ww3.read7deadlysins.com Open in urlscan Pro
2606:4700:3038::6815:eb94 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ww2.read7deadlysins.com/
Effective URL:
https://ww3.read7deadlysins.com/
Submission Tags: falconsandbox
Submission: On May 25 via api (May 25th 2021, 2:47:29 am UTC) from US

Summary HTTP 462 Redirects Links 44 Behaviour Indicators

Summary

This website contacted 96 IPs in 11 countries across 90 domains to perform 462 HTTP transactions. The main IP is 2606:4700:3038::6815:eb94, located in United States and belongs to CLOUDFLARENET, US. The main domain is ww3.read7deadlysins.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 25th 2020. Valid for: a year.

This is the only time ww3.read7deadlysins.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3038::6815:eb94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	2606:4700:303... 2606:4700:3038::6815:eb93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:a723	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:20:... 2606:4700:20::ac43:4a24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 11	2606:4700:20:... 2606:4700:20::681a:fee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	13.225.74.55 13.225.74.55	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
7 13	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
9	2606:4700:20:... 2606:4700:20::ac43:49e4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	184.24.15.122 184.24.15.122	16625 (AKAMAI-AS) (AKAMAI-AS)
4	151.139.241.23 151.139.241.23	33438 (HIGHWINDS2) (HIGHWINDS2)
40	37.157.6.235 37.157.6.235	198622 (ADFORM) (ADFORM)
2 4	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2.16.186.113 2.16.186.113	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	145.239.193.145 145.239.193.145	16276 (OVH) (OVH)
1 1	185.86.137.32 185.86.137.32	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.38.64.100 54.38.64.100	16276 (OVH) (OVH)
3	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	145.239.193.51 145.239.193.51	16276 (OVH) (OVH)
2	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
26	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1	54.246.143.132 54.246.143.132	16509 (AMAZON-02) (AMAZON-02)
1	52.222.161.210 52.222.161.210	16509 (AMAZON-02) (AMAZON-02)
3 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	213.19.162.41 213.19.162.41	26667 (RUBICONPR...) (RUBICONPROJECT)
10	104.19.132.80 104.19.132.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	199.187.193.140 199.187.193.140	47043 (SMARTADSE...) (SMARTADSERVER)
1	2600:9000:218... 2600:9000:218e:ce00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
8 11	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
7	54.194.137.128 54.194.137.128	16509 (AMAZON-02) (AMAZON-02)
18 31	185.33.220.241 185.33.220.241	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	18.203.106.177 18.203.106.177	16509 (AMAZON-02) (AMAZON-02)
2 2	3.120.52.200 3.120.52.200	16509 (AMAZON-02) (AMAZON-02)
2 2	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
10	2606:4700:303... 2606:4700:3032::ac43:9028	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 60	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
2	185.33.221.11 185.33.221.11	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:3::621 2a04:4e42:3::621	54113 (FASTLY) (FASTLY)
1	2606:4700:20:... 2606:4700:20::ac43:4597	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:5c::6	15169 (GOOGLE) (GOOGLE)
4 4	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	185.86.137.132 185.86.137.132	201081 (SMARTADSE...) (SMARTADSERVER)
4 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	3.126.30.34 3.126.30.34	16509 (AMAZON-02) (AMAZON-02)
10	185.86.139.95 185.86.139.95	201081 (SMARTADSE...) (SMARTADSERVER)
10	213.19.162.31 213.19.162.31	3356 (LEVEL3) (LEVEL3)
1	54.217.252.120 54.217.252.120	16509 (AMAZON-02) (AMAZON-02)
21 25	3.124.165.65 3.124.165.65	16509 (AMAZON-02) (AMAZON-02)
2 2	3.123.96.39 3.123.96.39	16509 (AMAZON-02) (AMAZON-02)
26	37.157.6.251 37.157.6.251	198622 (ADFORM) (ADFORM)
10 10	159.65.196.12 159.65.196.12	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
20	54.195.253.131 54.195.253.131	16509 (AMAZON-02) (AMAZON-02)
2 2	185.29.133.208 185.29.133.208	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	51.68.39.188 51.68.39.188	16276 (OVH) (OVH)
2	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	35.210.53.219 35.210.53.219	15169 (GOOGLE) (GOOGLE)
3 3	154.59.122.79 154.59.122.79	174 (COGENT-174) (COGENT-174)
5	104.22.72.85 104.22.72.85	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
24	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.19.138.80 104.19.138.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2602:803:c003... 2602:803:c003:200::57	26667 (RUBICONPR...) (RUBICONPROJECT)
4	2606:4700:303... 2606:4700:3032::ac43:aa7a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
4 8	46.105.199.182 46.105.199.182	16276 (OVH) (OVH)
4	46.105.198.150 46.105.198.150	16276 (OVH) (OVH)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
4 4	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1 15	2606:4700:20:... 2606:4700:20::ac43:47f1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 7	136.144.59.88 136.144.59.88	54825 (PACKET) (PACKET)
2 4	46.249.52.248 46.249.52.248	50673 (SERVERIUS-AS) (SERVERIUS-AS)
2	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 3	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
2	5.178.65.246 5.178.65.246	50673 (SERVERIUS-AS) (SERVERIUS-AS)
4 4	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 3	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
1	2607:ae80:5::48 2607:ae80:5::48	26558 (FREEWHEEL) (FREEWHEEL)
2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	2a05:d018:24:... 2a05:d018:24:b002:28a5:2c7e:9fea:57ab	16509 (AMAZON-02) (AMAZON-02)
1	18.198.126.47 18.198.126.47	16509 (AMAZON-02) (AMAZON-02)
1 1	151.1.205.165 151.1.205.165	3242 (ASN-ITNET) (ASN-ITNET)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	35.201.81.244 35.201.81.244	15169 (GOOGLE) (GOOGLE)
1	89.163.159.108 89.163.159.108	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	54.171.173.220 54.171.173.220	16509 (AMAZON-02) (AMAZON-02)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2	52.30.251.90 52.30.251.90	16509 (AMAZON-02) (AMAZON-02)
1	168.119.149.178 168.119.149.178	24940 (HETZNER-AS) (HETZNER-AS)
1 1	35.172.143.213 35.172.143.213	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.95.124.170 52.95.124.170	16509 (AMAZON-02) (AMAZON-02)
1 1	23.45.99.241 23.45.99.241	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.249.223.226 34.249.223.226	16509 (AMAZON-02) (AMAZON-02)
3 4	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2 2	3.126.63.176 3.126.63.176	16509 (AMAZON-02) (AMAZON-02)
2 2	188.42.196.115 188.42.196.115	7979 (SERVERS-COM) (SERVERS-COM)
1 1	35.170.124.134 35.170.124.134	14618 (AMAZON-AES) (AMAZON-AES)
2	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	208.100.17.178 208.100.17.178	32748 (STEADFAST) (STEADFAST)
2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	72.21.206.140 72.21.206.140	16509 (AMAZON-02) (AMAZON-02)
2 2	18.158.226.176 18.158.226.176	16509 (AMAZON-02) (AMAZON-02)
1	37.157.2.239 37.157.2.239	198622 (ADFORM) (ADFORM)
462	96

2 2606:4700:3038::6815:eb94 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ww2.read7deadlysins.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ww3.read7deadlysins.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3038::6815:eb93 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ww3.read7deadlysins.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a723 (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::ac43:4a24 (United States)

ASN13335 (CLOUDFLARENET, US)

platform.bidgear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imp9.bidgear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:20::681a:fee (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

services.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tag.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
logs.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
media.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 13.225.74.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-74-55.fra2.r.cloudfront.net

runwaff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.186.130 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:20::ac43:49e4 (United States)

ASN13335 (CLOUDFLARENET, US)

hb.adpone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.24.15.122 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-15-122.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.241.23 (United States)

ASN33438 (HIGHWINDS2, US)

ads.themoneytizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 37.157.6.235 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.87 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.113 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-113.deploy.static.akamaitechnologies.com

ced.sascdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:6c00::210:ba19 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ads.projectagoraservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.145 (France)

ASN16276 (OVH, FR)

g.themoneytizer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.32 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ww1097.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba0b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ced-ns.sascdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.38.64.100 (France)

ASN16276 (OVH, FR)

c.tmyzer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.51 (France)

ASN16276 (OVH, FR)

tag.leadplace.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:f916:5049:f87f:108e (United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.143.132 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-143-132.eu-west-1.compute.amazonaws.com

p.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.161.210 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-161-210.cdg52.r.cloudfront.net

d2zur9cc2gf1tx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

eaba349be3b6f4320e8ae22a47a1221f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.162.41 (United Kingdom)

ASN26667 (RUBICONPROJECT, US)

smarttag.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.19.132.80 (United States)

ASN13335 (CLOUDFLARENET, US)

jsc.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-img.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.187.193.140 (Canada)

ASN47043 (SMARTADSERVER, CA)

www5.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218e:ce00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 76.223.111.131 (United States) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 54.194.137.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-137-128.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 185.33.220.241 (Amsterdam, Netherlands) 18 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.203.106.177 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.52.200 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3032::ac43:9028 (United States)

ASN13335 (CLOUDFLARENET, US)

projectagora.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

60 37.157.2.234 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.11 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ams1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4597 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

redirector.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:5c::6 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r1---sn-4g5e6ns7.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.110 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.132 (France) 2 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.30.34 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-30-34.eu-central-1.compute.amazonaws.com

pool.grid-data.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.86.139.95 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 213.19.162.31 (United Kingdom)

ASN3356 (LEVEL3, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.217.252.120 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

adtrack.adleadevent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 3.124.165.65 (Frankfurt am Main, Germany) 21 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.96.39 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 37.157.6.251 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 159.65.196.12 (Amsterdam, Netherlands) 10 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 54.195.253.131 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com

projectagora-483829-hdb.adomik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.133.208 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.68.39.188 (France) 1 redirects

ASN16276 (OVH, FR)

dsp.nrich.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

crcdn01.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 154.59.122.79 (United States) 3 redirects

ASN174 (COGENT-174, US)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.22.72.85 (United States)

ASN13335 (CLOUDFLARENET, US)

st.bebi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.bebi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bebi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trck.bebi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.138.80 (United States)

ASN13335 (CLOUDFLARENET, US)

cm.steepto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::57 (United States)

ASN26667 (RUBICONPROJECT, US)

beacon-ams3.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3032::ac43:aa7a (United States)

ASN13335 (CLOUDFLARENET, US)

ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.230.142 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 46.105.199.182 (France) 4 redirects

ASN16276 (OVH, FR)

mediaintelligence.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.105.198.150 (France)

ASN16276 (OVH, FR)

data.mediaintelligence.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.114.49 (Frankfurt am Main, Germany) 4 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:20::ac43:47f1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

useast.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ms.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 136.144.59.88 (Secaucus, United States) 5 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.249.52.248 (Netherlands) 2 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.30 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.178.65.246 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

sync.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u-ams02.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.251.249.9 (Amsterdam, Netherlands) 4 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.137.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:ae80:5::48 (United States)

ASN26558 (FREEWHEEL, US)

dmp.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:24:b002:28a5:2c7e:9fea:57ab (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.126.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.1.205.165 (Bellagio, Italy) 1 redirects

ASN3242 (ASN-ITNET, IT)

bn01.er.bemail.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.81.244 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.163.159.108 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dmp.theadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.173.220 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.251.90 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 168.119.149.178 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.149.119.168.clients.your-server.de

sync.richaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.172.143.213 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.124.170 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.99.241 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-99-241.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.223.226 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.63.176 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.196.115 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.170.124.134 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.178 (United States)

ASN32748 (STEADFAST, US)

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.21.206.140 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.226.176 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.2.239 (Denmark)

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
127	adform.net 1 redirects s1.adform.net adx.adform.net track.adform.net cm.adform.net dmp.adform.net c1.adform.net	1 MB
39	adnxs.com 20 redirects secure.adnxs.com ib.adnxs.com ams1-ib.adnxs.com crcdn01.adnxs.com acdn.adnxs.com	89 KB
26	bidswitch.net 21 redirects pool.grid-data.bidswitch.net x.bidswitch.net	8 KB
26	zeotap.com spl.zeotap.com mwzeom.zeotap.com	8 KB
25	rubiconproject.com 4 redirects ads.rubiconproject.com smarttag.rubiconproject.com secure-assets.rubiconproject.com token.rubiconproject.com fastlane.rubiconproject.com beacon-ams3.rubiconproject.com eus.rubiconproject.com pixel.rubiconproject.com	46 KB
24	ad4m.at ad4m.at as.ad4m.at	96 KB
20	adomik.com projectagora-483829-hdb.adomik.com	2 KB
17	runwaff.com runwaff.com	113 KB
15	quantumdex.io 1 redirects useast.quantumdex.io sync.quantumdex.io ms.quantumdex.io	7 KB
14	smartadserver.com 3 redirects ww1097.smartadserver.com www5.smartadserver.com sync.smartadserver.com prg.smartadserver.com	6 KB
14	doubleclick.net 7 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net	240 KB
12	mediaintelligence.de 4 redirects mediaintelligence.de data.mediaintelligence.de	227 KB
12	vlitag.com 1 redirects services.vlitag.com tag.vlitag.com assets.vlitag.com logs.vlitag.com media.vlitag.com	517 KB
11	adsrvr.org 8 redirects match.adsrvr.org	5 KB
10	bidtheatre.com 10 redirects match.adsby.bidtheatre.com	5 KB
10	projectagora.net projectagora.net	1 MB
10	adskeeper.co.uk jsc.adskeeper.co.uk c.adskeeper.co.uk cdn.adskeeper.co.uk servicer.adskeeper.co.uk cm.adskeeper.co.uk s-img.adskeeper.co.uk	115 KB
10	projectagoraservices.com ads.projectagoraservices.com	63 KB
9	casalemedia.com 3 redirects as-sec.casalemedia.com ssum.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	9 KB
9	adpone.com hb.adpone.com	789 KB
8	pubmatic.com 4 redirects image2.pubmatic.com image6.pubmatic.com ads.pubmatic.com	18 KB
8	cpx.to p.cpx.to s.cpx.to	10 KB
7	a-mo.net 5 redirects prebid.a-mo.net	2 KB
7	yahoo.com 5 redirects pr-bh.ybp.yahoo.com ads.yahoo.com cms.analytics.yahoo.com ups.analytics.yahoo.com	5 KB
7	bidgear.com platform.bidgear.com imp9.bidgear.com	20 KB
6	e-planning.net 2 redirects ads.us.e-planning.net sync.e-planning.net u-ams02.e-planning.net	3 KB
6	criteo.com gum.criteo.com bidder.criteo.com	1 KB
6	read7deadlysins.com 2 redirects ww2.read7deadlysins.com ww3.read7deadlysins.com	12 KB
5	bebi.com st.bebi.com go.bebi.com c.bebi.com trck.bebi.com	108 KB
4	amazon-adsystem.com 2 redirects aax-eu.amazon-adsystem.com s.amazon-adsystem.com	2 KB
4	lijit.com 4 redirects ap.lijit.com	2 KB
4	everesttech.net 4 redirects sync-tm.everesttech.net	1 KB
4	ad4mat.net ad4mat.net	4 KB
4	mathtag.com 4 redirects pixel.mathtag.com sync.mathtag.com	2 KB
4	demdex.net 4 redirects dpm.demdex.net	4 KB
4	themoneytizer.com ads.themoneytizer.com	196 KB
3	krxd.net 1 redirects beacon.krxd.net usermatch.krxd.net	939 B
3	tapad.com 2 redirects pixel.tapad.com	1 KB
3	acuityplatform.com 3 redirects ums.acuityplatform.com	2 KB
3	googleapis.com imasdk.googleapis.com ajax.googleapis.com fonts.googleapis.com	146 KB
3	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	10 KB
3	imgur.com i.imgur.com	284 KB
2	w55c.net 2 redirects pm.w55c.net	1 KB
2	sonobi.com sync.go.sonobi.com	1 KB
2	betweendigital.com 2 redirects ads.betweendigital.com	925 B
2	advertising.com 2 redirects pixel.advertising.com	677 B
2	crwdcntrl.net 2 redirects bcp.crwdcntrl.net	1 KB
2	weborama.fr 2 redirects idsync.frontend.weborama.fr	841 B
2	tidaltv.com 2 redirects sync.tidaltv.com	790 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	criteo.net static.criteo.net	53 KB
2	creativecdn.com prebid-eu.creativecdn.com	370 B
2	admedo.com 2 redirects pool.admedo.com	713 B
2	creative-serving.com 2 redirects ads.creative-serving.com	1 KB
2	googlevideo.com 1 redirects redirector.googlevideo.com r1---sn-4g5e6ns7.googlevideo.com	964 B
2	agkn.com 2 redirects aa.agkn.com	761 B
2	rlcdn.com api.rlcdn.com id.rlcdn.com	325 B
2	googlesyndication.com eaba349be3b6f4320e8ae22a47a1221f.safeframe.googlesyndication.com tpc.googlesyndication.com
2	onetag-sys.com onetag-sys.com	2 KB
2	sascdn.com ced.sascdn.com ced-ns.sascdn.com	22 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	33across.com ssc-cms.33across.com
1	advangelists.com 1 redirects nep.advangelists.com	225 B
1	imrworldwide.com obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	38 B
1	bluekai.com 1 redirects tags.bluekai.com	346 B
1	richaudience.com sync.richaudience.com	360 B
1	mookie1.com odr.mookie1.com	324 B
1	theadex.com dmp.theadex.com	378 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	596 B
1	bemail.it 1 redirects bn01.er.bemail.it	659 B
1	exelator.com loadeu.exelator.com	324 B
1	fwmrm.net dmp.v.fwmrm.net	361 B
1	taboola.com trc.taboola.com	162 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	490 B
1	steepto.com cm.steepto.com	208 B
1	nrich.ai 1 redirects dsp.nrich.ai	487 B
1	adleadevent.com adtrack.adleadevent.com	522 B
1	gstatic.com fonts.gstatic.com	16 KB
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	googletagservices.com www.googletagservices.com	21 KB
1	quantcount.com rules.quantcount.com quantcount.com Failed	1 KB
1	google.com adservice.google.com	553 B
1	google.de adservice.google.de	799 B
1	indexww.com js-sec.indexww.com	13 KB
1	cloudfront.net d2zur9cc2gf1tx.cloudfront.net	26 KB
1	leadplace.fr tag.leadplace.fr	4 KB
1	tmyzer.com c.tmyzer.com	272 B
1	themoneytizer.net g.themoneytizer.net	270 B
1	cloudflare.com ajax.cloudflare.com	5 KB
0	id5-sync.com Failed id5-sync.com Failed
462	90

	Domain	Requested by
45	track.adform.net	projectagora.net s1.adform.net smarttag.rubiconproject.com runwaff.com
40	s1.adform.net	runwaff.com projectagora.net track.adform.net s1.adform.net
31	ib.adnxs.com	18 redirects secure.adnxs.com ib.adnxs.com projectagora.net spl.zeotap.com
26	cm.adform.net	runwaff.com
25	x.bidswitch.net	21 redirects runwaff.com
20	projectagora-483829-hdb.adomik.com
20	mwzeom.zeotap.com	spl.zeotap.com runwaff.com
17	runwaff.com	ww3.read7deadlysins.com runwaff.com
16	ad4m.at	s1.adform.net ad4m.at
14	adx.adform.net	1 redirects projectagora.net s1.adform.net
12	sync.quantumdex.io	assets.vlitag.com sync.quantumdex.io ssum-sec.casalemedia.com
11	match.adsrvr.org	8 redirects js-sec.indexww.com runwaff.com ssum-sec.casalemedia.com
10	match.adsby.bidtheatre.com	10 redirects
10	fastlane.rubiconproject.com	projectagora.net
10	prg.smartadserver.com	projectagora.net
10	projectagora.net	ads.projectagoraservices.com
10	ads.projectagoraservices.com	runwaff.com
9	cm.g.doubleclick.net	7 redirects runwaff.com
9	hb.adpone.com	runwaff.com
8	mediaintelligence.de	4 redirects as.ad4m.at
8	as.ad4m.at	ad4m.at as.ad4m.at
7	prebid.a-mo.net	5 redirects assets.vlitag.com
7	s.cpx.to	p.cpx.to runwaff.com
7	assets.vlitag.com	tag.vlitag.com
6	spl.zeotap.com	ads.themoneytizer.com spl.zeotap.com assets.vlitag.com
5	platform.bidgear.com	ajax.cloudflare.com platform.bidgear.com ww3.read7deadlysins.com runwaff.com
5	ww3.read7deadlysins.com	1 redirects ww3.read7deadlysins.com ajax.cloudflare.com
4	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
4	ups.analytics.yahoo.com	3 redirects ssum-sec.casalemedia.com
4	ap.lijit.com	4 redirects
4	ads.us.e-planning.net	2 redirects
4	sync-tm.everesttech.net	4 redirects
4	data.mediaintelligence.de	as.ad4m.at
4	ad4mat.net	ad4m.at
4	token.rubiconproject.com	4 redirects
4	image2.pubmatic.com	4 redirects
4	dpm.demdex.net	4 redirects
4	secure.adnxs.com	2 redirects runwaff.com secure.adnxs.com
4	ads.themoneytizer.com	runwaff.com ads.themoneytizer.com
4	securepubads.g.doubleclick.net	runwaff.com securepubads.g.doubleclick.net www.googletagservices.com
3	ssum-sec.casalemedia.com	1 redirects sync.quantumdex.io ssum-sec.casalemedia.com
3	pixel.tapad.com	2 redirects spl.zeotap.com
3	bidder.criteo.com	assets.vlitag.com static.criteo.net
3	pixel.rubiconproject.com	runwaff.com
3	s-img.adskeeper.co.uk	ww3.read7deadlysins.com
3	ums.acuityplatform.com	3 redirects
3	gum.criteo.com	ads.themoneytizer.com secure.adnxs.com static.criteo.net
3	i.imgur.com	ww3.read7deadlysins.com
2	pm.w55c.net	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	ads.pubmatic.com	sync.quantumdex.io ads.pubmatic.com
2	sync.go.sonobi.com	sync.quantumdex.io
2	ads.betweendigital.com	2 redirects
2	pixel.advertising.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects
2	beacon.krxd.net	spl.zeotap.com
2	bcp.crwdcntrl.net	2 redirects
2	idsync.frontend.weborama.fr	2 redirects
2	sync.tidaltv.com	2 redirects
2	image6.pubmatic.com	spl.zeotap.com ads.pubmatic.com
2	sync.1rx.io	2 redirects
2	static.criteo.net	assets.vlitag.com static.criteo.net
2	prebid-eu.creativecdn.com	assets.vlitag.com
2	useast.quantumdex.io	assets.vlitag.com
2	eus.rubiconproject.com	runwaff.com eus.rubiconproject.com
2	st.bebi.com	ww3.read7deadlysins.com
2	cm.adskeeper.co.uk	jsc.adskeeper.co.uk
2	pool.admedo.com	2 redirects
2	sync.mathtag.com	2 redirects
2	ads.creative-serving.com	2 redirects
2	sync.smartadserver.com	2 redirects
2	cdn.adskeeper.co.uk	ww3.read7deadlysins.com
2	pixel.quantserve.com	1 redirects runwaff.com
2	ams1-ib.adnxs.com	secure.adnxs.com runwaff.com
2	pixel.mathtag.com	2 redirects
2	aa.agkn.com	2 redirects
2	imp9.bidgear.com	ww3.read7deadlysins.com runwaff.com
2	smarttag.rubiconproject.com	ads.rubiconproject.com
2	onetag-sys.com	ads.themoneytizer.com sync.quantumdex.io
2	ads.rubiconproject.com	runwaff.com ww3.read7deadlysins.com
2	www.google-analytics.com	ww3.read7deadlysins.com www.google-analytics.com
2	services.vlitag.com	ajax.cloudflare.com services.vlitag.com
1	c1.adform.net	ssum-sec.casalemedia.com
1	ssc-cms.33across.com	sync.quantumdex.io
1	ms.quantumdex.io	1 redirects
1	nep.advangelists.com	1 redirects
1	ssum.casalemedia.com	1 redirects
1	obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	spl.zeotap.com
1	tags.bluekai.com	1 redirects
1	usermatch.krxd.net	1 redirects
1	sync.richaudience.com	spl.zeotap.com
1	odr.mookie1.com	spl.zeotap.com
1	cms.analytics.yahoo.com	1 redirects
1	dmp.theadex.com	spl.zeotap.com
1	dsp.adfarm1.adition.com	1 redirects
1	bn01.er.bemail.it	1 redirects
1	loadeu.exelator.com	spl.zeotap.com
1	dmp.v.fwmrm.net	spl.zeotap.com
1	trc.taboola.com	spl.zeotap.com
1	dmp.adform.net	spl.zeotap.com
1	u-ams02.e-planning.net
1	sync.e-planning.net
1	sync.targeting.unrulymedia.com	1 redirects
1	trck.bebi.com
1	c.bebi.com	runwaff.com
1	go.bebi.com	st.bebi.com
1	ads.yahoo.com	runwaff.com
1	id.rlcdn.com	runwaff.com
1	beacon-ams3.rubiconproject.com	runwaff.com
1	cm.steepto.com	ww3.read7deadlysins.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	acdn.adnxs.com	runwaff.com
1	crcdn01.adnxs.com	runwaff.com
1	dsp.nrich.ai	1 redirects
1	adtrack.adleadevent.com	ajax.googleapis.com
1	pool.grid-data.bidswitch.net	runwaff.com
1	r1---sn-4g5e6ns7.googlevideo.com
1	redirector.googlevideo.com	1 redirects
1	media.vlitag.com	1 redirects
1	servicer.adskeeper.co.uk	jsc.adskeeper.co.uk
1	fonts.gstatic.com	fonts.googleapis.com
1	logs.vlitag.com
1	cdn.jsdelivr.net	assets.vlitag.com
1	c.adskeeper.co.uk	jsc.adskeeper.co.uk
1	fonts.googleapis.com	ww3.read7deadlysins.com
1	as-sec.casalemedia.com	js-sec.indexww.com
1	secure-assets.rubiconproject.com	runwaff.com
1	ajax.googleapis.com	d2zur9cc2gf1tx.cloudfront.net
1	api.rlcdn.com	js-sec.indexww.com
1	imasdk.googleapis.com	tag.vlitag.com
1	www.googletagservices.com	tag.vlitag.com
1	rules.quantcount.com	secure.quantserve.com
1	www5.smartadserver.com	ced.sascdn.com
1	jsc.adskeeper.co.uk	platform.bidgear.com
1	tpc.googlesyndication.com	securepubads.g.doubleclick.net
1	eaba349be3b6f4320e8ae22a47a1221f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	js-sec.indexww.com	ads.themoneytizer.com
1	d2zur9cc2gf1tx.cloudfront.net	ads.themoneytizer.com
1	p.cpx.to	ads.themoneytizer.com
1	secure.quantserve.com	ads.themoneytizer.com
1	tag.leadplace.fr	ads.themoneytizer.com
1	c.tmyzer.com	ads.themoneytizer.com
1	ced-ns.sascdn.com	runwaff.com
1	ww1097.smartadserver.com	1 redirects
1	g.themoneytizer.net	ads.themoneytizer.com
1	ced.sascdn.com	runwaff.com
1	tag.vlitag.com	services.vlitag.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	ajax.cloudflare.com	ww3.read7deadlysins.com
1	ww2.read7deadlysins.com	1 redirects
0	quantcount.com Failed	secure.quantserve.com
0	id5-sync.com Failed	runwaff.com
462	154

This site contains links to these domains. Also see Links.

