bidswitch.net/sync?dsp_id=193&user_id=&expires=1&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c4079583-010e-4bd9-89fd-ebce6d53ca22&gdpr=&gdpr_consent=&gdpr_pd=

1 B
180 B

159ms
159ms

Image
text/html

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c4079583-010e-4bd9-89fd-ebce6d53ca22&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug002:0:346
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c4079583-010e-4bd9-89fd-ebce6d53ca22&gdpr=&gdpr_consent=&gdpr_pd=
date: Sun, 12 Sep 2021 21:55:57 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B341_E350EFA0_14EBFAAAD&r=https://pmp.mxptint.net/sn.ashx?ak=1

0
0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2475098794899485673

42 B
313 B

159ms
159ms

Image
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2475098794899485673
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:55 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug001:0:377
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 21:55:57 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2475098794899485673
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_5c8ebf1b-849a-4f3b-914d-876fce6ad3d0

42 B
224 B

159ms
159ms

Image
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_5c8ebf1b-849a-4f3b-914d-876fce6ad3d0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:56 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug005:0:550
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_5c8ebf1b-849a-4f3b-914d-876fce6ad3d0
date: Sun, 12 Sep 2021 21:55:57 GMT
p3p: CP="This is not a P3P policy"
server: nginx
timing-allow-origin: *
content-length: 0
content-language: de-DE

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2244
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8031856347569021699

42 B
186 B

159ms
159ms

Image
image/gif

104.36.113.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8031856347569021699
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156983
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.17 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:57 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug007:0:359
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 21:55:57 GMT
X-Proxy-Origin: 216.131.114.133; 216.131.114.133; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 0be70418-c377-46a3-9369-a19ca417595a
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8031856347569021699
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rtb-csync.smartadserver.com
URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAF9Z07CfO8AACFuCeCzzQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%252Cpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID

Domain: image2.pubmatic.com
URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=pQ7CeqQIxyy-CZIt8VncfKNelH2-XpN8pFveT-Sb

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B341_E350EFA0_14EBFAAAD&r=https://pmp.mxptint.net/sn.ashx?ak=1

Verdicts & Comments Add Verdict or Comment

221 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.eslactivity.org/	1970-01-19 21:11:25	Name: ezoadgid_118073 Value: -1
.eslactivity.org/	1970-01-19 21:11:30	Name: ezoref_118073 Value:
.eslactivity.org/	1970-01-19 21:11:30	Name: ezoab_118073 Value: mod1-c
.eslactivity.org/	1970-01-19 21:14:16	Name: active_template::118073 Value: pub_site.1631483746
.eslactivity.org/	1970-01-19 21:11:25	Name: ezopvc_118073 Value: 1
.eslactivity.org/	1970-01-19 21:12:50	Name: ezepvv Value: 1090
.eslactivity.org/	1970-01-19 21:11:25	Name: ezovid_118073 Value: 796851360
.eslactivity.org/	1970-01-19 21:11:25	Name: lp_118073 Value: https://www.eslactivity.org/
.eslactivity.org/	1970-01-19 21:14:16	Name: ezovuuidtime_118073 Value: 1631483746
.eslactivity.org/	1970-01-19 21:11:25	Name: ezovuuid_118073 Value: 09f1e67c-e995-4b6e-65b8-9694948d3b86
.eslactivity.org/	1970-01-20 05:56:59	Name: ezCMPCCS Value: true
www.eslactivity.org/	1970-01-22 10:30:35	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
www.eslactivity.org/	1970-01-22 10:30:35	Name: ezohw Value: w%3D1600%2Ch%3D1200
.g.ezoic.net/	1970-01-20 14:42:35	Name: ezosuigeneris Value: ebbefe46401a895c809457c0c99e2f92
.eslactivity.org/	1970-01-20 14:42:35	Name: ezosuigeneris Value: ebbefe46401a895c809457c0c99e2f92
.eslactivity.org/	1969-12-31 23:59:59	Name: _dlt Value: 1
.quantserve.com/	1970-01-20 06:41:38	Name: mc Value: 613e7763-6c2bf-c0aeb-abc7d
.eslactivity.org/	1970-01-20 06:35:52	Name: __qca Value: P0-1614549141-1631483747418
.eslactivity.org/	1970-01-20 14:42:35	Name: _ga Value: GA1.2.92124532.1631483747
.eslactivity.org/	1970-01-19 21:12:50	Name: _gid Value: GA1.2.754323026.1631483747
.eslactivity.org/	1970-01-19 21:11:23	Name: _gat_gtag_UA_125056220_1 Value: 1
www.eslactivity.org/	1970-01-20 05:56:59	Name: ezux_lpl_118073 Value: 1631483747486\|b3961c1e-271e-4d10-7989-8f6c6bab7c36\|false
www.eslactivity.org/	1969-12-31 23:59:59	Name: ezouspvv Value: 1200
www.eslactivity.org/	1969-12-31 23:59:59	Name: ezouspvh Value: 1200
.doubleclick.net/	1970-01-20 14:42:35	Name: IDE Value: AHWqTUlMcylV3c1YnN5G9bsuWuVm3ROlfjvtX-6qh_968ORTgAOW8_8e6xU8IzJTef4
.eslactivity.org/	1970-01-20 06:32:59	Name: __gads Value: ID=bdeeeec8195198bb:T=1631483747:S=ALNI_MbbOPaoGYCE9PMCvq4FFncjIbJQSA
www.eslactivity.org/	1969-12-31 23:59:59	Name: ezouspva Value: 2
.doubleclick.net/	1970-01-19 21:11:27	Name: DSID Value: NO_DATA
.lijit.com/	1970-01-20 05:56:59	Name: ljt_reader Value: 4f787d2007f455cf3be4e928
.simpli.fi/	1970-01-20 05:58:26	Name: suid Value: 9678B178869347E1AADBDD8E4E838C98
.adfarm1.adition.com/	1970-01-19 23:20:59	Name: UserID1 Value: 7007169345913616534
.1rx.io/	1970-01-20 05:56:59	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-93360887-5ba9-4a90-936e-5719598df51e-003%22%7D
.targeting.unrulymedia.com/	1970-01-20 05:56:59	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-93360887-5ba9-4a90-936e-5719598df51e-003%22%7D
.c.appier.net/	1970-01-20 05:56:59	Name: _auid Value: 14H4uSEYAVmRMbNoZXc-YQ
.c.appier.net/	1970-01-19 21:54:35	Name: _gu Value: CAESEJdT6YJv-xsJBBTkuxoSccs

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.eslactivity.org/images/bg.png?ezimgfmt=ng%3Awebp%2Fngcb3 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://www.eslactivity.org/ Message: The resource https://www.eslactivity.org/images/bg.png?ezimgfmt=ng%3Awebp%2Fngcb3 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.eslactivity.org/ Message: The resource https://go.ezodn.com/hb/dall.js?b=criteo,ix,medianet,onemobile,onetag,pubmatic,pubmatic,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-27 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090701.js(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.eslactivity.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://idsync.rlcdn.com/420486.gif?partner_uid=88F4BA22-BA2E-4797-8CF9-2DBF01A270A7 Message: Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7dd641422af728eac3561f686d3bf383.safeframe.googlesyndication.com
a.c.appier.net
a.tribalfusion.com
ad.turn.com
ads.playground.xyz
ads.pubmatic.com
adservice.google.com
ap.lijit.com
b1sync.zemanta.com
bh.contextweb.com
bid.contextweb.com
bid.g.doubleclick.net
bidder.criteo.com
btlr.sharethrough.com
bttrack.com
c.eu1.dyntrk.com
c1.adform.net
c2shb.ssp.yahoo.com
cc.adingo.jp
cm.adgrx.com
cm.g.doubleclick.net
contextual.media.net
csi.gstatic.com
csync.loopme.me
de.tynt.com
dis.criteo.com
dsp.adfarm1.adition.com
dsp.adkernel.com
dsum-sec.casalemedia.com
eslactivity.org
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
geolocation-db.com
go.ezodn.com
go.ezoic.net
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
js-sec.indexww.com
load.sumo.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.taboola.com
micro-cdn.sumo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pb-server.ezoic.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.quantserve.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.media.net
pubmatic-match.dotomi.com
px.owneriq.net
resources.infolinks.com
router.infolinks.com
rt3027.infolinks.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rules.quantcount.com
s.amazon-adsystem.com
s.cpx.to
s.tribalfusion.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
sf.ezoiccdn.com
simage2.pubmatic.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
static.criteo.net
sumo.com
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
tag.1rx.io
tpc.googlesyndication.com
trc.taboola.com
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
ws.rqtrk.eu
www.eslactivity.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
image2.pubmatic.com
rtb-csync.smartadserver.com
simage2.pubmatic.com
104.18.13.5
104.21.73.110
104.21.74.148
104.22.2.144
104.22.3.144
104.36.113.17
104.36.113.23
104.36.113.24
104.36.113.35
104.76.200.201
104.76.200.23
104.76.200.247
108.177.15.132
13.32.22.109
135.125.160.77
139.162.58.205
143.204.207.111
151.101.114.49
151.101.13.44
154.59.122.79
159.253.128.188
159.89.102.253
162.55.6.212
169.197.150.8
173.194.76.157
173.231.181.122
174.137.133.49
178.162.133.149
178.250.0.157
178.250.0.163
178.250.2.130
178.250.2.131
18.156.0.31
18.156.195.47
185.29.134.248
185.33.221.15
185.33.221.88
192.132.33.46
193.0.160.128
198.148.27.134
198.148.27.140
199.232.137.44
204.237.133.116
208.100.17.190
209.54.178.82
212.82.100.176
213.19.147.42
213.19.147.45
216.239.32.3
23.22.239.72
23.37.38.181
3.115.67.144
3.123.143.157
3.64.77.7
3.66.136.156