Domain
animepill.com
merchoneesan.com
twitter.com
www.facebook.com
readshokugeki.com
tokyoghoulre.com
readneverland.com
readnoblesse.com
readkingdom.com
ww3.readfairytail.com
www.readtowerofgod.com
readonepiece.com
readhaikyuu.com
readvinlandsaga.com
readmha.com
readkaguyasama.com
readjujutsukaisen.com
manga.watchoverlord2.com
readchainsawman.com
demonslayermanga.com
read7deadlysins.com
readblackclover.com
readgintama.com
readopm.com
ww4.readnaruto.com
readnaruto.com
readsololeveling.org
readbleachmanga.com
readhxh.com
readdetectiveconan.com
readsnk.com
readberserk.com
manga.watchsao.tv
manga.watchgoblinslayer.com
readdrstone.com
dbsmanga.com
ww3.readopm.com
readtowerofgod.com
mangapill.com
valueimpression.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-25` - `2021-07-25`	a year	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh
ajax.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-11` - `2022-08-16`	2 years	crt.sh
runwaff.com Amazon	`2020-08-07` - `2021-09-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
*.themoneytizer.com GoGetSSL RSA DV CA	`2021-02-14` - `2022-03-17`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.sascdn.com DigiCert Secure Site ECC CA-1	`2020-10-14` - `2021-11-11`	a year	crt.sh
paadserver.projectagora.info R3	`2021-05-06` - `2021-08-04`	3 months	crt.sh
g.themoneytizer.net GoGetSSL RSA DV CA	`2019-10-16` - `2022-01-17`	2 years	crt.sh
c.tmyzer.com R3	`2021-04-06` - `2021-07-05`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.leadplace.fr Gandi Standard SSL CA 2	`2020-09-11` - `2021-09-12`	a year	crt.sh
onetag-sys.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
p.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-02` - `2022-02-02`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2021-02-22` - `2022-02-21`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
s.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-03` - `2022-02-09`	a year	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-18` - `2022-03-26`	10 months	crt.sh
*.c.docs.google.com GTS CA 1O1	`2021-05-11` - `2021-07-20`	2 months	crt.sh
pool.grid-data.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-03-06` - `2022-03-06`	2 years	crt.sh
adtrack.adleadevent.com Amazon	`2021-05-17` - `2022-06-15`	a year	crt.sh
*.adform.net DigiCert SHA2 Secure Server CA	`2020-04-02` - `2021-06-02`	a year	crt.sh
*.adomik.com Amazon	`2021-03-03` - `2022-04-01`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
data.mediaintelligence.de R3	`2021-04-02` - `2021-07-01`	3 months	crt.sh
mediaintelligence.de R3	`2021-04-17` - `2021-07-16`	3 months	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-11` - `2021-06-30`	2 months	crt.sh
*.a-mo.net R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
ads.us.e-planning.net R3	`2021-05-24` - `2021-08-22`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.e-planning.net R3	`2021-03-26` - `2021-06-24`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.exelator.com Go Daddy Secure Certificate Authority - G2	`2019-05-17` - `2021-06-25`	2 years	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.theadex.com GeoTrust RSA CA 2018	`2019-10-11` - `2021-10-10`	2 years	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.richaudience.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-17` - `2022-03-16`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
*.redinuid.imrworldwide.com Amazon	`2020-05-27` - `2021-06-27`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-22` - `2021-09-15`	6 months	crt.sh

This page contains 66 frames:

Primary Page: https://ww3.read7deadlysins.com/
Frame ID: 2B4DB6F784A632B614FAFEF2B4DDFA7E
Requests: 46 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: E9D60EE42AA4A7B7DD7BD1DA691AE6C3
Requests: 7 HTTP requests in this frame

Frame: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=c45f858cb8b4b094b8b6229bad96a54e7&cb=1556561621910813230
Frame ID: B0FA7DCCE34916C20AB1955E6C816519
Requests: 4 HTTP requests in this frame

Frame: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231
Frame ID: 5C03A24FC2A19ECF87FFFEA0EE25EE73
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232
Frame ID: 66D56BAB9C412E1F9DD75BDF52537919
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233
Frame ID: CC1719F84C8ACC01E29516DC1D7AC619
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234
Frame ID: 2E24F4AA2C65FCD5A7A585E8F1D16C7D
Requests: 31 HTTP requests in this frame

Frame: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=60f0e959e67789b550dbbeaa782904915&cb=9059651621910813235
Frame ID: 843E5EE3BBAD476BDB1960D186C88159
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236
Frame ID: DAC43CB526742E221B578EBBA5B97579
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/usersync?i=u1dvjpo9e55sy80hm5&a=05bcf34b3dc8ef781ff91667b6cbe5da7&cb=6771261621910813237
Frame ID: 1216582A42742E6CF700EC4AA691AD72
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Frame ID: EB9431F69B3B266395685A516D12DE83
Requests: 4 HTTP requests in this frame

Frame: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=69a1ae274eff659621cc5da174992f8b3&cb=5820761621910813239
Frame ID: 8D02CA95E91563FC7A9868D72281B99A
Requests: 9 HTTP requests in this frame

Frame: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=3191181510d1c5163e53c1097b6d94291&cb=3371671621910813240
Frame ID: 5494312F53F8481DEDFE07740C31B506
Requests: 3 HTTP requests in this frame

Frame: https://runwaff.com/counter?i=u1dvjpo9e55sy80hm5&a=d76c2da8c12daa85f1437d954f94f8843&cb=6061601621910813241
Frame ID: B222EDB324B2C5A74E5873D1662991F9
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242
Frame ID: 8DE994E40DCCFE695175D71775B6C374
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243
Frame ID: 865F426FB5F7685B1DAB174BAE584E1D
Requests: 9 HTTP requests in this frame

Frame: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=8fea93fb728874b1628b7aac65a76abf3&cb=0112131621910813244
Frame ID: 1D1C5A35A37E404F4E4BBB71B3B33BF9
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1621910813376
Frame ID: 075E442DBB52E2699BAB0FE95A863B5F
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258&cmp=0
Frame ID: 091B93D97EEF3168BC8F4DDECA2149A6
Requests: 9 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: 9897723C64F9CD90AE59B0969145FF28
Requests: 8 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: FC03B94E68C81337FD2CA6731BE9A0A8
Requests: 8 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: 2E585117C330B64F31FA7F6A749E98C4
Requests: 8 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: BB4BE4D903EEB2FE5C397098042AFFDC
Requests: 8 HTTP requests in this frame

Frame: https://jsc.adskeeper.co.uk/b/i/bidgear.readnaruto.com.842741.js
Frame ID: 934B9AEE1C4886D82E8BDE5C96CD06D9
Requests: 15 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: AFBEEDED56462562F1D0DDE84D59A566
Requests: 8 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: 65505C1D380FB07A5E95D0BC913CF0A6
Requests: 8 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: 9F0AC5ECFF567629BF058B7AB6585796
Requests: 8 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: DDDF0789F517B84C61988E7F24E3C741
Requests: 8 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Frame ID: E42A3181637F0A2397868FE3B0A44D52
Requests: 8 HTTP requests in this frame

Frame: https://platform.bidgear.com/async.php?domainid=1042&sizeid=2&zoneid=2125&k=5c00c68a67ca2
Frame ID: ED5517E5FC0D522AA8D557B36920D71D
Requests: 1 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=45218947;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=G4qFVpeIihbq29qpQygQjfeMYSeh6c3E3RDG_Di5lbZ8U__CyPwZA4yAe0wTDlRbRhY7XEFMtzJjUTzeejJMYACxeP9ephrk5jVrJ45sNIUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iAGelWOrzKxc8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=sBo34bq4Frt42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknR3tvd_s1cQIdTa3vpKM0nabd7LGXjWR8wb2Nz0N7bHVhMqMAPrwA-pCjnC3xSNf1r8PUCDt9fIkQmn9qHx8dhL62aNtg0L7iFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyffLoxdqMC7wA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDSzmfmLpj7GS1IwLkOi1Phber1pltXZUmg2;
Frame ID: 5DA677536ED1EBA0AFEC87A9C2E5B70C
Requests: 11 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=42173458;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=OS-8pJ27cx1t80IVWwQfQmE4WHGRqH-1kufqwnY4tw_1RSChZqL51DIQIJOmZt0pv7FqjbP8FygEiuMG4UneOQhh2ON4Isn69w0nsxF19yUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5jm_EH7owHJ888jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=m5D2R0CaQPB42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz10a3Jwkl4uAuOMOqtrwYj_99yHnrX3-Yq41wUtXy3s232WndsyQtExvdq5tkQ8Tp-aJ5PzzvWo-FOZ5nJE5k3ngOHYsb569ZdmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyUT9ubrsFdb5A7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDZ7UVDpnb5VfPKEpU4M09Dver1pltXZUmg2;
Frame ID: 7E286CED9F6F937AC405AC81D766D819
Requests: 15 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=41071221;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=uSV1xgGdzQve78zuYfx_tRDUu3ycOTSsVP-ADR8QenmrZ3Fb8oPKTPe--5-00Wf9U-B_lc3YSvlAzWIz_Hq64XyJDl13L8YgdAV0rcbm9doFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5gFj3SdCdK4k88jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=Rac_1Yf_kd542u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTvMejHOdxhNU9zZjyqtz6ozH4m33C6wV6W3ouUMgVeqI2YrOd1yOCopOxDvrEfFBGicnpwgINImTU1vRRh-jKvNNUggE0_YkFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyeoitXcusxSgA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDcA-LMOEbEeY7gH3CiRILsfer1pltXZUmg2;
Frame ID: 047A50A7E815883B4E3C08DC4E8DC4C5
Requests: 11 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=42668740;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=ZPkCbhmZbT_Sam2xq9o2NCaX2nwXAYytIwu2YCMks6WetEjMx1R1ZXXN1_IoWoCT9ccQe0Fk6CcpvpkjNWsolvkpcmuh4P_Ki-2NZx3GH7cFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5irtBj2g3LIFs8jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=UboeEUUWZ8B42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTxQfLXoDWXfv1euo7mBLg5_Ih_9onTnKlhd-mQT0X9GaZrvfOM9I3E6VuXf9kFnS5GicGAJ9fmRsqtXApkEPB6GTZOZuzmhWxmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfDBcvVKbR2MA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDRcihOQ3dLyuIi1y0VlSJGXer1pltXZUmg2;
Frame ID: 61A362C2C34FAFE5E5800A8B5B982B67
Requests: 11 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=45412308;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=G4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=uP9_xzm7p3gWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJGDRnenwf3ZOIZbwXk0NHvEGaRriKBgaK1upDjbA2t0vzcGsEcX2GvCO8nle1gh-LiD_96yP7hgsc-1Vp63gCqmo_iQpYtm7B4N_y1mXCcha3Qz0iQZiugfOTp_vwujtosuJwHiM67O1Itc1mWY_0sN0;pui=CQ8Cld2Xq9y0edKP5QUkDYxnuiJPnpfrSEjv6iMURvjer1pltXZUmg2;
Frame ID: B4A20152D94B51D0C491A67461082045
Requests: 11 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=45412305;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=sqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=UboeEUUWZ8AWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJH5G_uilC9X4banfSWfV8AZMdRrf00n8DLOdLjvvTD1yp-rhaUcjVvvDVfBLjP206BX-kYC9z2tMxAT98iFLS6SrjaTfJn5JLAN_y1mXCcha3Qz0iQZiugfOTp_vwujtotdNmOES7cPo4tc1mWY_0sN0;pui=CQ8Cld2Xq9y0edKP5QUkDTw85nQIa015X8nmRTPhshjer1pltXZUmg2;
Frame ID: DFFE5A1F66DD5436A407CD768E60D607
Requests: 11 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=37319546;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=PZgxFyI_q7DG566n0y3OElk1KHZetUlbh2lnQ7bHirSf9tx0Bry-sCxEfOinBGUBknVjfcNolpF5l-oNR9nd4q-L1jCcJ1QnmX53ZYzR6LIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hbMlLUKNDI7M8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=JrIsYnOFaJ942u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz1RcEAhpSr81T2cuj3ZpoifWlv-U0VLenhZbYlBTiNT-6uFwuax6ujvkrnQrIWsbmM6uc85TbACpfeBxJFhnv5kq_5cc2wgkBJmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfrHhprnKquDA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDXqEaR73K3PlqGT_KVhRjhHer1pltXZUmg2;
Frame ID: 17F0560B4437CB342015A8956B0E6184
Requests: 11 HTTP requests in this frame

Frame: https://cm.adskeeper.co.uk/i-noref.js?cbuster=1621910814536113380367
Frame ID: 026D3D8109CA92122D84BE70285B0564
Requests: 1 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/17210.js
Frame ID: CA8A9E09E5D4F9674F960AB72C67F171
Requests: 12 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1653126
Frame ID: 230ACA0AA9914A9FAA6D048142E84E61
Requests: 1 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=45412305;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=vaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=s-5eOzQiG9IWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJESVOGlKxVv4DJDaNdbF2O1ojOcYwZJEop5nPdkSJb_5TIQ-27oYVOZIwBn6iFaMVNe3TqjW_zwxRjtddMWjjovOzIDDkh2KaQN_y1mXCcha3Qz0iQZiugfOTp_vwujtouxNaghpv4V744e8FXsaC100;pui=CQ8Cld2Xq9y0edKP5QUkDU6j5OjiPnXP33brx1n1qOfer1pltXZUmg2;
Frame ID: 9FF28C56E9A7E37C3EAE530B73D5F63A
Requests: 11 HTTP requests in this frame

Frame: https://platform.bidgear.com/media/img/b15.png
Frame ID: 6243065C6B8626A456138EFDFC5EDE05
Requests: 7 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=44025169;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=vaoHHWsZTCwF8VODAGusMMKIHjxpxaZOqAOHp68jmCDdTX4wGFiO5jn-YWpYMCHI8ORw6pRYdpZ3hjplprb5hKZW4sSl2RG2VPWL_jHUNVkFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5gvbkFBuf75ic8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=dlI7jPdZmP142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknToqs-kab8x1Z49sKFH88Iso7DuOl7L7qEIzdL0z2b7g_goOzn5CwcdjdjhozzwJrogzS93cDUI6taI3fDp8O7ChsTnwbpdKodmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyTwuoksXVO3DA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDZCW_Ck1jA7RcvU6a83j6vXer1pltXZUmg2;
Frame ID: BC8A38C0A208EED44EE717CB52441019
Requests: 11 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=42105127;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=G4qFVpeIihY1Tld3-rYkbYD9S62FUBA4f7ZOQZsmwm2u8mjPYb4ssYyAe0wTDlRbjzQwCJjw2mLU8CBximHKJxEaZtV_h-rDzdaqwHE1PFUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iJBY2EoMekUM8jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=VJrxeDkysT142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz3lkrzn4reXiEPvK1F9wo1E67ubxWiqsr44Lv8IRZDsMjoXddBNQ99zc7Ob1Yb6O6HklbpbhGQAk-4PWCxBWUyh1h_bivVkdqNmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyT2OuTp6Hi7nA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDe2mzb7r3T921lRh0OH4kPner1pltXZUmg2;
Frame ID: DE47E57951159868D34A03B046FF85A6
Requests: 11 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: A8D326D69981924AE731A94576446CFD
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 1F5A249E75C2A3A655313373C2254E05
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 94BE1E3424F9AABE7A2A4DFF90BD6E74
Requests: 1 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: 3DACD04008D0239C8BB304C02FA266E7
Requests: 1 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: F38232C5262E41893C641CB5FA9979AF
Requests: 1 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: 12F538E6DC7108BFA7CE8742E66A7EB8
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 6F6AF09F523E13CA3D46917CE73816DC
Requests: 10 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=1ec7e791c6ef79bd1003e2024a8f0abe%2F11814737698229882658&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3Dsqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oQhRQLkAt7Arf7tP55GRygJlWrK0u6IK2caLdAVTuB1saHm1W9MNp_NLx0fnI-txy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazEreEstr761M-htsZ9hfyp-RkKN2gb8JZDnNEcePUX0EoDEtdDRzdaDlfXyXxTzonRr9r15uYFY4-Pwd3O2PDCRwKNkGtVFnPSDbaj6g5kRYaJMPtnZb0DkIBNee2rteoKUGDhRxNMT7cOLRLedj17CrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz579KkDq7bT4mE3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Frame ID: 5F2889342B468BABB615E21A3A296161
Requests: 4 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=119116&b=PxqtBfbf4mwGC9HKtrHMtYB6hbt9TP9q&f=bMVSQfZfPRgGFYH5tGH8Cqz4setJT5g3&c=300&d=250&e=&g=8c2dfe61bfd68cd2b598f4a12f236fd5%2F4511513325921262261&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412308%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DG4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DG8C8Y9AL2dISR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oe_RisuYBT5xRGB_YVfjUg-mrZxjDp3m2caLdAVTuB5zRdKnPZMO_2nVn917_uc5y9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazHBBb7JqfFGAGVbZsWw4W5fYEY6FkvemZ38PWgWGGnFg1lE7ZC95ufvSsRebcEwLSdiWhc-7sVIJl0UcCmMQ687orUxo8SA7m-bc70N3p7oQaJMPtnZb0DkIBNee2rteoL5VPxy82Eug035FUk2JcACrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz57aHDxQ2pBj203khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Frame ID: 3EA837E29ED5D9FAF1047564FFB03E3B
Requests: 4 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=39c5e1359af49312fe31e80fb9b26d96%2F17007975655370622870&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DvaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ2C1u3FmmP9GnS_qTAqfjmBPRMdCKlkmEu2caLdAVTuB_j91a6UboQiZO_bMJ2DSQNy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazlm3Lze6NIuKL7cpn-6RuLv_rt-SikdzH4k-FjhLFUeM-KqfXdtgCVJawW7lOiIlVvPGDPRVBPetZaDJr0hfCWYfRpmkie5oThOHMqFTFsaUaJMPtnZb0DkIBNee2rteo1RXDA0raOzFz5dO7FFtGeBtNBc4oIsBSQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz569SDK4PQehBU3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Frame ID: 5FA82DE19ACFE7F19C60137C11C26DBF
Requests: 4 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: B43BD681DBC1C1861F7D8D5B73168DF8
Requests: 1 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: A50E85434261B948975B1F07074BF487
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=114736&b=bMVSQfZfP5pkTYH5tGHKtqQMTetJT52P&f=3P4tpf4fmXg4c7HqtXHXCkBwuMtWTAje&c=300&d=250&e=&g=425545bf7a8e67ade5cb81e3ac30e1f1%2F14510462578530007900&i=29459&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D46051965%3Bcrtbwp%3DFD095DA38919D0EF%3Bcrtbdata%3DeexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1%3Badfibeg%3D0%3Bcdata%3Dzi6nw54RqoVNkoim8y32RgwRZGuFuL6pEx14g_hcwfpYBRXMc3-0AkKr1ztCzqheMrfXzzOMYt4tEB0NuJcKv7FMG_vafx5947mRGi7fX-2UcVaqQ_HzhsmtYN-uo950ZSAqiu-gwQTu--L5nqeNZ4bpOaa11T_TzgNVONeC3BPZKrp3hnDIH84jHBodwGdCZr-bjp8GuG-vPCrSsv5_L3LLb10zwiQqVmT03catJI-KMvty0L-hgdPIoSoiCNp5U9pRs-Y54C3kPlaDTc2TXeFBboVeNKvP0%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Frame ID: E55E11023F0E98CDE359A5F67F8D4358
Requests: 4 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ww3.read7deadlysins.com&gdpr=1&gdpr_consent=
Frame ID: 0AA18FA56633C0FFE48F92953D12F7D2
Requests: 1 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/quantumdex
Frame ID: A10DB16881CDFC47C25006C6B1C2F270
Requests: 12 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&cmp=0
Frame ID: ADEC137A5252E74C996669326DB83BD6
Requests: 31 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0010b00002GYEhcAAH&us_privacy={us_privacy}&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Frame ID: 9B52667116E69E837B657DA8ED0F754D
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 8D4B60DA3114ACE8F624A82CBE464A1A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: 4BA116FA923FF8A4D3E5F2B6F9B987F4
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Frame ID: E2A34EE2D8CE4AE820857C04B2938E53
Requests: 10 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Frame ID: 2C0F364F6BAC4C77766AC856A9DA7221
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: ED7F5EEB6A8C1B7EE29D1BF9547DBE50
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ww2.read7deadlysins.com/ HTTP 301
http://ww3.read7deadlysins.com/ HTTP 301
https://ww3.read7deadlysins.com/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

462
Requests

99 %
HTTPS

30 %
IPv6

90
Domains

154
Subdomains

96
IPs

11
Countries

5536 kB
Transfer

14660 kB
Size

2
Cookies

44 Outgoing links

These are links going to different origins than the main page.

URL: https://animepill.com/anime?title=nanatsu+no+taizai&type=&status=&season=&year=
Title: Anime

Search URL Search Domain Scan URL

URL: https://merchoneesan.com/collections/the-seven-deadly-sins
Title: Store

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/follow?&ref_src=twsrc%5Etfw&region=follow_link&screen_name=Releases_Anime&tw_p=followbutton

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AnimeReleaseSupport/

Search URL Search Domain Scan URL

URL: http://readshokugeki.com/
Title: ReadShokugeki.com

Search URL Search Domain Scan URL

URL: http://tokyoghoulre.com/
Title: Tokyoghoulre.com

Search URL Search Domain Scan URL

URL: http://readneverland.com/
Title: ReadNeverland.com

Search URL Search Domain Scan URL

URL: http://readnoblesse.com/
Title: Readnoblesse.com

Search URL Search Domain Scan URL

URL: http://readkingdom.com/
Title: Readkingdom.com

Search URL Search Domain Scan URL

URL: https://ww3.readfairytail.com/manga/edens-zero/
Title: ReadFairyTail.com

Search URL Search Domain Scan URL

URL: https://www.readtowerofgod.com/
Title: ReadGodOfTower.com

Search URL Search Domain Scan URL

URL: http://readonepiece.com/
Title: ReadOnePiece.com

Search URL Search Domain Scan URL

URL: http://readhaikyuu.com/
Title: ReadHaikyuu.com

Search URL Search Domain Scan URL

URL: https://readvinlandsaga.com/
Title: ReadVinlandSaga.com

Search URL Search Domain Scan URL

URL: http://readmha.com/
Title: ReadMHA.com

Search URL Search Domain Scan URL

URL: http://readkaguyasama.com/
Title: ReadKaguyaSama.com

Search URL Search Domain Scan URL

URL: http://readjujutsukaisen.com/
Title: ReadJujutsuKaisen.com

Search URL Search Domain Scan URL

URL: http://manga.watchoverlord2.com/
Title: Manga.watchoverlord2.com

Search URL Search Domain Scan URL

URL: https://readchainsawman.com/
Title: ReadChainSawMan.com

Search URL Search Domain Scan URL

URL: https://demonslayermanga.com/
Title: demonslayermanga.com

Search URL Search Domain Scan URL

URL: http://read7deadlysins.com/
Title: Read7DeadlySins.com

Search URL Search Domain Scan URL

URL: http://readblackclover.com/
Title: ReadBlackClover.com

Search URL Search Domain Scan URL

URL: https://ww3.readfairytail.com/manga/fairy-tail/
Title: ReadFairyTail.com

Search URL Search Domain Scan URL

URL: http://readgintama.com/
Title: ReadGintama.com

Search URL Search Domain Scan URL

URL: http://readopm.com/
Title: readOPM.com

Search URL Search Domain Scan URL

URL: https://ww4.readnaruto.com/manga/naruto/
Title: ReadNaruto.com

Search URL Search Domain Scan URL

URL: http://readnaruto.com/
Title: ReadNaruto.com

Search URL Search Domain Scan URL

URL: https://readsololeveling.org/
Title: ReadSoloLeveling.org

Search URL Search Domain Scan URL

URL: http://readbleachmanga.com/
Title: ReadBleachManga.com

Search URL Search Domain Scan URL

URL: http://readhxh.com/
Title: ReadHxH.com

Search URL Search Domain Scan URL

URL: http://readdetectiveconan.com/
Title: ReadDetectiveConan.com

Search URL Search Domain Scan URL

URL: http://readsnk.com/
Title: ReadSNK.com

Search URL Search Domain Scan URL

URL: http://readberserk.com/
Title: ReadBerserk.com

Search URL Search Domain Scan URL

URL: http://manga.watchsao.tv/
Title: Manga.Watchsao.tv

Search URL Search Domain Scan URL

URL: http://manga.watchgoblinslayer.com/
Title: Manga.watchgoblinslayer.com

Search URL Search Domain Scan URL

URL: http://readdrstone.com/
Title: ReadDrStone.com

Search URL Search Domain Scan URL

URL: http://dbsmanga.com/
Title: DBSmanga.com

Search URL Search Domain Scan URL

URL: https://ww3.readopm.com/manga/mob-psycho-100/
Title: ReadOPM.com

Search URL Search Domain Scan URL

URL: https://readchainsawman.com/manga/fire-punch/
Title: Fire Punch

Search URL Search Domain Scan URL

URL: https://readjujutsukaisen.com/
Title: Jujutsu Kaisen

Search URL Search Domain Scan URL

URL: https://readkaguyasama.com/
Title: Kaguya Sama

Search URL Search Domain Scan URL

URL: https://readtowerofgod.com/
Title: Tower of God

Search URL Search Domain Scan URL

URL: https://mangapill.com/
Title: Manga Pill

Search URL Search Domain Scan URL

URL: https://valueimpression.com/?ref=ww3.read7deadlysins.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ww2.read7deadlysins.com/ HTTP 301
http://ww3.read7deadlysins.com/ HTTP 301
https://ww3.read7deadlysins.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://secure.adnxs.com/ttj?id=18287125 HTTP 307
https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D18287125

Request Chain 47

https://ww1097.smartadserver.com/config.js?nwid=1097 HTTP 302
https://ced-ns.sascdn.com/diff/js/smart.js

Request Chain 58

https://id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent= HTTP 302
https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent= HTTP 302
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg HTTP 303
https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&domid=1033 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx HTTP 302
https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx&google_gid=CAESEBZYolgNXrrTZ1lN-vnvqSw&google_cver=1 HTTP 303
https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEBZYolgNXrrTZ1lN-vnvqSw&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&etid=&domid=1033 HTTP 302
https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=2856234407030238743&opid=apx&ops=&utidl=tech:goo:CAESEBZYolgNXrrTZ1lN-vnvqSw&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&etid=&domid=1033 HTTP 303
https://id5-sync.com/qp/18.gif?puid=vec%3A17662784809&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg HTTP 302
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/12/19/7/3.gif?puid=facca241c63ca8199331b99307eb2022&gdpr=1&gdpr_consent= HTTP 302
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://ads.creative-serving.com/ul_cb/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://id5-sync.com/c/12/101/6/4.gif?puid=18fdb0c4-97e0-47b6-b337-acbf9f1abbc3&gdpr=1&gdpr_consent= HTTP 302
https://loadus.exelator.com/load/?p=1082&g=204&j=r&gdpr=1&gdpr_consent=&ru=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F103%2F5%2F5.gif%3Fpuid%3D%25%25UID%25%25%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://loadus.exelator.com/load/?p=1082&g=204&j=r&gdpr=1&gdpr_consent=&ru=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F103%2F5%2F5.gif%3Fpuid%3D%25%25UID%25%25%26gdpr%3D1%26gdpr_consent%3D&xl8blockcheck=1 HTTP 302
https://id5-sync.com/c/12/103/5/5.gif?puid=6a6f01c7db7e2db4b734253d3ad8ea0b&gdpr=1&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F108%2F4%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F108%2F4%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/12/108/4/6.gif?puid=7fd506e9-a0e8-4138-b08b-b54c72f2e560&gdpr=1&gdpr_consent=

Request Chain 92

https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258 HTTP 302
https://mwzeom.zeotap.com/mw?adnxs_uid=2856234407030238743&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258

Request Chain 93

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEHzoN6haGvwgtK3imuz1gQI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258

Request Chain 94

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D973dcad7-3dec-4517-6d86-9f47460f08dc%26reqId%3D81b28539-878e-48b8-5fab-8e52e790e00f%26uc%3D2%26zdid%3D1258 HTTP 302
https://mwzeom.zeotap.com/mw?cid=a442fbe8-bdb4-4220-808c-55a86f50264b&zpartnerid=6&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258

Request Chain 95

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=973dcad7-3dec-4517-6d86-9f47460f08dc&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D973dcad7-3dec-4517-6d86-9f47460f08dc%26reqId%3D81b28539-878e-48b8-5fab-8e52e790e00f%26uc%3D2%26zdid%3D1258 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=973dcad7-3dec-4517-6d86-9f47460f08dc&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D973dcad7-3dec-4517-6d86-9f47460f08dc%26reqId%3D81b28539-878e-48b8-5fab-8e52e790e00f%26uc%3D2%26zdid%3D1258 HTTP 302
https://mwzeom.zeotap.com/mw?cid=26897225681004334221210651976602852528&zpartnerid=314&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258

Request Chain 96

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1258&cid=Tl%2FvYKEnMJlB8J4AqLHFGWG%2BM1mMj8Ps%2BS41iYitP1U%3D

Request Chain 97

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D973dcad7-3dec-4517-6d86-9f47460f08dc%26reqId%3D81b28539-878e-48b8-5fab-8e52e790e00f%26uc%3D2%26zdid%3D1258 HTTP 302
https://mwzeom.zeotap.com/mw?cid=e06160ac-651d-4e00-8de7-6426066579f3&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258

Request Chain 109

https://adx.adform.net/adx/?rp=3&bWlkPTc1NTc2MyZybmQ9bDBtdm4xb25yZnRweG8za3QyenU&url=https%3A%2F%2Fww3.read7deadlysins.com&callback=_adform_cb_1621910813835_7505608149569867 HTTP 302
https://adx.adform.net/adx/?CC=1&rp=3&bWlkPTc1NTc2MyZybmQ9bDBtdm4xb25yZnRweG8za3QyenU&url=https%3A%2F%2Fww3.read7deadlysins.com&callback=_adform_cb_1621910813835_7505608149569867

Request Chain 132

https://media.vlitag.com/vid/?id=aOSRX0RXaas&t=y HTTP 302
https://redirector.googlevideo.com/videoplayback?expire=1621923207&ei=J0GsYLK_OK-uxN8Pjbub0AM&ip=3.248.214.185&id=o-AOUhgdh7U8Zon1FVE86coJbgWc48B2IiccGmbcsjC_Jw&itag=22&source=youtube&requiressl=yes&mh=3a&mm=31%2C26&mn=sn-q0cedn7s%2Csn-5hne6nsy&ms=au%2Conr&mv=m&mvi=1&pl=17&initcwndbps=1438750&vprv=1&mime=video%2Fmp4&ns=a82U8mVgLKe7FnF0CIHIMpwF&ratebypass=yes&dur=207.400&lmt=1527958054301891&mt=1621900849&fvip=1&fexp=24001373%2C24007246&c=WEB&n=IJFMGrXg7n5KFo254&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cratebypass%2Cdur%2Clmt&sig=AOq0QJ8wRAIgWPR0ZZQS2k27pYSrkkzW5vpBRS-hsBH3MLsl1xmarcUCIGmao4nQeaBWTuHdPErMBXqx-XibXlSlAr6SjiCl-NQ0&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANphjn2ba5CbCFuUWU7wmkCbhELnNDbx826NIqn42DGVAiEA31EQrQfxMJBNIwYSQ8C9wNjzD5Dwt65OJAH3VjVAiow%3D HTTP 302
https://r1---sn-4g5e6ns7.googlevideo.com/videoplayback?expire=1621923207&ei=J0GsYLK_OK-uxN8Pjbub0AM&ip=3.248.214.185&id=o-AOUhgdh7U8Zon1FVE86coJbgWc48B2IiccGmbcsjC_Jw&itag=22&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=a82U8mVgLKe7FnF0CIHIMpwF&ratebypass=yes&dur=207.400&lmt=1527958054301891&fexp=24001373%2C24007246&c=WEB&n=IJFMGrXg7n5KFo254&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cratebypass%2Cdur%2Clmt&sig=AOq0QJ8wRAIgWPR0ZZQS2k27pYSrkkzW5vpBRS-hsBH3MLsl1xmarcUCIGmao4nQeaBWTuHdPErMBXqx-XibXlSlAr6SjiCl-NQ0&cms_redirect=yes&mh=3a&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6ns7&ms=au&mt=1621910450&mv=m&mvi=1&pl=50&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK6V5YKf75-FlQw07HT-oMjU-Dkks_JOdkUEb4keZ_2kAiEAxvoVIHWtWJCvKGo4VdIrHZ8r6Chgaz0n8-NzbV33S04%3D

Request Chain 133

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8 HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8 HTTP 302
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=FBECC144-B7FF-4AED-9A05-5F98419BB2E9&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

Request Chain 134

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12763%26ref%3Dhttps%253A%252F%252Fww3.read7deadlysins.com%252F%26hn_ver%3D16%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8 HTTP 302
https://s.cpx.to/an_fire?app_nexus_uid=2856234407030238743&pid=12763&ref=https%3A%2F%2Fww3.read7deadlysins.com%2F&hn_ver=16&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8 HTTP 302
https://s.cpx.to/ca.png?dsp=dbm&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8&google_gid=CAESEOwKL41v2RvRdqN6dOD-nHQ&google_cver=1

Request Chain 136

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8&gdpr=0 HTTP 302
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8&gdpr=0&cklb=1 HTTP 302
https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=2155387749517321864&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

Request Chain 137

https://token.rubiconproject.com/token?pid=34010&puid=31d5c00d49c8cb73&gdpr=0 HTTP 302
https://s.cpx.to/sync?dsp=rubicon&dsp_uid=KP3FTL71-5-74US&customParamenters={p:customParamenters}&gdpr=0

Request Chain 138

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
https://s.cpx.to/sync?dsp_uid=a442fbe8-bdb4-4220-808c-55a86f50264b&dsp=TTD

Request Chain 172

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adform HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=f7ab0538-7fa6-4152-87ce-d29e52f97481&ssp=adform&expires=30&user_group=5&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

Request Chain 173

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 174

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=b1f2b4c7-0171-4503-b78a-a98c2d45abb0

Request Chain 179

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adform HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dadform%26bsw_param%3D96763ec5-fa40-4a5c-bb69-98d62a1b94bd&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=e06160ac-651d-4e00-8de7-6426066579f3&expires=30&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&gdpr=&gdpr_consent= HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

Request Chain 180

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 181

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

Request Chain 186

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adform HTTP 302
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=283&user_id=8010eac9-6c0c-4bce-b3b0-5be36252e8d1&expires=1&user_group=5&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=283&user_id=8010eac9-6c0c-4bce-b3b0-5be36252e8d1&expires=1&user_group=5&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=21cf22d5-2664-495a-95fe-b0fee6a3d83b&adform_v=1

Request Chain 187

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 188

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1ecd9990-1b82-4760-a0c7-c82bde10f457

Request Chain 207

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adform HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=2a80af29-2897-44e5-b5da-50c04919772a&user_group=1&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd

Request Chain 208

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 209

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

Request Chain 214

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=93&user_id=a442fbe8-bdb4-4220-808c-55a86f50264b&expires=30&ssp=adform&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21} HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

Request Chain 215

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 216

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

Request Chain 221

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://ums.acuityplatform.com/bum?tpid=29&uid=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&bidswitch_ssp_id=adform HTTP 302
https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

Request Chain 222

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 223

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

Request Chain 228

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://ums.acuityplatform.com/bum?tpid=29&uid=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&bidswitch_ssp_id=adform HTTP 302
https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

Request Chain 229

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 230

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

Request Chain 249

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=93&user_id=a442fbe8-bdb4-4220-808c-55a86f50264b&expires=30&ssp=adform&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21} HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

Request Chain 250

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 251

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

Request Chain 260

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=adform&ssp_user_id=96763ec5-fa40-4a5c-bb69-98d62a1b94bd HTTP 302
https://x.bidswitch.net/sync?dsp_id=74&&user_id=180896460&expires=5&ssp=adform HTTP 302
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

Request Chain 261

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 262

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

Request Chain 267

https://x.bidswitch.net/sync?ssp=adform HTTP 302
https://ums.acuityplatform.com/bum?tpid=29&uid=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&bidswitch_ssp_id=adform HTTP 302
https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

Request Chain 268

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

Request Chain 269

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID HTTP 302
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

Request Chain 341

https://mediaintelligence.de/trck/eview/d03c861535324350b0ad97ff284ec795 HTTP 301
https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_1.jpg

Request Chain 344

https://mediaintelligence.de/trck/eview/d03c861535324350a884072b350f2094 HTTP 301
https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg

Request Chain 347

https://mediaintelligence.de/trck/eview/d03c861535324350a884072b350f2094 HTTP 301
https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg

Request Chain 350

https://token.rubiconproject.com/token?pid=25470&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AzRlRMNzEtNS03NFVT&gdpr=1

Request Chain 352

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGRjNjEyM2ViY2I2YTY4MmZiNDhmMjQ5NThkZGJiMjhhMWZlYjE5MA&gdpr=1

Request Chain 353

https://token.rubiconproject.com/token?pid=26594&gdpr=1 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KP3FTL71-5-74US&sigv=1&esig=2~c2739ced0762a75041aee14209ca9ffd5eb772f5&gdpr=1

Request Chain 355

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=e06160ac-651d-4e00-8de7-6426066579f3&gdpr=1&gdpr_consent=

Request Chain 356

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=1 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=1&_test=YKxlIAABOunkDQAC HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YKxlIAABOunkDQAC&gdpr=1&_test=YKxlIAABOunkDQAC

Request Chain 357

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEKLQB7y9SH0cNW6q1HzEapY&google_cver=1

Request Chain 368

https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=https%3A%2F%2Fww3.read7deadlysins.com%2F&r=pbjs&pbv=4.38.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fww3.read7deadlysins.com%2F&gdpr=1&gdprcs= HTTP 302
https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?ct=1&rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=https%3A%2F%2Fww3.read7deadlysins.com%2F&r=pbjs&pbv=4.38.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fww3.read7deadlysins.com%2F&gdpr=1&gdprcs=

Request Chain 378

https://mediaintelligence.de/trck/eview/ba4f619de1bd236c67be15f740811830 HTTP 301
https://data.mediaintelligence.de/min/144_Smartbroker_CPL_51382/300x250_SB_Banner.jpg

Request Chain 395

https://sync.1rx.io/usersync2/eplanning HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=437159879 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=437159879 HTTP 302
https://sync.1rx.io/usersync/tradedesk/8cccad4d-f8ca-40c3-becb-9f6f4529677f HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-a80475b1-c3f5-4708-bdf9-74fca0e72ea2-003?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-a80475b1-c3f5-4708-bdf9-74fca0e72ea2-003%26dc%3D1079cc634ca638f8%26iss%3D1 HTTP 302
https://sync.e-planning.net/um?uid=RX-a80475b1-c3f5-4708-bdf9-74fca0e72ea2-003&dc=1079cc634ca638f8&iss=1

Request Chain 396

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3c01f1a5a54da346%26fi%3D7ee17fe7d3e03b5c%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3c01f1a5a54da346%26fi%3D7ee17fe7d3e03b5c%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://u-ams02.e-planning.net/um?dc=3c01f1a5a54da346&fi=7ee17fe7d3e03b5c&uid=edf1204a70d52facc537c065

Request Chain 398

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEJiO0rIiyQm6ccmsPnn3XFA&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 399

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=69f0256b-050d-452b-9f6b-bab7bc0fb8e0&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 401

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=0715225b-f102-4bd2-bd07-b6d7c612b821&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 405

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=994a22a0-e7f1-4d6f-b3bc-ce6355ee4578&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 406

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=f3ba2e77-97da-45f5-7357-a273a81b0e6f&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=f3ba2e77-97da-45f5-7357-a273a81b0e6f&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=25885009265536702870648397769354532895&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 408

https://bn01.er.bemail.it/zeotap.php?_bid=f3ba2e77-97da-45f5-7357-a273a81b0e6f&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021052504-93320-0.647778001621910820-9f83b0667b24748c938bb8a921ca5b79&zdid=533&env=mWeb

Request Chain 409

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=6966053928932604049&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 411

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f3ba2e77-97da-45f5-7357-a273a81b0e6f&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f3ba2e77-97da-45f5-7357-a273a81b0e6f&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361&bounce=1&random=3451212536 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=w1xv0HPsv8AiJ/2pHFC4ze&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 413

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=f3ba2e77-97da-45f5-7357-a273a81b0e6f?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=f3ba2e77-97da-45f5-7357-a273a81b0e6f?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?pid=facca241c63ca8199331b99307eb2022&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 414

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-QMjvUwtE2or1Y9OOVIkdjFHjex5XoOgAOA--~A&zpartnerid=570&env=mWeb

Request Chain 415

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=rJhCN5a4qAlB8J4AqLHFGcb0V8K%2FMlHW%2BS41iYitP1U%3D

Request Chain 419

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361&_test=YKxlJAABO7EdGAAC HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YKxlJAABO7EdGAAC&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&_test=YKxlJAABO7EdGAAC

Request Chain 420

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=18e560ac-6524-4700-b1cb-263fe7e44071&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 421

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Request Chain 422

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f3ba2e77-97da-45f5-7357-a273a81b0e6f&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f3ba2e77-97da-45f5-7357-a273a81b0e6f&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&dcc=t

Request Chain 423

https://tags.bluekai.com/site/87734?id=f3ba2e77-97da-45f5-7357-a273a81b0e6f&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 426

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58424/occ?verify=true HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-bsV.hEBE2uFoPpKKg3V5IfGVwgDZO0A5xt0Ab.0-~A

Request Chain 427

https://pixel.advertising.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP7abd4dc7-bd03-11eb-a78d-021cb66ba9e4 HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-video&uid=UP7abd4dc7-bd03-11eb-a78d-021cb66ba9e4

Request Chain 428

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
https://sync.quantumdex.io/setuid?bidder=between&uid=686ae0d2-76de-5291-800d-ac33e0a1c917

Request Chain 429

https://prebid.a-mo.net/cchain/0?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Damx-rtb%26uid%3D HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%253D%26uid%3D$UID HTTP 302
https://prebid.a-mo.net/cchain/0?A=e842c4be-8e4c-48df-89fe-ff654616f38f&bidder=appnexus&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=47704007168200876 HTTP 302
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%253D%26uid%3D$UID HTTP 307
https://prebid.a-mo.net/cchain/1?A=e842c4be-8e4c-48df-89fe-ff654616f38f&bidder=sovrn&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0=&uid=edf1204a70d52facc537c065 HTTP 302
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%253D%26uid%3D HTTP 302
https://prebid.a-mo.net/cchain/2?A=e842c4be-8e4c-48df-89fe-ff654616f38f&bidder=index_rtb&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=YKxlJKt8N801-S2oyddwCgAA%261103 HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F3%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dpubmatic%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%253D%26uid%3D HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F3%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dpubmatic%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%253D%26uid%3D HTTP 302
https://prebid.a-mo.net/cchain/3?A=e842c4be-8e4c-48df-89fe-ff654616f38f&bidder=pubmatic&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid= HTTP 302
https://sync.quantumdex.io/setuid?bidder=amx-rtb&uid=e842c4be-8e4c-48df-89fe-ff654616f38f

Request Chain 430

https://nep.advangelists.com/xp/user-sync?acctid=416&&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dadvangelists%26uid%3D%7BPARTNER_VISITOR_ID%7D HTTP 302
https://sync.quantumdex.io/setuid?bidder=advangelists&uid=av-1e10aa6b-50a2-481f-ae36-f75921277c6d

Request Chain 431

https://ms.quantumdex.io/user/sync/quantumdex HTTP 302
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=8039a214-457c-4404-a1bd-28c724364cb2

Request Chain 432

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=47704007168200876

Request Chain 433

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=edf1204a70d52facc537c065

Request Chain 435

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Danswermedia%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=47704007168200876

Request Chain 436

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danx152media%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Danx152media%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=anx152media&uid=47704007168200876

Request Chain 440

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1

Request Chain 443

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKxlJKt8N801_S2oyddwCgAABE8AAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKxlJKt8N801_S2oyddwCgAABE8AAAAB&dcc=t

Request Chain 444

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YKxlJKt8N801_S2oyddwCgAABE8AAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEM6KejS1dAxBW2ztfZPLxAM&google_cver=1

Request Chain 446

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YKxlJKt8N801-S2oyddwCgAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPzDAoRLdOHc_9HfZS2Mkik&google_cver=1&gdpr=1

Request Chain 447

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=785YVO_LCwP0n19RuMYUB72cCwX0mAgD7JhfT3LH

Request Chain 448

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=Tb75WkEH1LLn5W5&gdpr=1

Request Chain 458

https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=https%3A%2F%2Fww3.read7deadlysins.com%2F&r=pbjs&pbv=4.38.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fww3.read7deadlysins.com%2F&gdpr=1&gdprcs= HTTP 302
https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?ct=1&rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=https%3A%2F%2Fww3.read7deadlysins.com%2F&r=pbjs&pbv=4.38.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fww3.read7deadlysins.com%2F&gdpr=1&gdprcs=

462 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ww3.read7deadlysins.com/
Redirect Chain

https://ww2.read7deadlysins.com/
http://ww3.read7deadlysins.com/
https://ww3.read7deadlysins.com/

25 KB
5 KB

237ms
236ms

Document
text/html

2606:4700:3038::6815:eb94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ww3.read7deadlysins.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3038::6815:eb94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b1dc86d362bc28c09d795e03eeb0fe019fd32ce2679ba9541772e41b9c23530

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: ww3.read7deadlysins.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IldCL2RuUnE5TWZMckdRMVhnRzV4MUE9PSIsInZhbHVlIjoiVG91Ny9iQUQyS0FCV1VqR2Nua0MraVZXUGh3ZFZRa010S2IzWHFtbENNQzVOSlJXSzR4VzdSMDVrUzhxalVOU29RNVJNL3F4anVsZXdwZjc5SHNpVWMwTXAveGhiV2VGcmsrUEZaSDdBUzlTQ3hDaTJJNDZiU0Z6bmV4Njg5bWYiLCJtYWMiOiI0NzlkODI1OThkODQwNWZlOTc5ZGU1MWU5NzQ1OWQ2MDY4ZWI0NDBmMThlY2U3ZjI4YWM2ZmU0YmNhZTMwZGYxIn0%3D; expires=Tue, 25-May-2021 04:46:53 GMT; Max-Age=7200; path=/; samesite=lax read_7_deadly_sins_manga_session=eyJpdiI6Ik0veWVJbnNuaHoxMS81N0VveWVvWGc9PSIsInZhbHVlIjoiTldWVURRQWI5amtmODJtbDRicmFtbnF1THJ6eXFKNitLYmRjT3RUOFY3eVNDellSa1F3bUovTXJXR2ZjNEJSY1EzRXNaYjJqN1A1U3dTUllrL2xiUVRoVHVPSkQybDZERHFWSmlwVER4ZkpRcnppNVJGc25NaHFJYWg4bkVMZlEiLCJtYWMiOiI3NmJmNTdkMmViYzkzMTk4MzQ5YzkzNWU0NmI5ZTM4ODU0YjFlYjhjY2UzZjU5MmRmMWU2ODA0NTZhY2ZkNmQyIn0%3D; expires=Tue, 25-May-2021 04:46:53 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
cf-request-id: 0a4304109700002bad848b6000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GRBNEwEGc99Nbme%2FWIruSRZRaGXnjWiZqcBlmF1PpysJtgiUz8XRN2uxSQZDyNDNKEtg2%2FDQL0Alq9oq1DCKUzbDJGW8KgyF2Ez8Z96OqelP6YxEUlR96v5%2FckUlLj2HMUb8xeJDMWp36%2FgK7o79CW8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 654b6f942f662bad-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date: Tue, 25 May 2021 02:46:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 25 May 2021 03:46:52 GMT
Location: https://ww3.read7deadlysins.com/
cf-request-id: 0a4304108900004df4deaa7000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XzrA0v689WOfBnKRZryBihs9F6sbOhLfUMeJDMjKEUY3SGtv5zc8kGByG5ZLxAGOcYsMfWjik1tiXi9SDGPUBO3LYdg6qw80C9MBVxzf7%2BuJdtRoaB8zgcDNg4Z%2BVMewySu%2BjpLaxO3cq1r%2FRrErPvY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 654b6f940ba74df4-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3-29 200 app.css
ww3.read7deadlysins.com/css/ 12 KB
4 KB 24ms
12ms Stylesheet
text/css 2606:4700:3038::6815:eb93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ww3.read7deadlysins.com/css/app.css?id=174561909a91adcf8026

Requested by

Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3038::6815:eb93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e08c294c8231ec572510659df34092e05d02680dc3c4738bf2cf33c398d41df8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/app.css?id=174561909a91adcf8026
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IldCL2RuUnE5TWZMckdRMVhnRzV4MUE9PSIsInZhbHVlIjoiVG91Ny9iQUQyS0FCV1VqR2Nua0MraVZXUGh3ZFZRa010S2IzWHFtbENNQzVOSlJXSzR4VzdSMDVrUzhxalVOU29RNVJNL3F4anVsZXdwZjc5SHNpVWMwTXAveGhiV2VGcmsrUEZaSDdBUzlTQ3hDaTJJNDZiU0Z6bmV4Njg5bWYiLCJtYWMiOiI0NzlkODI1OThkODQwNWZlOTc5ZGU1MWU5NzQ1OWQ2MDY4ZWI0NDBmMThlY2U3ZjI4YWM2ZmU0YmNhZTMwZGYxIn0%3D; read_7_deadly_sins_manga_session=eyJpdiI6Ik0veWVJbnNuaHoxMS81N0VveWVvWGc9PSIsInZhbHVlIjoiTldWVURRQWI5amtmODJtbDRicmFtbnF1THJ6eXFKNitLYmRjT3RUOFY3eVNDellSa1F3bUovTXJXR2ZjNEJSY1EzRXNaYjJqN1A1U3dTUllrL2xiUVRoVHVPSkQybDZERHFWSmlwVER4ZkpRcnppNVJGc25NaHFJYWg4bkVMZlEiLCJtYWMiOiI3NmJmNTdkMmViYzkzMTk4MzQ5YzkzNWU0NmI5ZTM4ODU0YjFlYjhjY2UzZjU5MmRmMWU2ODA0NTZhY2ZkNmQyIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: ww3.read7deadlysins.com
referer: https://ww3.read7deadlysins.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 282697
cf-polished: origSize=12032
x-server-powered-by: Engintron
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a4304119300001f215825c000000001
x-nginx-upstream-cache-status: STALE
last-modified: Sun, 13 Dec 2020 06:03:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pvZWqppbs6QtbkE%2FDnjC8p0EmUE60LqophBxmXJ71JlWf4wffZG%2FqUR6DON%2FwmrX4NdRssXjbX88ihjU2ESDDB3yRMSr0OV3YaV31FXNvZJADqv69D227ZCfLX5R5qeLKDn9XgcKF6KlBrRCaRVfXmc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cf-ray: 654b6f95b9e81f21-FRA
expires: Sun, 20 Jun 2021 20:15:16 GMT