34.107.148.139
34.243.225.216
34.251.173.19
34.98.107.212
35.157.177.200
35.157.23.185
35.244.174.68
37.157.6.247
38.27.122.158
46.228.164.11
51.75.146.161
51.89.21.10
51.89.9.253
52.222.158.21
52.222.158.9
52.34.133.113
54.87.192.123
64.202.112.95
64.233.166.132
64.233.184.138
64.233.184.155
64.233.184.97
66.102.1.154
66.102.1.94
66.155.71.149
67.202.105.21
72.251.249.9
74.125.133.106
74.125.133.95
74.125.140.154
74.125.140.155
74.125.140.157
74.125.140.95
74.125.71.157
76.223.111.131
85.114.159.93
88.221.62.154
89.187.169.47
89.207.16.204
91.228.74.133
036309cb21b0740e8d6c08eeac674efa09a130453d51d1213370b92ea28cd65f
04d8fceacc9abcaebceff53cfb8cce58aa38bc70439f080db0d991e04a1e3574
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
05b8ccd1bea213958e9c043d48c63ce23e73054d515d601fd24effa8ce1c7299
091d25fe4d01ee6fb81ac7e60614d2fb70c7c2aaf56acba4bb107c45ae5634d2
0aebcd38397f33a5e7c8d39dd1dcb0eb19618cd23cd430a535c9e8666542c815
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d285670abc42058dce9cd3cf01685cad860ef59ac0b1df07f583f26bb4dc4c2
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
101b3f10d740ff5ad07a1fe651138f5d82cc91fb8bbd5f6fdb4dbb513cd2c8e2
110ae568f2e30c7b0b34089d74e66abb1796ad9d9f6c5813e26f22de7eb9c1b8
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
1285b83831c2a258a4d4323b613795f9c62586f84c7b4cfaa09011ebef7d9b24
14375082f18c8501a36b803a80a3489476d037a97867ffa2a1aae1b65df4fa57
15c73cd18915762b640c81bfe3a1435a6c3e0fda0d24535f1949af40445fc7ef
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1b6abcd01d2337e70b8fdde5a150175d2d4a3231d464e25b9cbdb5bac2bfcd2c
1e2cbb79672e3641293b4f1acab798d4abad59e6097fbad0964af960a9585c73
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
22ef0fab316505afd116cd06ee42770798c60a9c3ca0a8581f98377b85198095
243d13f51a121b03af49b88c51c4dbcd2cfcea5fc494599471763cf89b990ce5
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
268eeeaa1051319d993f8c54254be0ced49f752a848dd74cfdcd30995803cb28
2b223c3e63eb2dbec436d1732f82e501b41cb56a6d8d4365ab714b1a31ab0e88
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e08c25e8793291f91e03d929d125cc24a4b8203b4872c2afceacf5ce8739b7c
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
34bf11f6093496f2c2b632bed86364f768feb5bf06690a64cd0b9ee3832211cf
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
3739075617d9fac0bf7accb8708f8c11c8ab3e3ac0c3a65614c73c8fb068c751
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
380e2d413fd0a920eb7146ffc14c4fa32efc47eff373638b0e4b935dfc1f9720
391bab3a29044118010924707eab52fcba1078d0f6bcf437ca7102df3200ab6f
398b4849b670aa5659a8fe1d8a925591d3c581176db6313a9ef7208d77310ede
3b3b8eef8b98faaafd592e4ffe1723831862017715ac0a716f56a9750dfc37a1
3b6d7072817e1fa92f8068125284235645845ed1db3710cb1ee3227cd3bb2339
3d7485ea8fd6813615d78f79562a622ea41a64a6216f8c7eb0128024a2f3de9a
3df712b94b9ab0cb41bedcace4da28a68f13822d61df80f2e5fe1c9f49049c09
3e4eeb78b3f84408b1ffea0201f867f5fcfe8d489abb300f749eedba7d57ffc9
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
41b0cbbb5821972f1d4af16883ecbdf8b6e51b2f44dfe71bbdf1614c832a806b
42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53
45ef483801ec883507814c8ce126b8945d67f411179d5663d21084f3537f202b
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
4a6adebcc057c7bf12ac6fed0388fd970f17198396c911aa89bb8e9417a31006