GET
H2 200 IWdMiG9.png
i.imgur.com/ 12 KB
12 KB 33ms
13ms Image
image/png 151.101.112.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/IWdMiG9.png

Requested by

Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

a733719e0ba21dbd1a691a459642d9037d594d70b0026b25836b6f75b290e5f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
x-content-type-options: nosniff
age: 2126554
x-cache: HIT, HIT
content-length: 12352
x-served-by: cache-bwi5173-BWI, cache-hhn4033-HHN
last-modified: Tue, 30 Jul 2019 11:59:29 GMT
server: cat factory 1.0
x-timer: S1621910813.086080,VS0,VE0
etag: "a3f5ceb17a617e1c28cad27623b77254"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 22

GET
H2 200 kIVlOWS.png
i.imgur.com/ 18 KB
19 KB 27ms
8ms Image
image/png 151.101.112.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/kIVlOWS.png

Requested by

Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

162eaee62eb9c97924a1b8a991f01364cc21b515c75de25810219c5396bd0bb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
x-content-type-options: nosniff
age: 3960248
x-cache: HIT, HIT
content-length: 18887
x-served-by: cache-bwi5160-BWI, cache-hhn4033-HHN
last-modified: Tue, 30 Jul 2019 11:59:28 GMT
server: cat factory 1.0
x-timer: S1621910813.086114,VS0,VE0
etag: "b6667f12053f4b82d0d91e4516b36b44"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 22

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
5 KB 28ms
10ms Script
application/javascript 2606:4700::6810:a723
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a723 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-request-id: 0a4304119b00001456ac126000000001
last-modified: Wed, 19 May 2021 09:21:20 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"60a4d890-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2qK4dPaFyCjl3cdj6BebZDb%2Bnyf7mBrpCLvL7App%2FH%2BloDVzHVPVDseELOfFpg%2BTYcbjzKKbgDr%2FwhnU3%2BBYC8w5e5pTXnN8U67uv1lnnGLSp4y6EtonU%2BzxFIvY6awmeDMX%2BNH2fMF%2BygV4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 654b6f95cc0c1456-FRA
expires: Thu, 27 May 2021 02:46:53 GMT

GET
H2 200 OjeMpsM.png
i.imgur.com/ 253 KB
253 KB 13ms
12ms Image
image/png 151.101.112.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/OjeMpsM.png

Requested by

Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

3ebc579d2a5ea97acdb56edfb0e2a98e4d41f4f3db179fc1847bd50251d2251e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
x-content-type-options: nosniff
age: 2742518
x-cache: HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 259184
x-served-by: cache-bwi5132-BWI, cache-hhn4033-HHN
last-modified: Wed, 15 Jan 2020 17:37:03 GMT
server: cat factory 1.0
x-timer: S1621910813.095979,VS0,VE5
etag: "55ce2a027cb59b529866b90c37a711cc"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H3-29 200 site.js Show response
ww3.read7deadlysins.com/js/ 2 KB
2 KB 13ms
13ms Script
application/javascript 2606:4700:3038::6815:eb93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ww3.read7deadlysins.com/js/site.js?id=ca2a20a8c234365793d1

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3038::6815:eb93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48006243aa1ece4f57a63dbe9c95e67f68b04c3caec2bbd87eebd63f7a7368b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/site.js?id=ca2a20a8c234365793d1
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IldCL2RuUnE5TWZMckdRMVhnRzV4MUE9PSIsInZhbHVlIjoiVG91Ny9iQUQyS0FCV1VqR2Nua0MraVZXUGh3ZFZRa010S2IzWHFtbENNQzVOSlJXSzR4VzdSMDVrUzhxalVOU29RNVJNL3F4anVsZXdwZjc5SHNpVWMwTXAveGhiV2VGcmsrUEZaSDdBUzlTQ3hDaTJJNDZiU0Z6bmV4Njg5bWYiLCJtYWMiOiI0NzlkODI1OThkODQwNWZlOTc5ZGU1MWU5NzQ1OWQ2MDY4ZWI0NDBmMThlY2U3ZjI4YWM2ZmU0YmNhZTMwZGYxIn0%3D; read_7_deadly_sins_manga_session=eyJpdiI6Ik0veWVJbnNuaHoxMS81N0VveWVvWGc9PSIsInZhbHVlIjoiTldWVURRQWI5amtmODJtbDRicmFtbnF1THJ6eXFKNitLYmRjT3RUOFY3eVNDellSa1F3bUovTXJXR2ZjNEJSY1EzRXNaYjJqN1A1U3dTUllrL2xiUVRoVHVPSkQybDZERHFWSmlwVER4ZkpRcnppNVJGc25NaHFJYWg4bkVMZlEiLCJtYWMiOiI3NmJmNTdkMmViYzkzMTk4MzQ5YzkzNWU0NmI5ZTM4ODU0YjFlYjhjY2UzZjU5MmRmMWU2ODA0NTZhY2ZkNmQyIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ww3.read7deadlysins.com
referer: https://ww3.read7deadlysins.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 475396
x-server-powered-by: Engintron
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430411cf00001f21faacf000000001
x-nginx-upstream-cache-status: STALE
last-modified: Sun, 13 Dec 2020 06:03:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=36A%2BOcz7d%2F8tQZ7dEHvsz9xXwe%2FKn3PLxDNvWVYyL9%2FSaTTa8A4e0YfFwdPHs57UDFwCWMCOQy6eJKS22jAJ%2FdqsD3TU9OYfcPOJ4fdUQE%2BFZn3SnUNY8sVByrwcF3nv%2BZj7AaIXW8HYP9UUYq5gEqQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cf-ray: 654b6f961a3e1f21-FRA
expires: Fri, 18 Jun 2021 14:43:37 GMT

GET
H3-29 200 ads.js Show response
ww3.read7deadlysins.com/js/ 17 B
698 B 12ms
11ms Script
application/javascript 2606:4700:3038::6815:eb93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ww3.read7deadlysins.com/js/ads.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3038::6815:eb93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46220b9b3ca7fbfdd2450e6ee0039dcc9e10c6a7e9c7fcbc67eb4dba65bf5525

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/ads.js
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IldCL2RuUnE5TWZMckdRMVhnRzV4MUE9PSIsInZhbHVlIjoiVG91Ny9iQUQyS0FCV1VqR2Nua0MraVZXUGh3ZFZRa010S2IzWHFtbENNQzVOSlJXSzR4VzdSMDVrUzhxalVOU29RNVJNL3F4anVsZXdwZjc5SHNpVWMwTXAveGhiV2VGcmsrUEZaSDdBUzlTQ3hDaTJJNDZiU0Z6bmV4Njg5bWYiLCJtYWMiOiI0NzlkODI1OThkODQwNWZlOTc5ZGU1MWU5NzQ1OWQ2MDY4ZWI0NDBmMThlY2U3ZjI4YWM2ZmU0YmNhZTMwZGYxIn0%3D; read_7_deadly_sins_manga_session=eyJpdiI6Ik0veWVJbnNuaHoxMS81N0VveWVvWGc9PSIsInZhbHVlIjoiTldWVURRQWI5amtmODJtbDRicmFtbnF1THJ6eXFKNitLYmRjT3RUOFY3eVNDellSa1F3bUovTXJXR2ZjNEJSY1EzRXNaYjJqN1A1U3dTUllrL2xiUVRoVHVPSkQybDZERHFWSmlwVER4ZkpRcnppNVJGc25NaHFJYWg4bkVMZlEiLCJtYWMiOiI3NmJmNTdkMmViYzkzMTk4MzQ5YzkzNWU0NmI5ZTM4ODU0YjFlYjhjY2UzZjU5MmRmMWU2ODA0NTZhY2ZkNmQyIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ww3.read7deadlysins.com
referer: https://ww3.read7deadlysins.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 475396
cf-polished: origSize=18
x-server-powered-by: Engintron
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17
cf-request-id: 0a430411d000001f213f03d000000001
x-nginx-upstream-cache-status: STALE
last-modified: Sun, 13 Dec 2020 06:03:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wWGtgR2LyBTc33SdfLgf17IgEGvSP9MNfhMF67xpKm658B4bfd4aGc8ISz%2FQ0nhjlGV1LFfqPGIY32LaR1Srgf4vxp4XZleU0YBb2E8LAd8et7SbYzIEzdveNAT74e%2BL06ImbkZ%2BRbL2ToRiLshs7k8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 654b6f961a3f1f21-FRA
expires: Fri, 18 Jun 2021 14:43:37 GMT

GET
H2 200 async.php Show response
platform.bidgear.com/ 705 B
1 KB 118ms
101ms Script
text/plain 2606:4700:20::ac43:4a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.bidgear.com/async.php?domainid=1042&sizeid=16&zoneid=3323&k=5c8f8377499d1
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c668e2916d4f9aeacbb6f545a645f0882204e7e3928b3f62b5aff3de136c1c5

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a430411e300001f315cbdf000000001
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
date: Tue, 25 May 2021 02:46:53 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=AdCSfMEeEICbsQHDZu9mruV6oU%2FnZIRQxfxCqa3ptPZTzpJCyzkOgXHM%2Fx5Q0QBOF93nkzCvTTzpwpqRS4SyZQpu95PpTM62sSEWrxd2u3UsWYlQXz52ry2Y8%2B%2Bgt4PUsO7FFaxWGeRCX50Ohg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cf-ray: 654b6f963c3a1f31-FRA

GET
H2 200 / Show response
services.vlitag.com/adv1/ 932 B
1 KB 167ms
149ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://services.vlitag.com/adv1/?q=87216b358402869b1c0e66facfc9ae3c

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e341bb94a8fd7ddf5bd346fbed337cbc9b00c29f10a9fe70b9f31f876ffdbd29

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430411e60000c27752161000000001
pragma: no-cache
last-modified: Tue, 25 May 2021 02:46:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Wo2fgtgqoxa3ngx9kuCihtT%2B7ZHHsblzXhePaTadylEwhhTtq2OA9lqc6HpKP3yu1qnbI0u%2BkKVtUarCFZylcqTZUOaPeWc3wdiBBKxmiu%2FRnR5cFQdM7ewbOfCakmzjOEHWLdvrg1VGcXjQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
cf-ray: 654b6f963809c277-FRA
expires: on, 01 Jan 1970 00:00:00 GMT

GET
H2 200 t.js Show response
runwaff.com/ 18 KB
19 KB 70ms
38ms Script
application/javascript 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 992adf6b1778a71c66f0bc5d32bd71f686c2cfe115efbf8d542e31f1c4015cc8

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: pCrPKRwzRRAe3U92lepsd96SmKxRrLfV2AYDiBfMAtyrcwumUi4OHg==
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4617
date: Tue, 25 May 2021 01:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Tue, 25 May 2021 03:29:56 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
12ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1139839323&t=pageview&_s=1&dl=https%3A%2F%2Fww3.read7deadlysins.com%2F&ul=en-us&de=UTF-8&dt=Read%20Nanatsu%20no%20taizai%2F7%20Deadly%20Sins%20Manga%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1645664027&gjid=1846556575&cid=1334050034.1621910813&tid=UA-149279885-2&_gid=568473163.1621910813&_r=1&_slc=1&z=1728463653

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ww3.read7deadlysins.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
93 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-149279885-2&cid=1334050034.1621910813&jid=1645664027&gjid=1846556575&_gid=568473163.1621910813&_u=IEBAAEAAAAAAAC~&z=1469242294

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 25 May 2021 02:46:53 GMT
content-type: text/plain
access-control-allow-origin: https://ww3.read7deadlysins.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame E9D6 62 KB
21 KB 39ms
16ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e6292fd056e7b8352b28cf7d4a34e9af8e8eb88baee294fd625d917122332a6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "882 / 56 of 1000 / last-modified: 1621894198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21354
x-xss-protection: 0
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 user Show response
runwaff.com/ Frame B0FA 3 KB
3 KB 37ms
37ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=c45f858cb8b4b094b8b6229bad96a54e7&cb=1556561621910813230
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8e3e3d82bd605e9b6484ef5ad816eba871aa1fb5a45033eb8b7f82ae39d07ac6

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /user?i=u1dvjpo9e55sy80hm5&a=c45f858cb8b4b094b8b6229bad96a54e7&cb=1556561621910813230
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: VNz_3X6YKu2Yp60aDJI2rVBE5n09SqV7JdGPYYvRxPdu0xyse7sejQ==

GET
H2 200 user Show response
runwaff.com/ Frame 5C03 9 KB
9 KB 33ms
33ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 0uIqykWH_LGj77Sy6yjvxWw8ElAtjf66k-cMS3b_XLHun1OVlQ85jw==

GET
H2 200 usync Show response
runwaff.com/ Frame 66D5 9 KB
9 KB 33ms
33ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: -tKB71muG8tuWu9MbTn9RoeveGn5uJ2W2DZobs6a2ysK7NyKI4RHMw==

GET
H2 200 syncro Show response
runwaff.com/ Frame CC17 9 KB
9 KB 33ms
33ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: Rfy0RspwZttqOLID76H9IdlaWUisBgtaCf39MoJ647V-PzV8ehcnPA==

GET
H2 200 stat Show response
runwaff.com/ Frame 2E24 2 KB
1 KB 36ms
36ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 806cc912d72e22caa84fdd0472a0ee11804e9a58ad489486456a8a0551194d91

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: CgK2pEibFOjN-fVMqWoztnLsYHAb_tmri0Bfmd5B9uLONFCHyuQzFg==

GET
H2 200 user Show response
runwaff.com/ Frame 843E 9 KB
9 KB 37ms
37ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=60f0e959e67789b550dbbeaa782904915&cb=9059651621910813235
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /user?i=u1dvjpo9e55sy80hm5&a=60f0e959e67789b550dbbeaa782904915&cb=9059651621910813235
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: -H-BDETAe4oNNuCdbt6uW39Fu6WVPpC3LAXMI-LKQGUqlfdv03NoSQ==

GET
H2 200 usync Show response
runwaff.com/ Frame DAC4 9 KB
9 KB 55ms
55ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: n9FtpQdGHbvvkNpwAZxiTorhDo_5leTlno33S1ObEjiBtCx28ruyIw==

GET
H2 200 usersync Show response
runwaff.com/ Frame 1216 9 KB
9 KB 54ms
54ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/usersync?i=u1dvjpo9e55sy80hm5&a=05bcf34b3dc8ef781ff91667b6cbe5da7&cb=6771261621910813237
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /usersync?i=u1dvjpo9e55sy80hm5&a=05bcf34b3dc8ef781ff91667b6cbe5da7&cb=6771261621910813237
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 2YM_SPah9JmeNUpLJjYNjZgrFK15s2mQ8f42k6soU3Xv4876o3zKhg==

GET
H2 200 count Show response
runwaff.com/ Frame EB94 2 KB
2 KB 58ms
57ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 64b5cfb02beff3a924affa15dcac21c407ccb8d723cb6a5d93aad4f94cdfb73a

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
content-length: 1710
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: bs0od4gx77K9YAinOxTTGwOgj-8QSIzrlryxevStCYF1rC_-oGetzw==

GET
H2 200 user Show response
runwaff.com/ Frame 8D02 2 KB
2 KB 59ms
58ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=69a1ae274eff659621cc5da174992f8b3&cb=5820761621910813239
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 6ed07947c2ba39356b45c1cb6b84d7a6cd8f1172b0cb7af6e31e838196a994a5

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /user?i=u1dvjpo9e55sy80hm5&a=69a1ae274eff659621cc5da174992f8b3&cb=5820761621910813239
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
content-length: 1633
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: KOYn-tKbGgS27EtCbWbLJPA2j9rLGcbf12l_1YGt8yAcrjGso1Ja0A==

GET
H2 200 stat Show response
runwaff.com/ Frame 5494 3 KB
3 KB 58ms
58ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=3191181510d1c5163e53c1097b6d94291&cb=3371671621910813240
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 7cd25cfdaa711da7ba54081aaf6d9962b606b5f3269b446c1096f7cb7a065026

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /stat?i=u1dvjpo9e55sy80hm5&a=3191181510d1c5163e53c1097b6d94291&cb=3371671621910813240
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: CUrhH5CyiPoRuMOdDqFprrMIDb-WD64TiirgGYJOFfI6bTc6m64WLw==

GET
H2 200 counter Show response
runwaff.com/ Frame B222 9 KB
9 KB 56ms
56ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/counter?i=u1dvjpo9e55sy80hm5&a=d76c2da8c12daa85f1437d954f94f8843&cb=6061601621910813241
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /counter?i=u1dvjpo9e55sy80hm5&a=d76c2da8c12daa85f1437d954f94f8843&cb=6061601621910813241
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 0mry0vH0EFfI4wJ_NGrKBJpFYaMaooRzu9-NCKDo-FXbu6AXlmJk_Q==

GET
H2 200 user Show response
runwaff.com/ Frame 8DE9 9 KB
9 KB 56ms
55ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: NO2PEbVreD9f6CAwKjY6tBRDbAaAohOisagwOqnrZC9roNbGmJbMIA==

GET
H2 200 async_usersync Show response
runwaff.com/ Frame 865F 2 KB
2 KB 56ms
56ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 24fb697da0be2b16388fb4cebaac3f1bfd1ef924bff56e4a22cf52755eb7dc21

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
content-length: 1678
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: PWnam71oUZmELUWiTQQSyfE124-lNvtf6WgMPcf6VQFx6Ht3rrXEdw==

GET
H2 200 stat Show response
runwaff.com/ Frame 1D1C 9 KB
9 KB 61ms
61ms Document
text/html 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=8fea93fb728874b1628b7aac65a76abf3&cb=0112131621910813244
Requested by: Host: runwaff.com
URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: 8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26

Request headers

:method: GET
:authority: runwaff.com
:scheme: https
:path: /stat?i=u1dvjpo9e55sy80hm5&a=8fea93fb728874b1628b7aac65a76abf3&cb=0112131621910813244
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSID=ba8a5682a6c135605ca393219c9ca3cc1235ef2f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 25 May 2021 02:46:53 GMT
x-cache: Miss from cloudfront
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: g5LaDYG3IYNrb3R-Ku5d2H1pE9urm_lClMKIW1tZ_PrrJNaWWnNTrw==

GET
H2 200 html Show response
platform.bidgear.com/ 5 KB
2 KB 122ms
122ms Script
application/javascript 2606:4700:20::ac43:4a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.bidgear.com/html?domainid=1042&sizeid=16&zoneid=3323&wu=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: platform.bidgear.com
URL: https://platform.bidgear.com/async.php?domainid=1042&sizeid=16&zoneid=3323&k=5c8f8377499d1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eae285748696647e5f55068eb05a214172c9e19ac96fcb2700e73507fba62060

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WTb3OtTMk4T6uRdOARTrXDdC%2FLmYe5eyczde19QobCwJw%2BVUvmrzmFSkS384oPKmCFOOcAz9T3RZhgZyoIHqQBNHMyzlmX0R%2B%2B5DYhnSfq3T3d95DNKF430nJgXyqiBaobtOGLImVMAPVhq3%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
cf-ray: 654b6f96dca61f31-FRA
cf-request-id: 0a4304124700001f312e148000000001
expires: 0

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 5C03 302 KB
88 KB 63ms
30ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6e10WC6nfThBKl0eTqXGLcQKPjSAxhmTYjukoLnfnEHgXkeUlVHrK4Yy%2BJ32NXxD5fdK6%2F2cfw9auQrkh0Bk53iqL%2FwZLJg6a%2Brvsx3LIE87rRGBrG0dR%2FFcz6klzPGVO602xbqm"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a4304127800002b954c2ee000000001
cf-ray: 654b6f972f542b95-FRA

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 66D5 302 KB
88 KB 45ms
24ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4GJK2ieNRMsHNpxDDQPSRg8oYH383wAT5CLMOm177Pvs9uWzJfXbNoSGD%2B7A6W46CotyFc3sI%2F9tKCitWeQ07kSTTPWhTnfoqtKeavj3RmLzQbWvyFeMtHRxVC7uoodaGhK7fevw"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a4304127800002b9537213000000001
cf-ray: 654b6f972f552b95-FRA

GET
H3-29 200 pubads_impl_2021051801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame E9D6 308 KB
108 KB 31ms
15ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

77e7ad71599b73f06bcaea11c25e128d50c80f6e7fb0cc10f317779fc285d954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 08:37:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110938
x-xss-protection: 0
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame CC17 302 KB
88 KB 39ms
31ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=w4g2AYzQ2iJ1TngRDFbIqwUSUaSWZjU3H1toYJKbpjazqj3oHR8yBQUq%2B6%2B8PtG%2FdlshWxmfxrfHrPUDBF3bxoh5%2BiDry1cbuGjFyxylZHH1MDHefGpMwaCpAmhv03Axn1BFZJR%2F"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a4304127800002b9526996000000001
cf-ray: 654b6f972f562b95-FRA

GET
H/1.1 200
OK 17210.js Show response
ads.rubiconproject.com/ad/ Frame B0FA 30 KB
9 KB 50ms
14ms Script
text/javascript 184.24.15.122
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/17210.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=c45f858cb8b4b094b8b6229bad96a54e7&cb=1556561621910813230
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.15.122 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-15-122.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: a969a9b32705092663a8c9019ac9835cf93fff0d525457961e309bf04dba1424

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=13173
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 8969
Expires: Tue, 25 May 2021 06:26:26 GMT

GET
H2 200 gen.js Show response
ads.themoneytizer.com/s/ Frame 2E24 4 KB
2 KB 26ms
7ms Script
text/html 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/gen.js?type=2
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: b780c05b9b8e1f7acff640ef794ca777ffa43e5d4354a84eebf3dd98975f8675

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
x-cache: HIT
content-type: text/html; charset=UTF-8
cache-control: max-age=86400
accept-ranges: bytes
content-length: 2127
expires: Wed, 26 May 2021 02:46:21 GMT

GET
H2 200 requestform.js Show response
ads.themoneytizer.com/s/ Frame 2E24 65 KB
12 KB 30ms
11ms Script
text/html 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 693834d499a766ee74d733e5045d73b669a47b0ddf4dc2d4122ceab6b54ffc59

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
x-cache: HIT
content-type: text/html; charset=UTF-8
cache-control: max-age=86400
accept-ranges: bytes
expires: Wed, 26 May 2021 02:46:53 GMT

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 843E 302 KB
88 KB 27ms
27ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=60f0e959e67789b550dbbeaa782904915&cb=9059651621910813235
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2FlkRA1b7gYuV4OaiJQzBwDz7h%2BHn8Q7whBPEkzmlzDGaUa4zf88bhhBL%2BRxUHMJ%2BWCGqM%2FvqydSaDe9R8cF5Yg3GADKUk8PK1kficEJyVso5FKDQSJrVAcAAgg6aHqUqDoeTkaAU"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a4304128700002b956025d000000001
cf-ray: 654b6f973f6d2b95-FRA

GET
H3-29 200 / Show response
services.vlitag.com/uv/ 13 B
704 B 161ms
141ms XHR
application/json 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://services.vlitag.com/uv/?page_url=https%3A%2F%2Fww3.read7deadlysins.com%2F&mtk=2044

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=87216b358402869b1c0e66facfc9ae3c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13
cf-request-id: 0a430412a80000dfef7222a000000001
pragma: no-cache
last-modified: Tue, 25 May 2021 02:46:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lmHsuEvjbXQkntZISdAMZyzN%2BzCRi5cqP8PhceHlByR5NdW3NirrIE8%2BxYF9avi9wfHeOYXhe6TBi31aaQk6NRD1DQrNszWidsVpgh9%2FmLmCarvXq6Mzfin1oLOHf3ZXWb1SKm4YjXJQ7vWq"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://ww3.read7deadlysins.com
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
cf-ray: 654b6f977d22dfef-FRA
expires: on, 01 Jan 1970 00:00:00 GMT

GET
H2 200 87216b358402869b1c0e66facfc9ae3c.js Show response
tag.vlitag.com/v1/1621740372/ 491 KB
110 KB 40ms
36ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=87216b358402869b1c0e66facfc9ae3c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdde27ec97ac7add8bf64ec101d653f8613c13ed50e518d3d5411b47c631e5d5

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 170435
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430412990000c2778b112000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZDP41%2FeXJTTiDuTU9DKVYIYvbrgJyZskgCHZNnXbsk%2B0mN7rV4uUpBsBG0eqa6TcaIXl3pwf6qixjQB0efGsfdXvdxwFWCIHujF%2BECMdzJmG2sed6yJ%2Ba1sD%2Bf7yqi7j%2BhRyamjSSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000, immutable
cf-ray: 654b6f9758e2c277-FRA

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame EB94 58 KB
24 KB 81ms
33ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/ Frame 8D02
Redirect Chain

https://secure.adnxs.com/ttj?id=18287125
https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D18287125

7 KB
4 KB

15ms
14ms

Script
application/javascript

185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D18287125

Requested by

Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=69a1ae274eff659621cc5da174992f8b3&cb=5820761621910813239

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

c19059678c29578778de4b6e42914180649090c8850e191ee65b04254e894ba2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.133:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: b4af3ba2-0335-4183-89a9-bb7703831540
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:53 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.132:80
AN-X-Request-Uuid: 85e2a129-7a55-4022-aaa5-d5e96992aa6c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D18287125
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK smart.js Show response
ced.sascdn.com/tag/1743/ Frame 5494 32 KB
11 KB 30ms
7ms Script
application/javascript 2.16.186.113
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ced.sascdn.com/tag/1743/smart.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=3191181510d1c5163e53c1097b6d94291&cb=3371671621910813240
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.113 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-113.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f462844cbf81aa595070b5a5174eaaccbed9d1e63db15a2e14b12cafd169bf1c

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Content-Encoding: gzip
Cache-Control: public, max-age=294
Content-Length: 11375
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 865F 22 KB
6 KB 253ms
25ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 pxl.jpg
runwaff.com/ 597 B
830 B 36ms
33ms Image
image/jpeg 13.225.74.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://runwaff.com/pxl.jpg?i=u1dvjpo9e55sy80hm5&s=784&p=https%3A%2F%2Fww3.read7deadlysins.com%2F&rstk=https%3A%2F%2Fww3.read7deadlysins.com%2F&h=6423491621910813358
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-55.fra2.r.cloudfront.net
Software: /
Resource Hash: af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
content-length: 597
x-amz-cf-id: SRBegUOI8Rn6CM4fVai_X3DHHAW1ssUwkN2f55gZqnjHoKcUtLQZiQ==
x-cache: Miss from cloudfront
content-type: image/jpeg; charset=UTF-8

GET
H/1.1 200
OK / Show response
g.themoneytizer.net/g/ Frame 2E24 26 B
270 B 96ms
57ms Script
text/html 145.239.193.145
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.themoneytizer.net/g/
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.193.145 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8c8543047af01eee8aec752d049f35aff3abc468628af82f9585117411786d8c

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Server: nginx
X-IPLB-Request-ID: B9DC46EC:848A_91EFC191:01BB_60AC651D_94B376:22DCB
X-IPLB-Instance: 29894
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 moneybile.js Show response
ads.themoneytizer.com/ Frame 2E24 38 KB
16 KB 9ms
8ms Script
application/javascript 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/moneybile.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
server: nginx
etag: "604b9fc7-981e"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 16267
expires: Wed, 26 May 2021 02:45:59 GMT

GET
H/1.1

200
OK

smart.js Show response
ced-ns.sascdn.com/diff/js/ Frame 2E24
Redirect Chain

https://ww1097.smartadserver.com/config.js?nwid=1097
https://ced-ns.sascdn.com/diff/js/smart.js

32 KB
10 KB

29ms
7ms

Script
application/x-javascript

2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ced-ns.sascdn.com/diff/js/smart.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b0f62a19b3816ea7dc2f9990b599ab78f203bb6006af805e5315d003e5fafc3b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 13:06:40 GMT
Server: AkamaiNetStorage
ETag: "dd5367de39ecf8e8013426a9e92e0f2a:1619615202.334496"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10033

Redirect headers

location: https://ced-ns.sascdn.com/diff/js/smart.js
date: Tue, 25 May 2021 02:46:52 GMT
content-length: 0

GET
H/1.1 200
OK / Show response
c.tmyzer.com/c/ Frame 2E24 0
272 B 85ms
22ms XHR
text/html 54.38.64.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tmyzer.com/c/?s=54641&f=2&fi=99
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.38.64.100 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 25 May 2021 02:46:53 GMT
Server: nginx
X-IPLB-Request-ID: B9DC46EC:D73C_36264064:01BB_60AC651D_125DEEDC:1C7CD
X-IPLB-Instance: 38434
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 sync Show response
gum.criteo.com/ Frame 2E24 49 B
371 B 78ms
24ms Script
text/javascript 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=147&r=2&j=criteoCallback

Requested by

Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Tue, 25 May 2021 02:46:52 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1480
content-length: 165
expires: 60

GET
H/1.1 200
OK libJsLP.js Show response
tag.leadplace.fr/ Frame 2E24 4 KB
4 KB 66ms
15ms Script
application/javascript 145.239.193.51
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.leadplace.fr/libJsLP.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.193.51 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 32adcd20942cc95376c96c686e5f4c65dba39275545f6c9c7b63b72a374d9cc0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Last-Modified: Thu, 07 Jan 2021 17:29:20 GMT
Server: nginx/1.14.2
X-IPLB-Request-ID: B9DC46EC:20D4_91EFC133:01BB_60AC651D_81269D29:6437
ETag: "5ff744f0-e7c"
X-IPLB-Instance: 29923
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 3708

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 075E 2 KB
818 B 30ms
9ms Document
text/html 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1621910813376

Requested by

Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2a897e3f18e6769&cb=1621910813376
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H2 200 / Show response
spl.zeotap.com/ Frame 091B 2 KB
1 KB 52ms
32ms Document
text/html 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7cb1cb576f66cbfe244baa9a42c3696470e2b27ce186876ce00cc13488a3dd2

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?env=mWeb&uc=2&zdid=1258&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://runwaff.com
set-cookie: zc=973dcad7-3dec-4517-6d86-9f47460f08dc; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure zsc=m%DE%84L%D2E%AD%1F%3C%90%05%F1%D6%BB%EAus%B3%16%1B%B0%C0%E5%19%D7%13%ABJ%0D%E9%81%AF%90%C9%93x%E5%3B%24o%8DMG%84%F6~Uq%3C9n6%D9%EB%87.%3E%07%9E%1F%82_g%07%FE%DA%D2%CC%9B%D0%85%22%89%C7%E8%22%B8%DE%01%85_%A0+8%2C%8C%EA%1D%CD%3C%27%D7W%814%5E%5B%93%1E%A7s%D4%BD%0F%DA; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0a430412d500004d8911841000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 654b6f97b8f84d89-FRA
content-encoding: br

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 2E24 24 KB
9 KB 30ms
10ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Tue, 01 Jun 2021 02:46:53 GMT

GET
H/1.1 200
OK px.js Show response
p.cpx.to/p/12763/ Frame 2E24 3 KB
3 KB 131ms
30ms Script
application/javascript 54.246.143.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.cpx.to/p/12763/px.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.143.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-143-132.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8b6f1b48cd5175f987c8d9c15233cde35ad4a06473c89b4f46076b6fc3259e6b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Cache-Control: max-age=2419200, public
Connection: keep-alive
Content-Length: 3015
Content-Type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK notifyme.js Show response
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/ Frame 2E24 25 KB
26 KB 73ms
21ms Script
text/javascript 52.222.161.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.161.210 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-161-210.cdg52.r.cloudfront.net
Software: Apache /
Resource Hash: b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 24 May 2021 20:27:36 GMT
Via: 1.1 e0720e45d2e7ea5da3d185114a45e51e.cloudfront.net (CloudFront)
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Age: 23468
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
X-Amz-Cf-Pop: CDG52-P2
Accept-Ranges: bytes
Content-Length: 25704
X-Amz-Cf-Id: V_Fv5tFDlzv1O41SZc_W3Uypc0b2l-tgeEArNNHn5cIvq7HaCFtRxA==

GET
H/1.1 200
OK 186329-261067657875242.js Show response
js-sec.indexww.com/ht/p/ Frame 2E24 37 KB
13 KB 48ms
15ms Script
text/javascript 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7e176e51c1dff07522d527754e78745b4fe73db4b875ab85be5ec57e2e35346c

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 May 2021 01:55:30 GMT
Server: Apache
ETag: "901cf9-930b-5c31dd21c68c7"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=809
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 12788
Expires: Tue, 25 May 2021 03:00:22 GMT

GET
H2 200 prebid.js Show response
ads.themoneytizer.com/moneybid4_35/build/dist/ Frame 2E24 528 KB
165 KB 11ms
8ms Script
application/javascript 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/moneybid4_35/build/dist/prebid.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=54641&formatId=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: d8a382bb17386d2d82cc7bff0b08cbc40466c977c277e039adfa7de9b9511957

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
last-modified: Wed, 21 Apr 2021 09:25:31 GMT
server: nginx
etag: "607fef8b-84176"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 168757
expires: Wed, 26 May 2021 02:46:26 GMT

GET

6.gif
id5-sync.com/c/12/108/4/ Frame 2E24
Redirect Chain

https://id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg
https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&domid=1033
https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&opid=goo&etid=&domid...
https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&opid=goo&etid=&domid=1033...
https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEBZYolgNXrrTZ1lN-vnvqSw&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0Rv...
https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=2856234407030238743&opid=apx&ops=&utidl=tech:goo:CAESEBZYolgNXrrTZ1lN-vnvqSw&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0a...
https://id5-sync.com/qp/18.gif?puid=vec%3A17662784809&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
https://id5-sync.com/c/12/19/7/3.gif?puid=facca241c63ca8199331b99307eb2022&gdpr=1&gdpr_consent=
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://ads.creative-serving.com/ul_cb/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://id5-sync.com/c/12/101/6/4.gif?puid=18fdb0c4-97e0-47b6-b337-acbf9f1abbc3&gdpr=1&gdpr_consent=
https://loadus.exelator.com/load/?p=1082&g=204&j=r&gdpr=1&gdpr_consent=&ru=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F103%2F5%2F5.gif%3Fpuid%3D%25%25UID%25%25%26gdpr%3D1%26gdpr_consent%3D
https://loadus.exelator.com/load/?p=1082&g=204&j=r&gdpr=1&gdpr_consent=&ru=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F103%2F5%2F5.gif%3Fpuid%3D%25%25UID%25%25%26gdpr%3D1%26gdpr_consent%3D&xl8blockcheck=1
https://id5-sync.com/c/12/103/5/5.gif?puid=6a6f01c7db7e2db4b734253d3ad8ea0b&gdpr=1&gdpr_consent=
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F108%2F4%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_cons...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F108%2F4%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdp...
https://id5-sync.com/c/12/108/4/6.gif?puid=7fd506e9-a0e8-4138-b08b-b54c72f2e560&gdpr=1&gdpr_consent=

0
0

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 9897 22 KB
6 KB 200ms
26ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 1216 302 KB
88 KB 23ms
20ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/usersync?i=u1dvjpo9e55sy80hm5&a=05bcf34b3dc8ef781ff91667b6cbe5da7&cb=6771261621910813237
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vg4iEnYTCbcHuKPdN2Nn10Dom9g9ZxBZxDexLOIrSmWcWAwHQjer9mCX3q0LzvTxJXH0YtsbOe%2BTyHXkFaAHZDfETBvCGxNhUroJwv78OH0gRnNxbfINDRLnfI55tx2NutktU8th"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a430412e200002b9526999000000001
cf-ray: 654b6f97d8082b95-FRA

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame DAC4 302 KB
88 KB 21ms
21ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=nLOnvk1HOc%2FYI%2BoMC77ec41vDm9I3FQ9kP8wMap3s2Av6uwnOaVNVkcge7fMu8GGoI%2BQ%2B%2FkHkdCrcIKbA01dl7D755lxA7aqyVDRaT18dU8pZFglX4hbz56Z3USF4A65zb9hLuRr"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a430412e400002b9551ad2000000001
cf-ray: 654b6f97d80e2b95-FRA

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame E9D6 107 B
799 B 34ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ww3.read7deadlysins.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame E9D6 107 B
553 B 34ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ww3.read7deadlysins.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 403 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame E9D6 0
25 B 29ms
28ms XHR
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1244225158161680&correlator=4107408388891767&output=ldjh&impl=fifs&eid=31060789%2C31061004%2C44742768&vrg=2021051801&ptt=17&sc=1&sfv=1-0-38&ecs=20210525&iu_parts=21671350435%2C300x250-read7deadlysins.com&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cookie_enabled=1&cdm=ww3.read7deadlysins.com&bc=31&abxe=1&lmt=1621910813&dt=1621910813450&dlt=1621910813225&idt=199&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=1073&adys=393&adks=2676277701&ucis=dcojxtebndym&ifi=1&ifk=1085813594&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fww3.read7deadlysins.com%2F&top=https%3A%2F%2Fww3.read7deadlysins.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x-1&ga_vid=1334050034.1621910813&ga_sid=1621910813&ga_hid=113645991&ga_fc=true&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-creative-id: -2
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://ww3.read7deadlysins.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
eaba349be3b6f4320e8ae22a47a1221f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E9D6 0
0 47ms
14ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eaba349be3b6f4320e8ae22a47a1221f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame E9D6 0
0 26ms
6ms Other
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame B222 302 KB
88 KB 26ms
26ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/counter?i=u1dvjpo9e55sy80hm5&a=d76c2da8c12daa85f1437d954f94f8843&cb=6061601621910813241
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uf25zjbMSgOSSfZwZTqgK4mwvVuz4XvneGJf%2F9XMKlbZ1j%2FIwBOzyY%2BV4dyTgglAePPNobxJKeowphd%2BEL4TXOxqNbNBtNREurXayc9A7AB7IWw3XLZRKuQfP6z1rqDj4VN%2FJFbP"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a4304134300002b9529ba0000000001
cf-ray: 654b6f9868ae2b95-FRA

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 8DE9 302 KB
88 KB 25ms
25ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hO3QlC4ML1LuJjSlUWAoFbEm7luaUXZQJUOkJjHmd5L3q7xPFxFn%2FsqEpw05wmXhl5EP1%2BW9y8H572jDXDXpc3UhsbardRyvOpxlhW6KeEK6Hq2bYJS5F4%2BF75w%2FI9eyQB8rFCxr"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a4304134500002b954c2f6000000001
cf-ray: 654b6f9868b32b95-FRA

GET
H/1.1 200
OK 1537884-15.js Show response
smarttag.rubiconproject.com/a/17210/304582/ Frame B0FA 147 B
1 KB 63ms
15ms Script
text/javascript 213.19.162.41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://smarttag.rubiconproject.com/a/17210/304582/1537884-15.js?&cb=0.8140900777259212&tk_st=1&rf=https%3A//ww3.read7deadlysins.com/&rp_s=c&p_screen_res=1600x1200&ad_slot=304582_15&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/17210.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.41 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:53 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Keep-Alive: timeout=5
Content-Length: 147
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 prebid_v4_21.js Show response
hb.adpone.com/ Frame 1D1C 302 KB
88 KB 23ms
21ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=8fea93fb728874b1628b7aac65a76abf3&cb=0112131621910813244
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2635
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=r9zOSpiaCsLNTJ7mR08ENERXsuAzOXtu%2BvJKA71WRrQpamHe%2FuuQvgDkJlyjJPvp0QofdAMPuPBPv0xsP1LR2X%2Bgs8VzSimNuTiGnIr6iz0l7IBZG0IEcwIF1qTr1BeztbZUAoyY"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0a4304136400002b9577a99000000001
cf-ray: 654b6f9898f22b95-FRA

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame FC03 22 KB
6 KB 58ms
26ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 2E58 22 KB
6 KB 50ms
26ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame BB4B 22 KB
6 KB 40ms
27ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=60f0e959e67789b550dbbeaa782904915&cb=9059651621910813235
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 bidgear.readnaruto.com.842741.js Show response
jsc.adskeeper.co.uk/b/i/ Frame 934B 275 KB
68 KB 76ms
33ms Script
text/javascript 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.adskeeper.co.uk/b/i/bidgear.readnaruto.com.842741.js
Requested by: Host: platform.bidgear.com
URL: https://platform.bidgear.com/html?domainid=1042&sizeid=16&zoneid=3323&wu=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9f86a4e608a80930a78a18fb9050b9579abe18f44eb33c164dc2b8501219b8f

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 2562
cf-polished: origSize=282125
last-modified: Tue, 18 May 2021 09:46:06 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: MNQ18CHRMSKS8NWQ
x-amz-id-2: 2H+8EciTfKN5RvTw9CajiRVAGNLmK6fZRcAs/0n+dHY3BU6bkdetNE/3SxsmsQWJxl/sZi2kd+o=
cf-bgj: minify
server: cloudflare
etag: W/"4d5d9431986b48567d2cab760305bc99"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=14400
cf-request-id: 0a430413bd000008a3de354000000001
cf-ray: 654b6f992c8508a3-CDG
expires: Tue, 25 May 2021 06:46:53 GMT

GET
H2 200 rec
imp9.bidgear.com/ Frame 934B 599 B
911 B 109ms
107ms Image
image/jpeg 2606:4700:20::ac43:4a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imp9.bidgear.com/rec?t=1&z=3323&uuid=b9c0c2a857d64e8f858d935a6d3179de&p=78&g=DE&token=4a4433543251483336527837773277333332336239633063326138353764363465386638353864393335613664333137396465d41d8cd98f00b204e9800998ecf8427e
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Y9l8p3wh3lMRa%2FjepkOcHbzcNIpCvtdHDof%2Fm8jHlS%2BrGkBW1yqUAwpI7qwYPiTlCOcFZYWse5rko42uRkcFbUaq0TkdGEnz7%2FF4jyigdT58ZtG7xi4FVdiHCiNh%2FAWts%2BvypL7%2BaNIL"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 654b6f98ee141f31-FRA
content-length: 599
cf-request-id: 0a4304138f00001f3170bad000000001

GET
H2 200 b15.png
platform.bidgear.com/media/img/ Frame 934B 6 KB
6 KB 13ms
12ms Image
image/png 2606:4700:20::ac43:4a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.bidgear.com/media/img/b15.png
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71529d12a50c366935078936f9533606bff2f00e195f62a78772cca16b7ca247

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 280158
cf-request-id: 0a4304138f00001f317934c000000001
last-modified: Thu, 20 Aug 2020 03:15:55 GMT
server: cloudflare
etag: W/"5f3deaeb-17f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TgwL1Sb3yUWrcqj9PDqAEFExD7gsnOzXIcdjYPD7VvBlPT9iWyCxSXBM2MTUNjMzZeBPUb3Qlfvb9AfDpCR74PvnUfsxbIN02E86Lv%2BPo3x5NTbE3oG96q02xBm1ahcX156luEy2gm5AsgFRnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 654b6f98ee111f31-FRA
expires: Sun, 23 May 2021 00:46:50 GMT

GET
H/1.1 200
OK ac Show response
www5.smartadserver.com/ Frame 5494 22 B
348 B 413ms
161ms Script
application/javascript 199.187.193.140
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://www5.smartadserver.com/ac?nwid=1743&siteid=338505&pgid=1185054&fmtid=52941&async=1&visit=m&tmstp=2678045480&tag=sas_52941&sh=1200&sw=1600&pgDomain=https%3A%2F%2Fww3.read7deadlysins.com%2F&noadcbk=sas.noad&isLazy=0&isAdRefresh=0
Requested by: Host: ced.sascdn.com
URL: https://ced.sascdn.com/tag/1743/smart.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.187.193.140 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software: /
Resource Hash: b896afc83022a9cba3d395cdb8f1c09f49df5869b96d9c41af7bfdca6286d005

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 5%3b7%3b63
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
transfer-encoding: chunked
content-type: application/javascript; charset=UTF-8

GET
H2 200 rules-p-6Fv0cGNfc_bw8.js Show response
rules.quantcount.com/ Frame 2E24 1 KB
1 KB 67ms
21ms Script
application/javascript 2600:9000:218e:ce00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218e:ce00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 01:49:37 GMT
content-encoding: gzip
age: 3437
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Mon, 19 Mar 2018 22:28:36 GMT
server: AmazonS3
etag: W/"9a93052877e57b42aeefaab6e7ec5f90"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 53f1fabf09e106b6477c73343225c059.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: CDG52-P1
x-amz-cf-id: BpSJYt5ReSfSZ2sJe18bCZsExGs4h2tLDspffXJYWbDZNA6W4-wpyA==

GET
H2 200 cmp-v2.0.1.js Show response
assets.vlitag.com/plugins/cmptcf2/ 267 KB
68 KB 32ms
30ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 105647
cf-polished: origSize=489839
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430413c50000c277749e0000000001
x-robots-tag: noindex, nofollow
last-modified: Tue, 29 Dec 2020 02:18:12 GMT
server: cloudflare
etag: W/"5fea91e4-7796f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4DElanlk8WEyqmCofP3kso%2Favrkkk95iQFrepXiqH%2FOfK%2BkBHFDPGPzNvlRlgeaW83Dc9xussJDh6SfRdFFoOFvLpBfA12OGSi9JWQcE0FQgSAcPhvviBQUKtD0aWUh25zsw90O8yU5P0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 654b6f993a66c277-FRA
expires: Sun, 23 May 2021 21:56:06 GMT

GET
H2 200 prebid-v4.38.0.js Show response
assets.vlitag.com/prebid/default/ 411 KB
117 KB 52ms
50ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58694600a9bb19ab424e8752ab649f1365563963d2541becd627f15045a107aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1272095
cf-polished: origSize=421400
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430413c50000c2773d058000000001
x-robots-tag: noindex, nofollow
last-modified: Mon, 10 May 2021 09:25:11 GMT
server: cloudflare
etag: W/"6098fbf7-66e18"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ADXVr2jhzZ6nbDoNfJaS7%2BtNRlZEhf5tLJLQJiqtMj3oSpKEvQOR0JWuYU0%2BnCWE2Xjy9SdoJKoPwvSEO5EVCnHuVTIk7R%2F7ev%2FF2hhveHmS3eWyithmUDxV%2F680lkGMdXU97UonkxvBpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 654b6f993a67c277-FRA
expires: Mon, 10 May 2021 09:55:18 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 36ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8aba6d0b4682bdc43ce9ff06c9c0174b1edb730dc1f2b1d00892df73cefe5ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "882 / 39 of 1000 / last-modified: 1621894198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21348
x-xss-protection: 0
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 viPlayer_v42.min.js Show response
assets.vlitag.com/plugins/vlPlayer/ 13 KB
5 KB 18ms
16ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/vlPlayer/viPlayer_v42.min.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbeb241324f4c3e889518c86ec74c1f6f634fff0c6f23f8c5af28273b8f31112

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 107099
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430413c50000c2772d90f000000001
x-robots-tag: noindex, nofollow
last-modified: Thu, 26 Nov 2020 03:46:23 GMT
server: cloudflare
etag: W/"5fbf250f-33d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ydO0B2fKIWsfGikjA0rYmWzJdnzhD0%2BemuPmBB0zQKw%2B8s9ZIPFZ%2FmkYXcmWhq3LkaPptbaXDlZ0%2BNvRzsdhkkSzYPCohKfutSpMO0CeN%2F9mRossy9mZD1L8XKCQbmwdzdwbrXi6LqwmLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 654b6f993a68c277-FRA
expires: Sun, 23 May 2021 21:31:54 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 334 KB
115 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f70fee72f4b08b7a97e7740fc8bbc725f9877ce869b60a8e2f233327b52fb020

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117244
x-xss-protection: 0
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 sf_host.min.js Show response
assets.vlitag.com/plugins/safeframe/src/js/ 38 KB
16 KB 26ms
25ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 107099
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430413c50000c27760a33000000001
x-robots-tag: noindex, nofollow
last-modified: Fri, 01 Nov 2019 05:04:50 GMT
server: cloudflare
etag: W/"5dbbbcf2-9806"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vurPnX7o0YyT63pmdAd7At7SaX%2BCI%2FdN06DhIPbrbsALjDYga%2FIOM6sdPR4HfCEzOtBeIGmdrR53c2cH1iQxAuRni0yzImoYYfb8h%2F8MnMGX9CbWCrlC6%2FuM9egym4ncbcoCmPEi%2BGWDAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 654b6f993a6bc277-FRA
expires: Sun, 23 May 2021 21:31:54 GMT

GET
H2 451 identity Show response
api.rlcdn.com/api/ Frame 2E24 44 B
325 B 31ms
14ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity?pid=2&rt=envelope

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.133.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://runwaff.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 44

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame 2E24 109 B
541 B 93ms
30ms XHR
application/json 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=186329
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: e07482f88e80537b35953010a2d347873dd366963ac227e727c53ec46d6fd63c

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://runwaff.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Thu, 24 Jun 2021 02:46:53 GMT

GET
H2 200 sync Show response
gum.criteo.com/ Frame 8D02 51 B
375 B 24ms
24ms Script
text/javascript 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a

Requested by

Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=18287125

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Tue, 25 May 2021 02:46:53 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1440
content-length: 169
expires: 60

GET
H/1.1 200
OK ttj Show response
secure.adnxs.com/ Frame 8D02 2 KB
2 KB 21ms
21ms Script
application/javascript 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/ttj?ttjb=1&bdc=1621910813&bdh=tKJVkap0z3MWD_8xHi0XUUxYf28.&&bdref=https%3A%2F%2Fww3.read7deadlysins.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fww3.read7deadlysins.com%2F,https%3A%2F%2Frunwaff.com%2Fuser%3Fi%3Du1dvjpo9e55sy80hm5%26a%3D69a1ae274eff659621cc5da174992f8b3%26cb%3D5820761621910813239&&id=18287125

Requested by

Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=18287125

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

009fb348ce253623b74850f01c29d3a031914aa7b7c893b42d5330352d5f6d58

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Content-Encoding: gzip
X-Creative-ID: 41873055
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.233:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0a1d86c9-3449-4e4a-bccf-3d918beb9955
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame AFBE 22 KB
6 KB 7ms
7ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 6550 22 KB
6 KB 8ms
8ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/usersync?i=u1dvjpo9e55sy80hm5&a=05bcf34b3dc8ef781ff91667b6cbe5da7&cb=6771261621910813237
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H/1.1 200
OK fire.js Show response
s.cpx.to/ Frame 2E24 1005 B
2 KB 118ms
35ms Script
application/javascript 54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.cpx.to/fire.js?pid=12763&ref=https%3A%2F%2Fww3.read7deadlysins.com%2F&hn_ver=16&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

Requested by

Host: p.cpx.to
URL: https://p.cpx.to/p/12763/px.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-137-128.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ee766ef9d627e46aeb0b895935f8ca49b0cf197e5f0b62ca2f1deb8fc2511fd0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 25 May 2021 02:46:53 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=UTF-8
Content-Length: 1005
Expires: Thu, 20 May 2021 13:20:54 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 091B
Redirect Chain

https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&...
https://mwzeom.zeotap.com/mw?adnxs_uid=2856234407030238743&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258

95 B
178 B

25ms
25ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?adnxs_uid=2856234407030238743&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6f9a9c134d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a4304149b00004d89d6378000000001

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:53 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.146:80
AN-X-Request-Uuid: 535e86fe-d33d-4f9e-a714-81fc44114ca1
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://mwzeom.zeotap.com/mw?adnxs_uid=2856234407030238743&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 091B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&...
https://mwzeom.zeotap.com/mw?google_gid=CAESEHzoN6haGvwgtK3imuz1gQI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e5...

95 B
178 B

27ms
25ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEHzoN6haGvwgtK3imuz1gQI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6f9a9c0d4d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a4304149a00004d89bc125000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEHzoN6haGvwgtK3imuz1gQI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 450
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 091B
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D973dcad7-3dec-4517-6d86-9f47460f08dc%26reqId%3D81b28539-878e-48b8-5fab-8e52e7...
https://mwzeom.zeotap.com/mw?cid=a442fbe8-bdb4-4220-808c-55a86f50264b&zpartnerid=6&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc...

95 B
189 B

21ms
20ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=a442fbe8-bdb4-4220-808c-55a86f50264b&zpartnerid=6&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6f9a9c0f4d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a4304149b00004d89b9b31000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=a442fbe8-bdb4-4220-808c-55a86f50264b&zpartnerid=6&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 449

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 091B
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=973dcad7-3dec-4517-6d86-9f47460f08dc&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=973dcad7-3dec-4517-6d86-9f47460f08dc&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=26897225681004334221210651976602852528&zpartnerid=314&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00...