4a813e1cf51a9ae7ee86be634312b025bc9f6b1a825308c717dcc9b43c0ce25a
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e149aabe93fb5bf86c5bc63989f26cc718b94e14554e54cc6696f549da459dc
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
519f382ffd9d3a31f6aaa855d1a609ffa2e1c4cfbadbc1612a77396e42d3f5a9
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
5c086c83715aa5eff9f5b62589f7cbd656232fde0464b5eac6ae9291e95f7dea
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c6ad4c01974171b5f5ba0353d422ba76768b384cfa0b653fb08ffe9deb19673
5c8a96264597d3c45a3a1666ed9e495cb0f49805d5bf26d7aab2db2399a3e0dd
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
5d2cfdf46351e2430a4882ade5135f3f922fd354f63bb02b226967c3b894b3d3
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
613d6bc3b776a6f38a7b3592c3a502e88d5d8d3b9f54bb4ad9002b318fa432ba
63937aa7d263b418f26a640e11eecfa7d1c19a2c4b781ecac58b9d9c5f5dfa5e
6497e5d7b6a70f40c6cf72e855f06b4d3ba0235ad9c8cf61e0dc72cedf4715a0
697d644ccaabb9a1e27262b150d0c758ad7f087d20f30083eb91f9aace4d7a09
6a8f8c9b9fce40401070cb89122e3ecde261196171394c067e0bd1a426ed57c8
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c7a7e0de859cf35f40448fd8e2e2c10973d9d1dd0e71dbac23985c02703c608
6c945480c75752b6e8255eaefd83d62064e49bc34550f99b2806612c0e92851a
6d97d83108d09d96f0bac00aecbed70ae15d567422acb36cb8ff2004e9628b60
704d5f9e8c228450eae14a886d5a15b1daee1cb31c91eaf39bc1d7f0069303c6
708e9d87164846166df91defc9cf72131635df30f9ad6f7212dfe73483894e5e
7095dcf04504716b0978275ecf2747212e7481d87cf42438edc18a4cfabc2faa
717212e6ee6ca732830c1b60abaa460bd7b448e2b712bf219a6d8762cbe77535
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
7371660bc165dcb561da1a896e5dd656e43871cb9ae22471beab98ed49be73b1
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
73f0eeb77f6d25bc6b00923c1de1301babbf46455ddda16cf1d4ea36e8868ae2
74696de7db3cfc983f841facfdca75dbf4c114af467b05e23fe6d95694cab0fa
75354b56690f6df16b081585d5731ab2548528e8e10d792babd079834a9740b4
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
77fb9fb42e5ca1801314b281ccc3f88cb728c0c9a8b354842fdacbab6bce83fa
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
81b16fd53c47bf9fa331391b9a29ae92eaddcb487e1ef760797a7ede05492887
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83bcdfa5df8e5f84aa8715b0aefb06e9909b30290843475a0ecc6887650f811f
870b28af427b5cc83fea81f66b06e6f967f73f85fa3ea4eccda0dad9febb259a
8826a7fb8727405ff5cfcc64823ef78fc108bfe127f8bef2daf24ac0e7e6866e
88c1e3816a68c706ed64ebcd5f488218401ac27ccf31a8e6b091584f66089d07
8a4563f2f82f168d39bde9e3a413b7d4162a657fe25d657f1e18663f719240cb
8a53fe51b3dc43b563a714198aa1cd13ee455a0d1bb977b8d864c0bfd8905025
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8fe3dc511756c23b3f3a4885cccad71ee8bd42f22213e38ee12d210cd6826beb
93a81e4b76f70cfaf8e05eae272f373e0ec6ea7eedc65a08ce97a782a9f17b95
95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810
95efc6a1b0e18636b608c1280049e1e31e5dac2f28c111ae489cea912f8b927b
963baee209f295e1df6e581c9962b5d93abb8e95ec1ebddd147105bf471b9322
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b34825eb68ebbe49410251b863c07e811c9e406286c7a8f00f88e83d9729c68
9cb7411a5b1db84ba9b9568c211ccaf8a34c8bfa386c7253888f82bc9750055a
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3c7ee1296179d8896272e3b0e05b800eb7852c93ece1a5318d2fe08d4eb9e92