95 B
179 B

28ms
28ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=26897225681004334221210651976602852528&zpartnerid=314&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6f9c9df84d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a430415de00004d89c5ab2000000001

Redirect headers

DCS: dcs-prod-irl1-1-v007-0b0cba8a1.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: O27Fepl7SGQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=26897225681004334221210651976602852528&zpartnerid=314&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 091B
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1258&cid=Tl%2FvYKEnMJlB8J4AqLHFGWG%2BM1mMj8Ps%2BS41iYitP1U%3D

95 B
178 B

22ms
21ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1258&cid=Tl%2FvYKEnMJlB8J4AqLHFGWG%2BM1mMj8Ps%2BS41iYitP1U%3D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6f9a9c0e4d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a4304149b00004d891520f000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1258&cid=Tl%2FvYKEnMJlB8J4AqLHFGWG%2BM1mMj8Ps%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 091B
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D973dcad...
https://mwzeom.zeotap.com/mw?cid=e06160ac-651d-4e00-8de7-6426066579f3&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52...

95 B
178 B

29ms
29ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=e06160ac-651d-4e00-8de7-6426066579f3&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6f9a9c114d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a4304149b00004d89fe88f000000001

Redirect headers

Date: Tue, 25 May 2021 02:46:53 GMT
Server: MT3 3736 915c305 master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=e06160ac-651d-4e00-8de7-6426066579f3&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Tue, 25 May 2021 02:46:49 GMT

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame 091B 541 B
483 B 30ms
29ms Script
text/plain 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc52d66244d18abd87212e8c77bb671ddf1b1b2d17afc3a49084fb260fe29794

Request headers

Referer: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 654b6f9a1b944d89-FRA
date: Tue, 25 May 2021 02:46:53 GMT
via: 1.1 google
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *
cf-request-id: 0a4304145000004d89e5b01000000001

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.0.0/ Frame 2E24 84 KB
30 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js

Requested by

Host: d2zur9cc2gf1tx.cloudfront.net
URL: https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 12:37:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 310140
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30186
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 12:37:53 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame 9F0A 22 KB
6 KB 7ms
6ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame DDDF 22 KB
6 KB 7ms
7ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/counter?i=u1dvjpo9e55sy80hm5&a=d76c2da8c12daa85f1437d954f94f8843&cb=6061601621910813241
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 / Show response
ads.projectagoraservices.com/ Frame E42A 22 KB
6 KB 7ms
7ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=8fea93fb728874b1628b7aac65a76abf3&cb=0112131621910813244
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, no-store, must-revalidate
content-length: 6298
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H/1.1 200
OK 1x1.png
secure-assets.rubiconproject.com/static/psa/blank/ Frame B0FA 156 B
484 B 46ms
15ms Image
image/png 184.24.15.122
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-assets.rubiconproject.com/static/psa/blank/1x1.png
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=c45f858cb8b4b094b8b6229bad96a54e7&cb=1556561621910813230
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.15.122 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-15-122.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 58a617d2c88d378bfd267e2817e2228e82ef0c3f28d8ac3458b18af77335c39e

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Oct 2019 16:53:58 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 155

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame 865F 360 KB
103 KB 57ms
31ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2636
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eyRGFYPNTv1u9uNuWG0MM6KhGDP7MTUt8S4%2Brk3stAuqxqoIqysXx8cxPiUeb9qdf2aJvInDcDv%2FEAxYNuf%2Fc8uPuuIgDS1U5df42uG4CDI5ubInZdR3nA8nRY%2BCkbaL82L%2FUgVywubr5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a43041497000005bf21114000000001
cf-ray: 654b6f9a8d5b05bf-FRA

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame FC03 360 KB
103 KB 55ms
32ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2636
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pg9LmqH2DYGPJIzw6gSitrdWboDwpFq5HcKvkdbl3L%2FColetqm%2BWa19lD8bn5f72bQwQ%2BTvSBHUhJdXO6ttyVNTpmZcZ8RyLroT5POZSRLLTHqB%2BWvzq6ykSzHGDi0iUclzBT2KfC880KA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a43041497000005bff0342000000001
cf-ray: 654b6f9a8d5c05bf-FRA

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame 9897 360 KB
103 KB 53ms
31ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2636
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=MBlXWk%2By9lFJx7MPoCBxYSJlH6trMzjCIlfCh9V9JxwssSXJCkx9Ykv0BD2T%2F0jBPC%2FA3A9UeCXZ42888GxjfbfyGfr%2BrWDwodhdro0l4wN12uzbW%2Bpqqfa5qEeP6v0w55uIEvGQZfHN4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a43041497000005bf3a80a000000001
cf-ray: 654b6f9a8d5e05bf-FRA

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame 2E58 360 KB
103 KB 45ms
25ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2636
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wdDwqsaamk93kthvPTAtB2XNN6sUklSH6e%2F2bdYzRxrSySkJMVwzWTLAlnZrF%2FTVqcetnXotRV%2BzI0387D6Q5yuv1EebVY5eRAeTx2bm01EoCvS4dRwmyHIRYiZgaKnYS9skmLyKnXLlZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a43041497000005bff3251000000001
cf-ray: 654b6f9a8d5f05bf-FRA

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame BB4B 360 KB
103 KB 46ms
31ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2636
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3jWbgvYg7Jh%2FiCiUiy08Lat3e5J80sUchuYJoGRDAXLtNTRDb43fkmpzZlkmJ%2BcNFvY4ioge5He3bR4lwkKD0UPcrwP8Ag5rQx9lqFJlD9S4L2B1u7mr73hDw3viCg6ewR1ANaJQJbW3OA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a43041497000005bfd8b5d000000001
cf-ray: 654b6f9a8d6005bf-FRA

GET
H2

200

/ Show response
adx.adform.net/adx/ Frame EB94
Redirect Chain

https://adx.adform.net/adx/?rp=3&bWlkPTc1NTc2MyZybmQ9bDBtdm4xb25yZnRweG8za3QyenU&url=https%3A%2F%2Fww3.read7deadlysins.com&callback=_adform_cb_1621910813835_7505608149569867
https://adx.adform.net/adx/?CC=1&rp=3&bWlkPTc1NTc2MyZybmQ9bDBtdm4xb25yZnRweG8za3QyenU&url=https%3A%2F%2Fww3.read7deadlysins.com&callback=_adform_cb_1621910813835_7505608149569867

942 B
1 KB

52ms
52ms

Script
text/javascript

37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?CC=1&rp=3&bWlkPTc1NTc2MyZybmQ9bDBtdm4xb25yZnRweG8za3QyenU&url=https%3A%2F%2Fww3.read7deadlysins.com&callback=_adform_cb_1621910813835_7505608149569867

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

65b274370861ac64aa4e81014de0d4f96a29c1d9a85fdb58f85a2f0f7c39f040

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 883
expires: -1

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
server: nginx
location: https://adx.adform.net/adx/?CC=1&rp=3&bWlkPTc1NTc2MyZybmQ9bDBtdm4xb25yZnRweG8za3QyenU&url=https%3A%2F%2Fww3.read7deadlysins.com&callback=_adform_cb_1621910813835_7505608149569867
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame AFBE 360 KB
103 KB 32ms
31ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2636
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=u%2FeF1fJnPQmFhrX%2BAO1T5YxyHC0x3ghoVVT1zhOwLCGdmVMxOSC3E1XBbvLkvPa06uuHSSNHcBh48qKAJwOgXqqsQvQJ0J%2Fs1hsZxKnfJzuHFzNUOVwnIcrLfowLuNGPCgXyGiyRK%2BVFJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a43041497000005bf1b9a5000000001
cf-ray: 654b6f9a8d6105bf-FRA

GET
H/1.1 200
OK ttj Show response
ib.adnxs.com/ Frame 8D02 3 KB
2 KB 18ms
14ms Script
application/javascript 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ttj?id=6589253&psa=0&cb=1233526026&gdpr=0&gdpr_consent=&loc=,&pubclick=https://ams1-ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAAAAAKBH4do_AAAAAAAAAAAAAAAAAAAAAG9Fivg_u7EIFy5Jag9ioycdZaxgAAAAABUKFwEYKAAA5QAAAAIAAACf7n4Cfd8fAAAAAAAAAAAARVVSACwB-gCbBAAAAAABAgEAAAAAANIA-hJe1QAAAAA./bcr=AAAAAAAAAAA=/bn=0/clickenc=

Requested by

Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1621910813&bdh=tKJVkap0z3MWD_8xHi0XUUxYf28.&&bdref=https%3A%2F%2Fww3.read7deadlysins.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fww3.read7deadlysins.com%2F,https%3A%2F%2Frunwaff.com%2Fuser%3Fi%3Du1dvjpo9e55sy80hm5%26a%3D69a1ae274eff659621cc5da174992f8b3%26cb%3D5820761621910813239&&id=18287125

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

024f626f35070371552b25e463542d7f6795af16d211bd7f7eadbbacbb08d55b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:53 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.243:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f31487db-9d22-4b48-a4bf-a62a421649eb
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK it
ams1-ib.adnxs.com/ Frame 8D02 0
824 B 56ms
16ms Image
text/html 185.33.221.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams1-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fww3.read7deadlysins.com%2F&e=wqT_3QLuA6DuAQAAAwDWAAUBCJ3KsYUGEO-KqcT_5-7YCBiX3KTS9sHY0ScqNgkAAAkCABEJBywAABkAAACgR-HaPyEREgApEQn0DgExAAAAQOF6hD8wlZTcCDiYUEDlAUgCUJ_d-xNY_b5_YABom4mkAXgAgAEBigEAkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQLAAQHIAQDQAQDYAQDgAQDwAQDYAgDgApuFTuoCIGh0dHBzOi8vd3czLnJlYWQ3ZGVhZGx5c2lucy5jb20vgAMAiAMBkAMAmAMZoAMBqgMAwAOsAsgDANgDoKapAeADAOgDAPgDAYAEAJIEBC90dGqYBACiBA4xODUuMjIwLjcwLjIzNqgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggA4AQA8ASf3fsTiAUBmAUAoAUAwAUAyQUAAAAAAADwP9IFCQkAAAAAIRdo2AUB4AUA8AUA-gUECAAQAJAGAJgGALgGAMEGAR8BARDaBhYKEAEJLgEAXBAAGADgBgDyBgIIAIAHAYgHAKAHALoHDwFERBgAIAAwADjABkAAyAcA0gcNCRE6ATYI2gcGCSUw4AcA6gcCCADwB6-KAw..&s=97c730ad454374eeaea8feb43caa0de5567937b9

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:53 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.147:80
AN-X-Request-Uuid: acda3c15-1be7-4a68-a348-099b101b0b9d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ Frame 2E24 0
426 B 52ms
18ms XHR
text/plain 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=415712&u=https%3A%2F%2Fww3.read7deadlysins.com%2F&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:53 GMT
X-AK-INITIAL-GEO: CC:[DE], RC:[HE], CN:[EU], CIP:[185.220.70.236], XFF:[]
Server: Apache
Access-Control-Allow-Origin: https://runwaff.com
X-CS-CLIENT-GEO: 12
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-AK-CLIENT-GEO: 12
Expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame 6550 360 KB
103 KB 27ms
27ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2636
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=i1KZQPH12S005py%2F53f%2BuyFU8ZyKtjHelVyL%2FrhwPOwyM5T7w5Ze%2FZQMYiWXNNVoOEOlEKtvaVeHS7aNSI%2FeoJevpWbUG7SXEa2baht%2Bq3RO2kPSpR9Xnvo%2BYyxgf8x64hgzhuX8nYQ6fA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a4304149b000005bf12186000000001
cf-ray: 654b6f9a9d6c05bf-FRA

POST error
quantcount.com/log/ Frame 2E24 0
0

GET
H2 200 pixel;r=427532587;labels=Categories.artsandentertainment;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Frunwaff.com%2Fstat%3Fi%3Du1dvjpo9e55sy80hm5%26a%3D05ce0684c5396c5bd68c434103884dbb5%26cb%3D91692416...
pixel.quantserve.com/ Frame 2E24 35 B
371 B 12ms
10ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=427532587;labels=Categories.artsandentertainment;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Frunwaff.com%2Fstat%3Fi%3Du1dvjpo9e55sy80hm5%26a%3D05ce0684c5396c5bd68c434103884dbb5%26cb%3D9169241621910813234;ref=https%3A%2F%2Fww3.read7deadlysins.com%2F;uht=2;fpan=1;fpa=P0-1361951759-1621910813857;pbcn=u;pbc=;ns=1;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;d=runwaff.com;je=0;sr=1600x1200x24;dst=1;et=1621910813857;tzo=-120;ogl=

Requested by

Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29 200 pubads_impl_2021051801.js Show response
securepubads.g.doubleclick.net/gpt/ 308 KB
108 KB 16ms
15ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

77e7ad71599b73f06bcaea11c25e128d50c80f6e7fb0cc10f317779fc285d954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 08:37:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110938
x-xss-protection: 0
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 934B 21 KB
1 KB 23ms
13ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese

Requested by

Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b24778ddf954b52d774d1620e1f7a371a0366c6b431cb979c11e0bf4fc6caa5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 25 May 2021 01:19:45 GMT
server: ESF
date: Tue, 25 May 2021 02:46:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 25 May 2021 02:46:53 GMT

GET
H2 200 / Show response
c.adskeeper.co.uk/pv/ Frame 934B 0
334 B 99ms
90ms Script
text/plain 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.adskeeper.co.uk/pv/?pv=5&cbuster=1621910813962931097493&uniqId=0adfe&niet=4g&nisd=false&ref=&cxurl=https%3A%2F%2Fww3.read7deadlysins.com&lu=https%3A%2F%2Fww3.read7deadlysins.com%2F&pageView=1&pvid=179a16afd0b9f974364&site=551062&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/b/i/bidgear.readnaruto.com.842741.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 654b6f9b6e7508a3-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a4304151d000008a3a9989000000001

GET
H2 200 adskeeper_svg.svg
cdn.adskeeper.co.uk/images/ Frame 934B 4 KB
1 KB 27ms
26ms Image
image/svg+xml 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper_svg.svg
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 2481
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: YWK1YGX3F74XX1MZ
x-amz-id-2: bCGrd3yfN7QOZTiegeGiCByEb2F94lwZExFqYGdV4mT1E/ioLcKPulmDsSrsaUBgbm6kpS7RSsk=
last-modified: Tue, 08 Dec 2020 08:34:59 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1607416491/ctime:1607416491/gid:0/gname:root/md5:93f6d1136fb77e38a0a2c72108588f09/mode:33206/mtime:1607416491/uid:0/uname:root
etag: W/"93f6d1136fb77e38a0a2c72108588f09"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-request-id: 0a43041518000008a3df389000000001
cf-ray: 654b6f9b5e7008a3-CDG
expires: Tue, 25 May 2021 06:46:53 GMT

GET
DATA 200
OK truncated
/ Frame 934B 138 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c01eb02b169c34320241d002edf0d09f06802afc629f8430e7fb430606d67c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 19ms
5ms XHR
application/json 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210525

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6aef7c004e8d9551468e7ba3afa304f8fef2e0a71c6ef432542b90081a9bb051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 33955
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 946
etag: W/"699-0CJm9egSPltQj3ljZWJXWc27UBs"
x-served-by: cache-fra19163-FRA
date: Tue, 25 May 2021 02:46:54 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 /
logs.vlitag.com/sub/ 0
357 B 125ms
124ms Image
image/jpeg 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logs.vlitag.com/sub/?d=read7deadlysins.com&h=ww3.read7deadlysins.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YhE4yDkEXu094FzNuQow2OeS35VLePGTvyEmkOwtq0d%2BSLl3Jdmd7RPlvtOYcad5fbN%2FNwTv%2FKEobryY7n%2BC1pueDDi4KD%2BQ0CfM1BSZ%2BlrQql%2FMK%2F7nuSG8tF10v1QaSqAgTCd5rHs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
cf-ray: 654b6f9beccfc277-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
cf-request-id: 0a430415710000c2773a23a000000001

GET
H3-29 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame 9F0A 360 KB
103 KB 46ms
38ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2637
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bR9LGvrrb4hYO6rf5vR5ZKRV0k8FPzU1EWDr6seIktk%2B3oQxFZ7J6JsF8vV5tGMH3gZG15XQAbZLo13bvu%2BovVtyjCGXIn%2B04uMrCQ0nKlGmBK5wH3TlfVbsRt50jTs%2BzK3XRV%2FMDJKPcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a430415780000dfbfbab42000000001
cf-ray: 654b6f9bfe48dfbf-FRA

GET
H2 204 cmp
spl.zeotap.com/ Frame 091B 0
0 26ms
26ms Document
text/plain 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /cmp?env=mWeb&eventType=map&id_mid_4=973dcad7-3dec-4517-6d86-9f47460f08dc&reqId=81b28539-878e-48b8-5fab-8e52e790e00f&uc=2&zdid=1258&cmp=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: zc=973dcad7-3dec-4517-6d86-9f47460f08dc; zsc=m%DE%84L%D2E%AD%1F%3C%90%05%F1%D6%BB%EAus%B3%16%1B%B0%C0%E5%19%D7%13%ABJ%0D%E9%81%AF%90%C9%93x%E5%3B%24o%8DMG%84%F6~Uq%3C9n6%D9%EB%87.%3E%07%9E%1F%82_g%07%FE%DA%D2%CC%9B%D0%85%22%89%C7%E8%22%B8%DE%01%85_%A0+8%2C%8C%EA%1D%CD%3C%27%D7W%814%5E%5B%93%1E%A7s%D4%BD%0F%DA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0a4304157300004d89ec170000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 654b6f9bed414d89-FRA

GET
H3-29 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame DDDF 360 KB
103 KB 38ms
32ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2637
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ULPpI8w4V6TlzNNovh5sLk6UG5KbF539xYDRznAWSK7XCNWGk23I2CMqbtKJ088D62d9NBP5wsLVvjn2XB8kpV%2FOV5RJCHAI6lCxELSRJ87sqa0FMrhRrVF5tFj%2Bed3skSUvVBSNZ%2B6nig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a430415790000dfbf7bb8e000000001
cf-ray: 654b6f9bfe4adfbf-FRA

GET
H3-29 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame E42A 360 KB
103 KB 55ms
50ms Script
application/javascript 2606:4700:3032::ac43:9028
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=6772&uref=https%3A%2F%2Fww3.read7deadlysins.com%2F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:9028 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2637
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zD9sYQ4hR%2FxQ7VoFnTGqHxnh%2B28eybCAE%2BC7rEgajooBBtFFk%2Bvm1C5JVxbR7EV592CoT5qP77OJrI8LEA7rcXuvag1OwRsEUn5zV8bpt7Xws%2F0nObU3KdST0yNW4575LX%2Fnc7r9S%2FeqGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0a430415780000dfbfa3bde000000001
cf-ray: 654b6f9bfe49dfbf-FRA

GET
H3-29 200 1572962830.jpg
assets.vlitag.com/widget/2019/11/05/ 192 KB
192 KB 23ms
13ms Image
image/jpeg 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/widget/2019/11/05/1572962830.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31370f14534e5bb78d3da68b6cf0e72369feea1bd68aaeac1b61d07094aa1deb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 106599
cf-polished: degrade=85, origSize=227959, status=webp_bigger
expires: Sun, 23 May 2021 21:40:15 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 196267
cf-request-id: 0a4304159b0000536a98863000000001
x-robots-tag: noindex, nofollow
last-modified: Tue, 05 Nov 2019 14:07:11 GMT
server: cloudflare
etag: "5dc1820f-37a77"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dibUGz8smDFS4tnhPvRsv6oIWwXtB6CQIhlgwl63d4KEyV42owcYfRrHzgMkmQK4r4qH3qyLYy8GvMG81s%2BZK6SPwYw67Hsr6xyWFlOgc3VCvdjqCp7nP70%2BrVTkbuS%2FwSxxMMbu7T0uhA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
accept-ranges: bytes
cf-ray: 654b6f9c2816536a-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 934B 15 KB
16 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ww3.read7deadlysins.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 10:13:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 318806
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Sat, 21 May 2022 10:13:28 GMT

GET
H2 200 1 Show response
servicer.adskeeper.co.uk/842741/ Frame 934B 2 KB
1 KB 76ms
75ms Script
application/x-javascript 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.adskeeper.co.uk/842741/1?pv=5&cbuster=1621910814156388028866&uniqId=0adfe&niet=4g&nisd=false&w=805&h=249&cols=3&ref=&cxurl=https%3A%2F%2Fww3.read7deadlysins.com&lu=https%3A%2F%2Fww3.read7deadlysins.com%2F&pageView=1&pvid=179a16afd0b9f974364&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/b/i/bidgear.readnaruto.com.842741.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db3b3f0af5aae1c62702fbfad96b95d9c82f73b0da35c4f8144f1ea0d930162d

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 654b6f9c8f5f08a3-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430415d3000008a3de369000000001

GET
H/1.1 200
OK ttj Show response
ib.adnxs.com/ Frame 8D02 3 KB
3 KB 22ms
22ms Script
application/javascript 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ttj?ttjb=1&bdc=1621910813&bdh=tKJVkap0z3MWD_8xHi0XUUxYf28.&bdref=https%3A%2F%2Fww3.read7deadlysins.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fww3.read7deadlysins.com%2F,https%3A%2F%2Frunwaff.com%2Fuser%3Fi%3Du1dvjpo9e55sy80hm5%26a%3D69a1ae274eff659621cc5da174992f8b3%26cb%3D5820761621910813239&&id=6589253&psa=0&cb=1233526026&gdpr=0&gdpr_consent=&loc=%2C&pubclick=https%3A%2F%2Fams1-ib.adnxs.com%2Fclick%3FAAAAAAAAAAAAAAAAAAAAAAAAAKBH4do_AAAAAAAAAAAAAAAAAAAAAG9Fivg_u7EIFy5Jag9ioycdZaxgAAAAABUKFwEYKAAA5QAAAAIAAACf7n4Cfd8fAAAAAAAAAAAARVVSACwB-gCbBAAAAAABAgEAAAAAANIA-hJe1QAAAAA.%2Fbcr%3DAAAAAAAAAAA%3D%2Fbn%3D0%2Fclickenc%3D

Requested by

Host: ib.adnxs.com
URL: https://ib.adnxs.com/ttj?id=6589253&psa=0&cb=1233526026&gdpr=0&gdpr_consent=&loc=,&pubclick=https://ams1-ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAAAAAKBH4do_AAAAAAAAAAAAAAAAAAAAAG9Fivg_u7EIFy5Jag9ioycdZaxgAAAAABUKFwEYKAAA5QAAAAIAAACf7n4Cfd8fAAAAAAAAAAAARVVSACwB-gCbBAAAAAABAgEAAAAAANIA-hJe1QAAAAA./bcr=AAAAAAAAAAA=/bn=0/clickenc=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

22e445740494ff0441323397bb6de4b62dcb23826c5b77638c644e4302560655

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:54 GMT
Content-Encoding: gzip
X-Creative-ID: 221805565
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.238:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f38451e1-50c8-4c0e-b345-e193c39f4e0c
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

206

videoplayback
r1---sn-4g5e6ns7.googlevideo.com/
Redirect Chain

https://media.vlitag.com/vid/?id=aOSRX0RXaas&t=y
https://redirector.googlevideo.com/videoplayback?expire=1621923207&ei=J0GsYLK_OK-uxN8Pjbub0AM&ip=3.248.214.185&id=o-AOUhgdh7U8Zon1FVE86coJbgWc48B2IiccGmbcsjC_Jw&itag=22&source=youtube&requiressl=ye...
https://r1---sn-4g5e6ns7.googlevideo.com/videoplayback?expire=1621923207&ei=J0GsYLK_OK-uxN8Pjbub0AM&ip=3.248.214.185&id=o-AOUhgdh7U8Zon1FVE86coJbgWc48B2IiccGmbcsjC_Jw&itag=22&source=youtube&require...

377 KB
0

20ms
8ms

Media
video/mp4

2a00:1450:4001:5c::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5e6ns7.googlevideo.com/videoplayback?expire=1621923207&ei=J0GsYLK_OK-uxN8Pjbub0AM&ip=3.248.214.185&id=o-AOUhgdh7U8Zon1FVE86coJbgWc48B2IiccGmbcsjC_Jw&itag=22&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=a82U8mVgLKe7FnF0CIHIMpwF&ratebypass=yes&dur=207.400&lmt=1527958054301891&fexp=24001373%2C24007246&c=WEB&n=IJFMGrXg7n5KFo254&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cratebypass%2Cdur%2Clmt&sig=AOq0QJ8wRAIgWPR0ZZQS2k27pYSrkkzW5vpBRS-hsBH3MLsl1xmarcUCIGmao4nQeaBWTuHdPErMBXqx-XibXlSlAr6SjiCl-NQ0&cms_redirect=yes&mh=3a&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6ns7&ms=au&mt=1621910450&mv=m&mvi=1&pl=50&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK6V5YKf75-FlQw07HT-oMjU-Dkks_JOdkUEb4keZ_2kAiEAxvoVIHWtWJCvKGo4VdIrHZ8r6Chgaz0n8-NzbV33S04%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:5c::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
x-content-type-options: nosniff
last-modified: Sat, 02 Jun 2018 16:47:34 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-55610659/55610660
client-protocol: quic
cache-control: private, max-age=12093
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 55610660
expires: Tue, 25 May 2021 02:46:54 GMT

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r1---sn-4g5e6ns7.googlevideo.com/videoplayback?expire=1621923207&ei=J0GsYLK_OK-uxN8Pjbub0AM&ip=3.248.214.185&id=o-AOUhgdh7U8Zon1FVE86coJbgWc48B2IiccGmbcsjC_Jw&itag=22&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=a82U8mVgLKe7FnF0CIHIMpwF&ratebypass=yes&dur=207.400&lmt=1527958054301891&fexp=24001373%2C24007246&c=WEB&n=IJFMGrXg7n5KFo254&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cratebypass%2Cdur%2Clmt&sig=AOq0QJ8wRAIgWPR0ZZQS2k27pYSrkkzW5vpBRS-hsBH3MLsl1xmarcUCIGmao4nQeaBWTuHdPErMBXqx-XibXlSlAr6SjiCl-NQ0&cms_redirect=yes&mh=3a&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6ns7&ms=au&mt=1621910450&mv=m&mvi=1&pl=50&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK6V5YKf75-FlQw07HT-oMjU-Dkks_JOdkUEb4keZ_2kAiEAxvoVIHWtWJCvKGo4VdIrHZ8r6Chgaz0n8-NzbV33S04%3D
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

sync
s.cpx.to/ Frame 2E24
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=FBECC144-B7FF-4AED-9A05-5F98419BB2E9&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

95 B
881 B

28ms
27ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=FBECC144-B7FF-4AED-9A05-5F98419BB2E9&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

Requested by

Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-137-128.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 25 May 2021 02:46:54 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 25 May 2021 02:46:54 GMT

Redirect headers

location: https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=FBECC144-B7FF-4AED-9A05-5F98419BB2E9&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8
date: Tue, 25 May 2021 02:46:53 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

an_fire
s.cpx.to/ Frame 2E24
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12763%26ref%3Dhttps%253A%252F%252Fww3.read7deadlysins.com%252F%26hn_ver%3D16%26fid%3D462a1686-dcf8-...
https://s.cpx.to/an_fire?app_nexus_uid=2856234407030238743&pid=12763&ref=https%3A%2F%2Fww3.read7deadlysins.com%2F&hn_ver=16&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

95 B
865 B

44ms
44ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/an_fire?app_nexus_uid=2856234407030238743&pid=12763&ref=https%3A%2F%2Fww3.read7deadlysins.com%2F&hn_ver=16&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

Requested by

Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-137-128.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 25 May 2021 02:46:54 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 25 May 2021 02:46:54 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.238:80
AN-X-Request-Uuid: 677dce4f-c568-43c9-ad6c-c9d8521b5410
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/an_fire?app_nexus_uid=2856234407030238743&pid=12763&ref=https%3A%2F%2Fww3.read7deadlysins.com%2F&hn_ver=16&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ca.png
s.cpx.to/ Frame 2E24
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8
https://s.cpx.to/ca.png?dsp=dbm&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8&google_gid=CAESEOwKL41v2RvRdqN6dOD-nHQ&google_cver=1

95 B
804 B

78ms
27ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?dsp=dbm&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8&google_gid=CAESEOwKL41v2RvRdqN6dOD-nHQ&google_cver=1

Requested by

Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-137-128.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 25 May 2021 02:46:54 GMT
X-Frame-Options: sameorigin
Content-Type: image/png
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 95

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.cpx.to/ca.png?dsp=dbm&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8&google_gid=CAESEOwKL41v2RvRdqN6dOD-nHQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

sync
s.cpx.to/ Frame 2E24
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8&gdpr=0
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D462a1686-dcf8-4f7c-85d5-0c2721ee91f8&gdpr=0&cklb=1
https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=2155387749517321864&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

95 B
871 B

52ms
28ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=2155387749517321864&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8

Requested by

Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-137-128.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 25 May 2021 02:46:54 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 25 May 2021 02:46:54 GMT

Redirect headers

location: https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=2155387749517321864&fid=462a1686-dcf8-4f7c-85d5-0c2721ee91f8
date: Tue, 25 May 2021 02:46:54 GMT
content-length: 0

GET
H/1.1

200
OK

sync
s.cpx.to/ Frame 2E24
Redirect Chain

https://token.rubiconproject.com/token?pid=34010&puid=31d5c00d49c8cb73&gdpr=0
https://s.cpx.to/sync?dsp=rubicon&dsp_uid=KP3FTL71-5-74US&customParamenters={p:customParamenters}&gdpr=0

95 B
859 B

111ms
33ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=rubicon&dsp_uid=KP3FTL71-5-74US&customParamenters={p:customParamenters}&gdpr=0

Requested by

Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-137-128.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 25 May 2021 02:46:54 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 25 May 2021 02:46:54 GMT

Redirect headers

Location: https://s.cpx.to/sync?dsp=rubicon&dsp_uid=KP3FTL71-5-74US&customParamenters={p:customParamenters}&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

sync
s.cpx.to/ Frame 2E24
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
https://s.cpx.to/sync?dsp_uid=a442fbe8-bdb4-4220-808c-55a86f50264b&dsp=TTD

95 B
876 B

139ms
27ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp_uid=a442fbe8-bdb4-4220-808c-55a86f50264b&dsp=TTD

Requested by

Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-137-128.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 25 May 2021 02:46:54 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 25 May 2021 02:46:54 GMT

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://s.cpx.to/sync?dsp_uid=a442fbe8-bdb4-4220-808c-55a86f50264b&dsp=TTD
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 179

GET
H/1.1 200
OK sync
pool.grid-data.bidswitch.net/ Frame 2E24 43 B
220 B 40ms
7ms Image
image/gif 3.126.30.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pool.grid-data.bidswitch.net/sync?pid=42
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=05ce0684c5396c5bd68c434103884dbb5&cb=9169241621910813234
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.30.34 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-30-34.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:54 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2E58 143 B
1 KB 45ms
44ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b22d47b10499a007a320b85dec6d283c121c1b98f0ba7c03b2406bbd0dcd5d8f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.231:80
AN-X-Request-Uuid: 241f4127-fb80-4e76-b105-56bf0e3f3821
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 2E58 0
319 B 53ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 2E58 284 B
1 KB 61ms
15ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=309d747c-d95a-4486-b180-a4987f56c6ea&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8871220368239956
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 73da2c879d92fddbe81e0098dfa2b520bb88a8b6a1afcbcccf7880f73bce7543

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 2E58 3 KB
2 KB 53ms
53ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPTMwOWQ3NDdjLWQ5NWEtNDQ4Ni1iMTgwLWE0OTg3ZjU2YzZlYQ%3D%3D&pt=gross&stid=45a79660-4026-4970-890f-923b2bf0c0f0&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3abf42c9adebcb657bc5bc4a335638fbcb0964a2cc449531975c92019f04af98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 865F 0
319 B 50ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 865F 144 B
1 KB 65ms
40ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

c48813f0c6414a6394ce88a14169c9e476c9225fce09d3702a7135d13694d162

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.38:80
AN-X-Request-Uuid: 867a6ca3-d6dd-4d71-9409-6d5d6f736c29
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 865F 3 KB
2 KB 52ms
51ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPTk3YjUxY2IwLTcwMjUtNGM0ZC04NGMxLTZlMjkxNmMyOTFhMA%3D%3D&pt=gross&stid=bee368fa-9d40-463a-acf6-c89420de7444&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f77e74580c9873367c81bd227811123288f2f15581f5d49bf86e00e7f5abd8b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 865F 284 B
1 KB 71ms
21ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=97b51cb0-7025-4c4d-84c1-6e2916c291a0&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.31316743589351925
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: ae75e773195405f63c83cc92dd3d04119d88076d0c9ca53b0fda0568fde7868a

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 9897 3 KB
2 KB 53ms
52ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPTM2ZWEwMDA2LTczMmQtNDFlNi05ZmE3LTVhZjQ4NjI4MWU1NQ%3D%3D&pt=gross&stid=86aab91b-0c93-4c31-99a0-7f9c43c8c62a&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

735b8fdce3b66a8586292e5de365f81fea148b6b6278fb8510ee1dc78b2d3fb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 9897 0
319 B 47ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 9897 284 B
1 KB 59ms
19ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=36ea0006-732d-41e6-9fa7-5af486281e55&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.20936956389310368
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e606b88f22681ff4345da88cc69427508b872d962152d6b6150d46513583740c

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9897 144 B
1 KB 62ms
41ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

2cce638cdab68bdb54c574dbaddd96eace5adb8f41c56ba795d656759ee491ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.232:80
AN-X-Request-Uuid: 7d1f259e-a6c3-42c3-b95a-b12880639c46
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame FC03 284 B
1 KB 70ms
21ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=1a9188dc-b60a-4544-806b-4e9d4b0bd4ab&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8576632933158232
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 2fbbb4bdb43c3853d5f640b58e98f3d99fce1f7a2f6a28ee32cea3573d81f152

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame FC03 144 B
1 KB 85ms
42ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

fbaeb6cbd55dc848df7113819da2ee6a48dc8cfe1265ebcf555a92b72eb39daf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.182:80
AN-X-Request-Uuid: c50065fa-19ca-46cc-b65b-c3026fd6fe38
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame FC03 0
319 B 39ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H2 200 / Show response
adx.adform.net/adx/ Frame FC03 3 KB
2 KB 51ms
51ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPTFhOTE4OGRjLWI2MGEtNDU0NC04MDZiLTRlOWQ0YjBiZDRhYg%3D%3D&pt=gross&stid=a1d16381-4f71-4a7f-ae8b-7dcfb974a5c8&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

87b1d7a33866a970cbbc66c39914f260e7801a03f86333a70d336d40df42b40a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame BB4B 144 B
1 KB 112ms
69ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

1bda294a9ad20ea8d7efe0f2b5b6757fb0b999cd46917aff508829a7a1d4985c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.74:80
AN-X-Request-Uuid: 43c0b42f-d857-45db-b0ad-733ee9411c11
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame BB4B 284 B
1 KB 55ms
16ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=9f6c3b01-d154-4254-984c-983a44a3479f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.34655228345667255
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 5fe762235dff5c6c1bf33b317522129432b5c54df727c3614f1bb15fba5c1a34

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame BB4B 0
319 B 33ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H2 200 / Show response
adx.adform.net/adx/ Frame BB4B 3 KB
2 KB 47ms
47ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPTlmNmMzYjAxLWQxNTQtNDI1NC05ODRjLTk4M2E0NGEzNDc5Zg%3D%3D&pt=gross&stid=35926674-ff3a-42b2-85a7-e497e470fe78&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1aee62390f1a46c39de05e245924b94e2155373257094c9e1e14b6b67e530100

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 6550 0
319 B 31ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 6550 3 KB
2 KB 54ms
53ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPWRmYWZkOTM4LWQ4Y2YtNDcwZS05YTc5LTliMzQ5ZTIxMTRlNA%3D%3D&pt=gross&stid=45c6f426-0277-4134-bbaa-b1929726c9b1&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d318e574ed5914198dc092c29a7fa761b25b0e2c59e07f40c59b9cbd5a7fd265

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6550 284 B
1 KB 58ms
15ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=dfafd938-d8cf-470e-9a79-9b349e2114e4&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.6350741982292301
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: bf0f983511eade4b610daee0289a97c478db68f9016867811b3260bd542af316

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6550 144 B
1 KB 99ms
46ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

c6c26e9fd32854aee98de2acc25e0430247818615f0e19c75a83cc02ab76388a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.52:80
AN-X-Request-Uuid: 373b9949-81e8-4325-834c-72fceeefe11b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame AFBE 284 B
1 KB 60ms
24ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=491bb5a5-4215-4f6b-bed5-294365022b0a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.030515316286252814
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e84ec2df928c8fcdc9baf15e86516bbe2c4da19182377d8be95d099fd391dcac

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame AFBE 3 KB
2 KB 53ms
53ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPTQ5MWJiNWE1LTQyMTUtNGY2Yi1iZWQ1LTI5NDM2NTAyMmIwYQ%3D%3D&pt=gross&stid=3512de3a-ca1d-4aad-bae2-03c7fe22d38d&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

70667ce810a4ab76df588aac5f88cfe24f1c68131d621b5700282cde9832c850

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame AFBE 797 B
2 KB 28ms
25ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 58b9321705fe7310f2ad6c57d3e1765bf6f2d9de859cd4d4d6ddf160b6e94444

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 6%3b3%3b112
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame AFBE 143 B
1 KB 88ms
39ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

5dd3744b3c4c4ca24f5ca3c270fe5275aeefdde79446288a9554095ad6182af5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.153:80
AN-X-Request-Uuid: 7e6a3925-1d61-4d93-a391-d6329e85327a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 async.php Show response
platform.bidgear.com/ Frame ED55 5 KB
2 KB 117ms
116ms Script
application/javascript 2606:4700:20::ac43:4a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.bidgear.com/async.php?domainid=1042&sizeid=2&zoneid=2125&k=5c00c68a67ca2
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=3191181510d1c5163e53c1097b6d94291&cb=3371671621910813240
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8d9c362c89ab0d3819b7fd4d5b342ef470cf7d999bf4bc91b2e1c6127db1f8a

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Rk4P%2FrheKLep%2FX%2Feof7KaS4StHaZxuzCrYTgiaL%2BRqClJmN3iEcqtYoIPM%2FKOUv%2FTSRaE4iObc8TZrwz3iEJvthDXLAyR6JjyvZcw%2FBo23pJ8IWG2FrkfmUye3t2xYnnZU4UmAHlIIgjoUWTwg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
cf-ray: 654b6f9d79771f31-FRA
cf-request-id: 0a4304166900001f312e166000000001
expires: 0

GET
H/1.1 200
OK notifyme.php Show response
adtrack.adleadevent.com/ Frame 2E24 0
522 B 128ms
33ms XHR
application/x-javascript 54.217.252.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.252.120 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 May 2021 02:46:54 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 5DA6 1 KB
2 KB 57ms
20ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=45218947;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=G4qFVpeIihbq29qpQygQjfeMYSeh6c3E3RDG_Di5lbZ8U__CyPwZA4yAe0wTDlRbRhY7XEFMtzJjUTzeejJMYACxeP9ephrk5jVrJ45sNIUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iAGelWOrzKxc8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=sBo34bq4Frt42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknR3tvd_s1cQIdTa3vpKM0nabd7LGXjWR8wb2Nz0N7bHVhMqMAPrwA-pCjnC3xSNf1r8PUCDt9fIkQmn9qHx8dhL62aNtg0L7iFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyffLoxdqMC7wA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDSzmfmLpj7GS1IwLkOi1Phber1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8e3dca3d0c3e2c69a8e0ccf035e9f65b77bf76c0903de79f2d6a2b491fba860a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1321
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 5DA6 58 KB
24 KB 29ms
0ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

pixel
cm.adform.net/ Frame 5DA6
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://x.bidswitch.net/ul_cb/sync?ssp=adform
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
https://x.bidswitch.net/sync?dsp_id=4&user_id=f7ab0538-7fa6-4152-87ce-d29e52f97481&ssp=adform&expires=30&user_group=5&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

43 B
162 B

22ms
21ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
date: Tue, 25 May 2021 02:46:55 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 5DA6
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

129ms
24ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.148:80
AN-X-Request-Uuid: 7fee3ac4-5cca-4e97-ab53-4f0a55416fb7
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 5DA6
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=b1f2b4c7-0171-4503-b78a-a98c2d45abb0

43 B
162 B

122ms
21ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=b1f2b4c7-0171-4503-b78a-a98c2d45abb0
Requested by: Host: runwaff.com
URL: https://runwaff.com/syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=b1f2b4c7-0171-4503-b78a-a98c2d45abb0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 2E58 0
103 B 1175ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiNDVhNzk2NjAtNDAyNi00OTcwLTg5MGYtOTIzYjJiZjBjMGYwIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiQURGT1JNIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19LHsicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJzaXplcyI6W3sid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9XSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbXSwicmVzcG9uc2VzIjpbeyJiaWRkZXIiOiJBREZPUk0iLCJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsImlkIjoiOTM0OGZlNmY1NzAzNGQiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MC4wNTEwMDM4NTU4Nzg5NzU0Nywic2l6ZSI6eyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH0sInRpbWVUb1Jlc3BvbmQiOjExOSwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX0seyJiaWRkZXIiOiJBREZPUk0iLCJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsImlkIjoiOTM0OGZlNmY1NzAzNGQiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MC4wNTEwMDM4NTU4Nzg5NzU0Nywic2l6ZSI6eyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH0sInRpbWVUb1Jlc3BvbmQiOjExOSwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX1dLCJ3aW5uZXJzIjpbXX19XX0%3D&id=45a79660-4026-4970-890f-923b2bf0c0f0&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 2E58 0
103 B 1270ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjkzNDhmZTZmNTcwMzRkIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=45a79660-4026-4970-890f-923b2bf0c0f0&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 7E28 1 KB
2 KB 28ms
21ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=42173458;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=OS-8pJ27cx1t80IVWwQfQmE4WHGRqH-1kufqwnY4tw_1RSChZqL51DIQIJOmZt0pv7FqjbP8FygEiuMG4UneOQhh2ON4Isn69w0nsxF19yUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5jm_EH7owHJ888jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=m5D2R0CaQPB42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz10a3Jwkl4uAuOMOqtrwYj_99yHnrX3-Yq41wUtXy3s232WndsyQtExvdq5tkQ8Tp-aJ5PzzvWo-FOZ5nJE5k3ngOHYsb569ZdmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyUT9ubrsFdb5A7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDZ7UVDpnb5VfPKEpU4M09Dver1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

63cad4cbdabc1e154d114197e473ac80a92a2c323172625d3998f3fd266674fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1321
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 7E28 58 KB
24 KB 26ms
22ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

pixel
cm.adform.net/ Frame 7E28
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://x.bidswitch.net/ul_cb/sync?ssp=adform
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dadform%26bsw_param%3D96763ec5-fa40-4a5c-bb69-98d62a1b94bd...
https://x.bidswitch.net/sync?dsp_id=80&user_id=e06160ac-651d-4e00-8de7-6426066579f3&expires=30&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&gdpr=&gdpr_consent=
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

43 B
162 B

22ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:56 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
date: Tue, 25 May 2021 02:46:56 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 7E28
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
163 B

121ms
18ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.108:80
AN-X-Request-Uuid: 508d8b3b-6618-4c70-b6a1-41970d5c869f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 7E28
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

43 B
162 B

106ms
23ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Requested by: Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2999
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 865F 0
103 B 1207ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiYmVlMzY4ZmEtOWQ0MC00NjNhLWFjZjYtYzg5NDIwZGU3NDQ0IiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBREZPUk0ifSx7ImJpZGRlciI6IlJVQklDT04ifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsInNpemVzIjpbeyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5OTMyYzNmMzdmOWFmNCIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MTAwMzg1NTg3ODk3NTQ3LCJzaXplIjp7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfSwidGltZVRvUmVzcG9uZCI6MTE4LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5OTMyYzNmMzdmOWFmNCIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MTAwMzg1NTg3ODk3NTQ3LCJzaXplIjp7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfSwidGltZVRvUmVzcG9uZCI6MTE4LCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=bee368fa-9d40-463a-acf6-c89420de7444&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 865F 0
103 B 1301ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6Ijk5MzJjM2YzN2Y5YWY0IiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=bee368fa-9d40-463a-acf6-c89420de7444&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 047A 1 KB
2 KB 28ms
22ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=41071221;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=uSV1xgGdzQve78zuYfx_tRDUu3ycOTSsVP-ADR8QenmrZ3Fb8oPKTPe--5-00Wf9U-B_lc3YSvlAzWIz_Hq64XyJDl13L8YgdAV0rcbm9doFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5gFj3SdCdK4k88jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=Rac_1Yf_kd542u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTvMejHOdxhNU9zZjyqtz6ozH4m33C6wV6W3ouUMgVeqI2YrOd1yOCopOxDvrEfFBGicnpwgINImTU1vRRh-jKvNNUggE0_YkFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyeoitXcusxSgA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDcA-LMOEbEeY7gH3CiRILsfer1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

625c0bb576663c4629d847cbe31dd9d09be82d2b9615906dd508c7b76764824c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1323
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 047A 58 KB
24 KB 31ms
27ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

pixel
cm.adform.net/ Frame 047A
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://x.bidswitch.net/ul_cb/sync?ssp=adform
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=283&user_id=8010eac9-6c0c-4bce-b3b0-5be36252e8d1&expires=1&user_group=5&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
https://x.bidswitch.net/ul_cb/sync?dsp_id=283&user_id=8010eac9-6c0c-4bce-b3b0-5be36252e8d1&expires=1&user_group=5&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
https://cm.adform.net/pixel?adform_pid=3&adform_pc=21cf22d5-2664-495a-95fe-b0fee6a3d83b&adform_v=1

43 B
162 B

22ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=21cf22d5-2664-495a-95fe-b0fee6a3d83b&adform_v=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:01 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=21cf22d5-2664-495a-95fe-b0fee6a3d83b&adform_v=1
date: Tue, 25 May 2021 02:47:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 047A
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

128ms
23ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.39:80
AN-X-Request-Uuid: 6b97aa52-4293-46ff-89c6-c26909f34375
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 047A
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1ecd9990-1b82-4760-a0c7-c82bde10f457

43 B
162 B

103ms
21ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1ecd9990-1b82-4760-a0c7-c82bde10f457
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1ecd9990-1b82-4760-a0c7-c82bde10f457
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2998
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 9897 0
103 B 1239ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiODZhYWI5MWItMGM5My00YzMxLTk5YTAtN2Y5YzQzYzhjNjJhIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiQURGT1JNIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fSx7InBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwic2l6ZXMiOlt7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiQURGT1JNIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJpZCI6IjkwYjM1YzRmOWE3YzE3Iiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAuMDUxMDAzODU1ODc4OTc1NDcsInNpemUiOnsid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9LCJ0aW1lVG9SZXNwb25kIjoxMTUsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiQURGT1JNIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJpZCI6IjkwYjM1YzRmOWE3YzE3Iiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAuMDUxMDAzODU1ODc4OTc1NDcsInNpemUiOnsid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9LCJ0aW1lVG9SZXNwb25kIjoxMTUsImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=86aab91b-0c93-4c31-99a0-7f9c43c8c62a&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 9897 0
103 B 1332ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjkwYjM1YzRmOWE3YzE3IiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=86aab91b-0c93-4c31-99a0-7f9c43c8c62a&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame DDDF 284 B
1 KB 16ms
16ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=05e522e1-da3c-418d-af7b-e743acb232b2&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.16877352027547077
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: a7905df4e9a84235722017128197cf1b52ccb73b37b2d19538b8ef24ce94d2bc

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame DDDF 0
319 B 17ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H2 200 / Show response
adx.adform.net/adx/ Frame DDDF 3 KB
2 KB 50ms
50ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPTA1ZTUyMmUxLWRhM2MtNDE4ZC1hZjdiLWU3NDNhY2IyMzJiMg%3D%3D&pt=gross&stid=c5372e6c-4cd9-46e2-bfb0-7339cb64f87e&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1c481e8b59108e14991c2024ec8cd74579464be5cd12617808356db9bcceb36c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DDDF 143 B
1 KB 176ms
39ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

1339716646a811656f6ce48830e22f025c3f4eef41e7ffbcee29a5ce29ca179b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.46:80
AN-X-Request-Uuid: f4e1a118-4839-442a-bf0f-701e19de99ca
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 9F0A 3 KB
2 KB 52ms
50ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPWRiMTlhYTE0LWExMzEtNGQzZS1hZGVmLTY2NTg5ZGU4NzZmYw%3D%3D&pt=gross&stid=af3a1173-b739-4d54-96e3-8af348ac5418&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ec30e31958aabcb6e98e8ec717b902c14ac2b17690576bd1d2c630f8331c06c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9F0A 144 B
1 KB 176ms
55ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

93be849efc0b6a35432d618f56468227ba1de73fc1f3015bd2d92be5d60676e5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.133:80
AN-X-Request-Uuid: d266c5ad-487f-47a4-bf4b-350d33975104
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 9F0A 284 B
1 KB 26ms
26ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=db19aa14-a131-4d3e-adef-66589de876fc&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3007047367679123
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: d55dc8ecba4b4fa450ced592faecf78dd1cd8e65d84d5ba88a688257d5a7e452

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 9F0A 0
319 B 17ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H/1.1 200
OK b4f52a47-7a4c-4ad6-bb52-5b854781b85e.jpg
crcdn01.adnxs.com/creative/p/3854/2020/5/18/18859790/ Frame 8D02 27 KB
28 KB 1302ms
13ms Image
image/jpeg 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crcdn01.adnxs.com/creative/p/3854/2020/5/18/18859790/b4f52a47-7a4c-4ad6-bb52-5b854781b85e.jpg
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=69a1ae274eff659621cc5da174992f8b3&cb=5820761621910813239
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.19.0 /
Resource Hash: ae897c28ca343c708e3e307d8be45c7bd369366bde0e73da16a71afdfb304aef

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:55 GMT
Last-Modified: Mon, 18 May 2020 21:26:00 GMT
Server: nginx/1.19.0
x-amz-request-id: 7b45607d-b8eb-4f3d-843d-72c1984b4fc0
X-Clv-Request-Id: 7b45607d-b8eb-4f3d-843d-72c1984b4fc0
ETag: "158b4d429f8bf9b1b999c00f41c06a61"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=3888000
X-Clv-S3-Version: 2.5
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28035
Expires: Fri, 09 Jul 2021 02:46:55 GMT

GET
H/1.1 200
OK it
ams1-ib.adnxs.com/ Frame 8D02 0
824 B 15ms
15ms Image
text/html 185.33.221.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams1-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fww3.read7deadlysins.com%2F&e=wqT_3QLJC6DJBQAAAwDWAAUBCJ7KsYUGEJybpMWincueWBiX3KTS9sHY0ScqNgkAAAkCABEJBwgAABkJCQjwPyEJCQgAACkRCQAxCQmw8D8wxZaSAziOHkCOHkgCUP334WlYqPs5YABo9q9VeLOQBYABAYoBA1VTRJIBAQbwUpgBrAKgAfoBqAEBsAEAuAECwAEDyAEC0AEA2AEA4AEA6gGEAmh0dHBzJTNBJTJGJTJGYW1zMS1pYi5hZG54cy5jb20lMkZjbGljayUzRkFBQUFBTgMAGEtCSDRkb19OGwBsQUc5Rml2Z191N0VJRnk1SmFnOWlveWNkWmF4ZwUwMEJVS0Z3RVlLQUFBNVEBEjRJQUFBQ2Y3bjRDZmQ4ZgESEQEwUlZWU0FDd0ItZ0NiQgkVDEJBZ0UJChxOSUEtaEplMQVEKEEuJTJGYmNyJTNECR4FAQglM0QBFyBuJTNEMCUyRmMB16BlbmMlM0TwAQCKAjx1ZignYScsIDI5MTM5OTQsIDE2MjE5MTA4MTQpOwEdAHIBHRwyMTgwNTU2NTYfAPBekgLdAyFNa0pVRUFpaW52VVJFUDMzNFdrWUFDQ28temt3QkRnQVFBUklqaDVReFphU0ExZ0FZT2NGYUFCd0FIZ0FnQUVBaUFFQWtBRUFtQUVBb0FFU3FBRURzQUVBdVEN5QEBBE1FDfwBATxESkFkT2ZlYWdDNGdKQTJRESggRHdQLUFCQVBVCSwoSmdDQUtBQ0FMVUMBNghBTDAJCNhPQUNBT2dDQVBnQ0FJQURBWmdEQWJvRENVRk5VekU2TkRFMk1PQUR4U3VJQkFDUUJBQ1lCQUhCCVUJAQR5USlyBQEUTmdFQVBFEYUsQUFBQ0lCY0FncVFVAQ0EQUEBmAQ3RV1JCERCQh0_AHkVKAxBQUFOMigAAFouKACoNEFVQThBV2x6Sm9ELUFYSzdiRUJnZ1lEVlZORWlBWUFrQVlCbUFZQW9RWQFKCQEkS2dHQWJJR0pBawkQAQEAQh2rBEJrARIJAQBDHRhITGdHQ2cuLpoCiQEhYlEtakxnaTLhASRxUHM1SUFRb0FEHTVMRG9KUVUxVE1UbzBNVFl3UU1VclMR6QxQQV9VEQwMQUFBVx0MAFkdDABhHQwAYx0MPGVBQS7YAgDgArnQMOoCIGhhv1Q6Ly93dzMucmVhZDdkZWFkbHlzaW5zYb_wlS-AAwCIAwGQAwCYAxmgAwGqAwDAA6wCyAMA2AOgpqkB4AMA6AMA-AMBgAQAkgQEL3R0apgEAKIEDjE4NS4yMjAuNzAuMjM2qAQAsgQMCAAQABgAIAAwADgAuAQAwAQAyAQA0gQOMzg1NCNBTVMxOjQxNjDaBAIIAOAEAPAE_ffhaYgFAZgFAKAF____________AcAFAKEjAQEU8D_SBQkJAQoBATTYBQHgBQHwBYOVJ_oFBAFtKJAGAJgGALgGAMEGASEwAADwP9AGoQ_aBhYKEAkRGQFcEAAYAOAGAfIGAggAgAcBiAcAoAcBugcPAUgEGAAFtSzABkAAyAezkAXSBw0VdgE4CNoHBgknMOAHAOoHAggA8AevigM.&s=c5a21685b336c80e8404fac2f1a556c433b04292