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aabe0a1289af95490826f7c9d04dcdb59736ec069a6c794a82e4f808c69ea70e
ac8d2f2be577b89fdbd26a497ece0c0bc127dd2ed5676119e0055b62e4daf48e
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b25347768fa0bbaf1c159ae73a9054f550c973770a58620fe32cd34114e0e747
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b9eed48a68c7908209d36fc554a5952d21964c8d365d83818381a3cc202e02da
bc0fefee2a079504332404e345a34d07deb6cde64dfe9becee4fff7a12e748ce
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c0329f635aaddae39f7e692fcf0d22e887482777681b1270e0fbf4bce90187dd
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c237f7d584dc8820bb04467d8c928d2091a943ae05113d544f052d0a0741b023
c43212700772248a44755e84a6f92ce5046c05472b59beae6e7664cc45ca4394
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc4cb1016499eb5d88379d9cdf358b0083b7c1b80f00889ce86649a88c746e10
ce5619c350a87ae309248657602cfec3b177d566a5d9ff020a8d2f8aa4f2e0cd
cf1423b729730a3bdd26d9bd8723fa1a022b2c90c24ef7efb6579580941eab10
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfae1836e960b80fc6e22941a3bc4c428f233e1eb3b9b4d1e45302236f66ab95
d34b8c6d9b727729c03059d4edae8f9b47b911293e7307098d963c49e67d05e6
d3a57eeb0081ec7971666ef23ce17d53bf1b384680350db3c8134f41ba6e10e1
d4ab40913e42197d665b5a038ab417d5b20c8ebfecdfa52573a366b489bea263
d694074b9d8d5e6c65359ed1c76732af149a49ef0d74b00e5d21e814cec7b65a
d77c8636e7131d17157d91e24c730940324d540b7dfc1caf1e065e997751b92b
d8282c6a4c6ca3d158d75674d00345a50cee1cef971be4017cf4d15be8428f1c
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
df0d4d3bdcc8e00b7b9369179ba808576146fa502009caa7c33f4680cbded24f
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45818350fb6700935c0dce924d8317b166845c5516bc391a1dbda39203f143a
e763b1504bc74af992faca17d0cfedb7a443c7555eb9b6eeed97563f7e0145c1
e8184c9461d5e99e5def6d94555391f01b6519302eeb483ac8fb4647e6c72e51
e827304636e3d6a3cf282d69a86d9fbd52c2f4c14088fc949aee215c3aa683a2
eb79f1d707ed83a547391fad893ed26d403fb605d037db2351ff9dfc9a449d37
ec2f44e7dbd2ebb1268ac7e7a0602ec2106bc7fd9da17b9012db81be55cbd485
ec476360a0ab6a94e3b29fd399796fae6e47d4e3617f93e4152a8c68b0ef0989
ee22f683394ec9d609b8c7b90e446dc4fde1cdcf0895322f7004078b5d3ed549
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd71524bcffdd2f2a5854f34f1f9d2e867aea3566829b200fc8d58b6ddfbc9f
f11599f88d95335f3ccaf938ca1fa176e8b36e85887583fd9957517a67d38aaa
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f5f30c8ec6448e3f08c56351cae9cb846381e05f2686561fdc279a3705ad3683
fa859b974c6b616c7c15dd7dbd776a7a3ea469d99c306680b7f22e293b60b84d
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fda625550c4655fe0a08c5a57d980eb29fce43981e72bca22024895a9f9b2068
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

www.eslactivity.org Open in urlscan Pro 104.21.74.148 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

276 Requests

99 %HTTPS

0 %IPv6

72 Domains

106 Subdomains

68 IPs

8 Countries

2031 kBTransfer

6609 kBSize

35 Cookies

20 Outgoing links

Page URL History

Redirected requests

276 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.eslactivity.org Open in urlscan Pro
104.21.74.148 Public Scan

Screenshot
Live screenshot

Full Image

276
Requests

99 %
HTTPS

0 %
IPv6

72
Domains

106
Subdomains

68
IPs

8
Countries

2031 kB
Transfer

6609 kB
Size

35
Cookies

276 HTTP transactions
13 data transactions