Requested by

Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=69a1ae274eff659621cc5da174992f8b3&cb=5820761621910813239

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.146:80
AN-X-Request-Uuid: deba33da-64ed-4c90-8ef3-4cdb085553e2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame E42A 284 B
1 KB 15ms
15ms XHR
application/json 213.19.162.31
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=301448&zone_id=1545054&size_id=15&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fww3.read7deadlysins.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=760e5fad-d783-4c25-aeac-559927a6e212&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.44652839113162623
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.31 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: ff70ab95a87550a4664510fec0cc8660bdbe067f6500b1e29e5c7da3958ce5b2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame E42A 0
319 B 17ms
17ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:53 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame E42A 144 B
1 KB 145ms
41ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

982731bc42625712b84f0c2654e198b88aa69f4420a51117704cc367e7fb8ef9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.118:80
AN-X-Request-Uuid: cbcedc9b-7c19-4edb-819f-9103cfa811c6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://runwaff.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame E42A 3 KB
2 KB 74ms
73ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTc2MzQ4NSZ0cmFuc2FjdGlvbklkPTc2MGU1ZmFkLWQ3ODMtNGMyNS1hZWFjLTU1OTkyN2E2ZTIxMg%3D%3D&pt=gross&stid=8e44540a-b506-4d04-90bc-48c6edcb73e5&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

45f774e2f81fa416611d03882502725c44c2d5d87978324544fa6ec5d7df7ccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 61A3 1 KB
2 KB 23ms
20ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=42668740;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=ZPkCbhmZbT_Sam2xq9o2NCaX2nwXAYytIwu2YCMks6WetEjMx1R1ZXXN1_IoWoCT9ccQe0Fk6CcpvpkjNWsolvkpcmuh4P_Ki-2NZx3GH7cFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5irtBj2g3LIFs8jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=UboeEUUWZ8B42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTxQfLXoDWXfv1euo7mBLg5_Ih_9onTnKlhd-mQT0X9GaZrvfOM9I3E6VuXf9kFnS5GicGAJ9fmRsqtXApkEPB6GTZOZuzmhWxmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfDBcvVKbR2MA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDRcihOQ3dLyuIi1y0VlSJGXer1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4705dbb884e63deff30ef847292ae6933b0adb5c2b89137fb3a2f04baa8a86f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1320
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 61A3 58 KB
24 KB 24ms
22ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

sync
x.bidswitch.net/ Frame 61A3
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://x.bidswitch.net/ul_cb/sync?ssp=adform
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=adform&bsw_custom_parameter=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=2a80af29-2897-44e5-b5da-50c04919772a&user_group=1&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd

43 B
145 B

9ms
9ms

Image
image/gif

3.124.165.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=2a80af29-2897-44e5-b5da-50c04919772a&user_group=1&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.165.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: //x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=2a80af29-2897-44e5-b5da-50c04919772a&user_group=1&ssp=adform&bsw_param=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
date: Tue, 25 May 2021 02:46:57 GMT
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

pixel
cm.adform.net/ Frame 61A3
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

62ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.75:80
AN-X-Request-Uuid: c55e47ee-66d4-4370-9f93-0a105a1be808
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 61A3
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

43 B
162 B

97ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2997
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame FC03 0
103 B 1309ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiYTFkMTYzODEtNGY3MS00YTdmLWFlOGItN2RjZmI5NzRhNWM4IiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJBREZPUk0ifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsInNpemVzIjpbeyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5NmNmYTRjZTBiNDZhYiIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MTAwMzg1NTg3ODk3NTQ3LCJzaXplIjp7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfSwidGltZVRvUmVzcG9uZCI6MTEyLCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5NmNmYTRjZTBiNDZhYiIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MTAwMzg1NTg3ODk3NTQ3LCJzaXplIjp7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfSwidGltZVRvUmVzcG9uZCI6MTEyLCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=a1d16381-4f71-4a7f-ae8b-7dcfb974a5c8&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame FC03 0
103 B 1341ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6Ijk2Y2ZhNGNlMGI0NmFiIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=a1d16381-4f71-4a7f-ae8b-7dcfb974a5c8&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame B4A2 1 KB
2 KB 21ms
20ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=45412308;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=G4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=uP9_xzm7p3gWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJGDRnenwf3ZOIZbwXk0NHvEGaRriKBgaK1upDjbA2t0vzcGsEcX2GvCO8nle1gh-LiD_96yP7hgsc-1Vp63gCqmo_iQpYtm7B4N_y1mXCcha3Qz0iQZiugfOTp_vwujtosuJwHiM67O1Itc1mWY_0sN0;pui=CQ8Cld2Xq9y0edKP5QUkDYxnuiJPnpfrSEjv6iMURvjer1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

81cdf17c5ddd6df64df5b5e234c1df9c45fe41bff40b76be995ab20f2e90f45b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1302
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame B4A2 58 KB
24 KB 22ms
21ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

pixel
cm.adform.net/ Frame B4A2
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=93&user_id=a442fbe8-bdb4-4220-808c-55a86f50264b&expires=30&ssp=adform&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21}
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

43 B
162 B

33ms
25ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=60f0e959e67789b550dbbeaa782904915&cb=9059651621910813235
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
date: Tue, 25 May 2021 02:46:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame B4A2
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

61ms
24ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=60f0e959e67789b550dbbeaa782904915&cb=9059651621910813235
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.47:80
AN-X-Request-Uuid: 275a010b-2564-4814-ac98-6f352b4f88dc
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame B4A2
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

43 B
162 B

68ms
28ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=60f0e959e67789b550dbbeaa782904915&cb=9059651621910813235
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame BB4B 0
103 B 1292ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiMzU5MjY2NzQtZmYzYS00MmIyLTg1YTctZTQ5N2U0NzBmZTc4IiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9LHsiYmlkZGVyIjoiQURGT1JNIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19LHsicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJzaXplcyI6W3sid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9XSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbXSwicmVzcG9uc2VzIjpbeyJiaWRkZXIiOiJBREZPUk0iLCJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsImlkIjoiOTMwY2Y5MjM5ODFjNWIiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MC4wNTI2MDI4MjMxMTAwNTU1LCJzaXplIjp7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfSwidGltZVRvUmVzcG9uZCI6MTA2LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5MzBjZjkyMzk4MWM1YiIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MjYwMjgyMzExMDA1NTUsInNpemUiOnsid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9LCJ0aW1lVG9SZXNwb25kIjoxMDYsImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=35926674-ff3a-42b2-85a7-e497e470fe78&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame BB4B 0
103 B 1324ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjkzMGNmOTIzOTgxYzViIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=35926674-ff3a-42b2-85a7-e497e470fe78&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame DFFE 1 KB
2 KB 23ms
20ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=45412305;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=sqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=UboeEUUWZ8AWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJH5G_uilC9X4banfSWfV8AZMdRrf00n8DLOdLjvvTD1yp-rhaUcjVvvDVfBLjP206BX-kYC9z2tMxAT98iFLS6SrjaTfJn5JLAN_y1mXCcha3Qz0iQZiugfOTp_vwujtotdNmOES7cPo4tc1mWY_0sN0;pui=CQ8Cld2Xq9y0edKP5QUkDTw85nQIa015X8nmRTPhshjer1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ed1e079e618d298f180c5e2a4dc76bd0143f1c918e475ee52b76f6e142a492fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1304
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame DFFE 58 KB
24 KB 22ms
21ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

sync
x.bidswitch.net/ Frame DFFE
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://ums.acuityplatform.com/bum?tpid=29&uid=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&bidswitch_ssp_id=adform
https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

43 B
145 B

9ms
9ms

Image
image/gif

3.124.165.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform
Requested by: Host: runwaff.com
URL: https://runwaff.com/usersync?i=u1dvjpo9e55sy80hm5&a=05bcf34b3dc8ef781ff91667b6cbe5da7&cb=6771261621910813237
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.165.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

GET
H2

200

pixel
cm.adform.net/ Frame DFFE
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

22ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/usersync?i=u1dvjpo9e55sy80hm5&a=05bcf34b3dc8ef781ff91667b6cbe5da7&cb=6771261621910813237
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.237:80
AN-X-Request-Uuid: 668decee-c957-4bed-ad9d-a69eb066f019
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame DFFE
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

43 B
162 B

30ms
26ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Requested by: Host: runwaff.com
URL: https://runwaff.com/usersync?i=u1dvjpo9e55sy80hm5&a=05bcf34b3dc8ef781ff91667b6cbe5da7&cb=6771261621910813237
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2999
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 6550 0
103 B 1351ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiNDVjNmY0MjYtMDI3Ny00MTM0LWJiYWEtYjE5Mjk3MjZjOWIxIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiQVBQTkVYVVMifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsInNpemVzIjpbeyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5N2RhYjViYWU5MzM2YSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MjYwMjgyMzExMDA1NTUsInNpemUiOnsid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9LCJ0aW1lVG9SZXNwb25kIjoxNTIsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiQURGT1JNIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJpZCI6Ijk3ZGFiNWJhZTkzMzZhIiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAuMDUyNjAyODIzMTEwMDU1NSwic2l6ZSI6eyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH0sInRpbWVUb1Jlc3BvbmQiOjE1MiwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX1dLCJ3aW5uZXJzIjpbXX19XX0%3D&id=45c6f426-0277-4134-bbaa-b1929726c9b1&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 6550 0
103 B 1383ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6Ijk3ZGFiNWJhZTkzMzZhIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=45c6f426-0277-4134-bbaa-b1929726c9b1&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 17F0 1 KB
2 KB 24ms
20ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=37319546;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=PZgxFyI_q7DG566n0y3OElk1KHZetUlbh2lnQ7bHirSf9tx0Bry-sCxEfOinBGUBknVjfcNolpF5l-oNR9nd4q-L1jCcJ1QnmX53ZYzR6LIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hbMlLUKNDI7M8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=JrIsYnOFaJ942u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz1RcEAhpSr81T2cuj3ZpoifWlv-U0VLenhZbYlBTiNT-6uFwuax6ujvkrnQrIWsbmM6uc85TbACpfeBxJFhnv5kq_5cc2wgkBJmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfrHhprnKquDA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDXqEaR73K3PlqGT_KVhRjhHer1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

b2abeb5f73b2d92b7ede59d05e0c2e234fbc940cae3aa4d59e38fcb2166e591d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1321
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 17F0 58 KB
24 KB 24ms
22ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

sync
x.bidswitch.net/ Frame 17F0
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://ums.acuityplatform.com/bum?tpid=29&uid=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&bidswitch_ssp_id=adform
https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

43 B
145 B

10ms
10ms

Image
image/gif

3.124.165.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.165.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

GET
H2

200

pixel
cm.adform.net/ Frame 17F0
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

22ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.185:80
AN-X-Request-Uuid: 913ca0d5-ae6a-40e8-b6af-5d81addc46f8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 17F0
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

43 B
162 B

25ms
24ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Requested by: Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2998
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame AFBE 0
103 B 1411ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiMzUxMmRlM2EtY2ExZC00YWFkLWJhZTItMDNjN2ZlMjJkMzhkIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9LHsiYmlkZGVyIjoiQVBQTkVYVVMifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsInNpemVzIjpbeyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSx7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5Y2Q3M2ZjYmY3YTIzZCIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjo4MywiYWZ0ZXJUaW1lb3V0IjpmYWxzZX0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJpZCI6IjljZDczZmNiZjdhMjNkIiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAsInNpemUiOnsid2lkdGgiOjAsImhlaWdodCI6MH0sInRpbWVUb1Jlc3BvbmQiOjgzLCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiIxMDIzNDZlNWQzZjU0YzEiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MC4wNTEwMDM4NTU4Nzg5NzU0Nywic2l6ZSI6eyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH0sInRpbWVUb1Jlc3BvbmQiOjE0OSwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX1dLCJ3aW5uZXJzIjpbXX19XX0%3D&id=3512de3a-ca1d-4aad-bae2-03c7fe22d38d&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame AFBE 0
103 B 1442ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjEwMjM0NmU1ZDNmNTRjMSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIn0%3D&id=3512de3a-ca1d-4aad-bae2-03c7fe22d38d&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H2 200 i.js Show response
cm.adskeeper.co.uk/ Frame 934B 113 B
223 B 194ms
192ms Script
application/javascript 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.co.uk/i.js?&cbuster=162191081453254573287
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/b/i/bidgear.readnaruto.com.842741.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba2ac09da587446c736dca48ca41b1511361c37ce63084ffaa68cdb4a7834ade

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: MISS
x-mg-request-uuid: 10807ea1-a8b8-482d-95e5-0b871898f5b0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 654b6f9ed96908a3-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a4304174b000008a3818ff000000001
server: cloudflare

GET
H2 200 i-noref.js Show response
cm.adskeeper.co.uk/ Frame 026D 19 B
130 B 193ms
193ms Script
application/javascript 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.co.uk/i-noref.js?cbuster=1621910814536113380367
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/b/i/bidgear.readnaruto.com.842741.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: MISS
x-mg-request-uuid: 7c399bbc-6be8-458c-b409-e69c0c37824c
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 654b6f9ee96f08a3-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a4304174e000008a37dbc3000000001
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDYvMTAxOTI0LzY0NmEwYTE2MGNjNTI5YzE1ZGM1YTE3YjZkYThhZDU4LnBuZw.webp
s-img.adskeeper.co.uk/g/8164850/492x328/0x316x716x477/ Frame 934B 23 KB
23 KB 32ms
25ms Image
image/webp 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/8164850/492x328/0x316x716x477/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDYvMTAxOTI0LzY0NmEwYTE2MGNjNTI5YzE1ZGM1YTE3YjZkYThhZDU4LnBuZw.webp?v=1621910814-PruJg3p8zIamdA4szzkCKXb6xfzAVrbOO0zW-RruSJg
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa993ce3b07f709c900cd3b97ccd65280928b06c29e9f65d9bac43f2e01e9a9b

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cf-cache-status: HIT
x-mg-request-uuid: a91cffa1-d11d-442d-8af6-51d5ef9e6e4c
age: 1532495
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23356
cf-request-id: 0a43041755000008a3a999e000000001
last-modified: Mon, 08 Feb 2021 10:20:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 654b6f9ee97608a3-CDG

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTEvMTAxOTI0LzM5MTA2NjRhYmZlODA2MmI3NDM5ZWNhZTZmZDAxYjIxLmpwZw.webp
s-img.adskeeper.co.uk/g/8164856/492x328/0x79x564x376/ Frame 934B 6 KB
6 KB 31ms
24ms Image
image/webp 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/8164856/492x328/0x79x564x376/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTEvMTAxOTI0LzM5MTA2NjRhYmZlODA2MmI3NDM5ZWNhZTZmZDAxYjIxLmpwZw.webp?v=1621910814-G_drGvUCDaPfMCzhIw06oMdjdLARA_mrvUrBH1FL9W0
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e91cf159afa5b1cedc6e7aba65efca84da8645a378ca9f9c0ca07180508fa4da

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cf-cache-status: HIT
x-mg-request-uuid: 119431cd-755a-4d9c-8d2b-21f0e78742c0
age: 2757085
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5920
cf-request-id: 0a43041756000008a3cf17d000000001
last-modified: Mon, 08 Feb 2021 10:20:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 654b6f9ee97908a3-CDG

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDUvMTAxOTI0L2ZlZTllMDcyYjRjYjM3MzA5NTE3ZTQzMzc5NDA1NWM0LnBuZw.webp
s-img.adskeeper.co.uk/g/8164829/492x328/0x72x612x408/ Frame 934B 13 KB
13 KB 33ms
26ms Image
image/webp 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/8164829/492x328/0x72x612x408/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDUvMTAxOTI0L2ZlZTllMDcyYjRjYjM3MzA5NTE3ZTQzMzc5NDA1NWM0LnBuZw.webp?v=1621910814-U1t1a-CpTcnPlPTnxvoAZx2v8zMMC1s_d5PnxthlVQM
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba8615525c16c0ef0fa1eb7fcdaeaec9b4bef309a4ea1a4a1183db04c3ae99e4

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cf-cache-status: HIT
x-mg-request-uuid: f8c83f0a-902d-497f-a7c5-bff2ad57f033
age: 2757092
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13594
cf-request-id: 0a43041756000008a3d3317000000001
last-modified: Mon, 08 Feb 2021 10:20:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 654b6f9ee97c08a3-CDG

GET
H3-29 200 int_exchange_wages_ad.svg
cdn.adskeeper.co.uk/images/adskeeper/ Frame 934B 1 KB
1 KB 78ms
50ms Image
image/svg+xml 104.19.132.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper/int_exchange_wages_ad.svg
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.132.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 096a4bb9d7f8588a8520d57f103bdf0dae273af88fc0265371124c048bff7b05

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: HIT
age: 6318
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: DXBBERYX6ZZN006T
x-amz-id-2: szIviYYhk/CBrDIabAediiv+PRUAK8AhiMVgUMOccoPTGQ5Cbvm1UwD1B0EpiOSRAW+Xr2BJ/gc=
last-modified: Mon, 04 May 2020 12:16:42 GMT
server: cloudflare
etag: W/"37346cd2daeeec771e8ffe3a34ef43ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-request-id: 0a4304176b0000084b7f26b000000001
cf-ray: 654b6f9f1f3f084b-CDG
expires: Tue, 25 May 2021 06:46:54 GMT

GET
H/1.1 200
OK 17210.js Show response
ads.rubiconproject.com/ad/ Frame CA8A 30 KB
9 KB 14ms
14ms Script
text/javascript 184.24.15.122
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/17210.js
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.15.122 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-15-122.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: a969a9b32705092663a8c9019ac9835cf93fff0d525457961e309bf04dba1424

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:54 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=13172
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 8969
Expires: Tue, 25 May 2021 06:26:26 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 5DA6 35 KB
17 KB 24ms
21ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=45218947;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=G4qFVpeIihbq29qpQygQjfeMYSeh6c3E3RDG_Di5lbZ8U__CyPwZA4yAe0wTDlRbRhY7XEFMtzJjUTzeejJMYACxeP9ephrk5jVrJ45sNIUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iAGelWOrzKxc8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=sBo34bq4Frt42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknR3tvd_s1cQIdTa3vpKM0nabd7LGXjWR8wb2Nz0N7bHVhMqMAPrwA-pCjnC3xSNf1r8PUCDt9fIkQmn9qHx8dhL62aNtg0L7iFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyffLoxdqMC7wA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDSzmfmLpj7GS1IwLkOi1Phber1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 7E28 35 KB
17 KB 24ms
23ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=42173458;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=OS-8pJ27cx1t80IVWwQfQmE4WHGRqH-1kufqwnY4tw_1RSChZqL51DIQIJOmZt0pv7FqjbP8FygEiuMG4UneOQhh2ON4Isn69w0nsxF19yUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5jm_EH7owHJ888jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=m5D2R0CaQPB42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz10a3Jwkl4uAuOMOqtrwYj_99yHnrX3-Yq41wUtXy3s232WndsyQtExvdq5tkQ8Tp-aJ5PzzvWo-FOZ5nJE5k3ngOHYsb569ZdmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyUT9ubrsFdb5A7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDZ7UVDpnb5VfPKEpU4M09Dver1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 047A 35 KB
17 KB 25ms
24ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=41071221;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=uSV1xgGdzQve78zuYfx_tRDUu3ycOTSsVP-ADR8QenmrZ3Fb8oPKTPe--5-00Wf9U-B_lc3YSvlAzWIz_Hq64XyJDl13L8YgdAV0rcbm9doFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5gFj3SdCdK4k88jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=Rac_1Yf_kd542u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTvMejHOdxhNU9zZjyqtz6ozH4m33C6wV6W3ouUMgVeqI2YrOd1yOCopOxDvrEfFBGicnpwgINImTU1vRRh-jKvNNUggE0_YkFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyeoitXcusxSgA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDcA-LMOEbEeY7gH3CiRILsfer1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 230A 52 KB
17 KB 3317ms
9ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1653126
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=69a1ae274eff659621cc5da174992f8b3&cb=5820761621910813239
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://runwaff.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=2856234407030238743; anj=dTM7k!M4/8CxrEQF']wIg2GU$g5^+v!A#FH.CK$wNya!tNhToxBrR`v; icu=ChgI44kuEAoYASABKAEwnsqxhQY4AUABSAEKGAjYpkQQChgCIAIoAjCeyrGFBjgCQAJIAgoYCIbzZBAKGAEgASgBMJ3KsYUGOAFAAUgBEJ7KsYUGGAM.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Wed, 26 May 2021 02:46:59 GMT
Date: Tue, 25 May 2021 02:46:57 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 61A3 35 KB
17 KB 44ms
42ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=42668740;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=ZPkCbhmZbT_Sam2xq9o2NCaX2nwXAYytIwu2YCMks6WetEjMx1R1ZXXN1_IoWoCT9ccQe0Fk6CcpvpkjNWsolvkpcmuh4P_Ki-2NZx3GH7cFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5irtBj2g3LIFs8jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=UboeEUUWZ8B42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTxQfLXoDWXfv1euo7mBLg5_Ih_9onTnKlhd-mQT0X9GaZrvfOM9I3E6VuXf9kFnS5GicGAJ9fmRsqtXApkEPB6GTZOZuzmhWxmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfDBcvVKbR2MA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDRcihOQ3dLyuIi1y0VlSJGXer1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame B4A2 35 KB
17 KB 44ms
42ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=45412308;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=G4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=uP9_xzm7p3gWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJGDRnenwf3ZOIZbwXk0NHvEGaRriKBgaK1upDjbA2t0vzcGsEcX2GvCO8nle1gh-LiD_96yP7hgsc-1Vp63gCqmo_iQpYtm7B4N_y1mXCcha3Qz0iQZiugfOTp_vwujtosuJwHiM67O1Itc1mWY_0sN0;pui=CQ8Cld2Xq9y0edKP5QUkDYxnuiJPnpfrSEjv6iMURvjer1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame DFFE 35 KB
17 KB 44ms
42ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=45412305;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=sqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=UboeEUUWZ8AWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJH5G_uilC9X4banfSWfV8AZMdRrf00n8DLOdLjvvTD1yp-rhaUcjVvvDVfBLjP206BX-kYC9z2tMxAT98iFLS6SrjaTfJn5JLAN_y1mXCcha3Qz0iQZiugfOTp_vwujtotdNmOES7cPo4tc1mWY_0sN0;pui=CQ8Cld2Xq9y0edKP5QUkDTw85nQIa015X8nmRTPhshjer1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 9FF2 1 KB
2 KB 44ms
39ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=45412305;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=vaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=s-5eOzQiG9IWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJESVOGlKxVv4DJDaNdbF2O1ojOcYwZJEop5nPdkSJb_5TIQ-27oYVOZIwBn6iFaMVNe3TqjW_zwxRjtddMWjjovOzIDDkh2KaQN_y1mXCcha3Qz0iQZiugfOTp_vwujtouxNaghpv4V744e8FXsaC100;pui=CQ8Cld2Xq9y0edKP5QUkDU6j5OjiPnXP33brx1n1qOfer1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

6d3b4355053f8b1c2214f5012ce3f0002cf4f41a51d1ca2c6ec33115d299e258

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1311
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 9FF2 58 KB
24 KB 47ms
43ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

pixel
cm.adform.net/ Frame 9FF2
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=adform&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=93&user_id=a442fbe8-bdb4-4220-808c-55a86f50264b&expires=30&ssp=adform&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21}
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

43 B
162 B

23ms
23ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/counter?i=u1dvjpo9e55sy80hm5&a=d76c2da8c12daa85f1437d954f94f8843&cb=6061601621910813241
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
date: Tue, 25 May 2021 02:46:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame 9FF2
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

22ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/counter?i=u1dvjpo9e55sy80hm5&a=d76c2da8c12daa85f1437d954f94f8843&cb=6061601621910813241
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.153:80
AN-X-Request-Uuid: 2bd93e52-cc68-4351-80b9-4690dddd22ca
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 9FF2
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

43 B
162 B

28ms
26ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Requested by: Host: runwaff.com
URL: https://runwaff.com/counter?i=u1dvjpo9e55sy80hm5&a=d76c2da8c12daa85f1437d954f94f8843&cb=6061601621910813241
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2997
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame DDDF 0
103 B 1422ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiYzUzNzJlNmMtNGNkOS00NmUyLWJmYjAtNzMzOWNiNjRmODdlIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiQVBQTkVYVVMifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsInNpemVzIjpbeyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5MjU2OWZkZDFkZDM2OCIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MjYwMjgyMzExMDA1NTUsInNpemUiOnsid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9LCJ0aW1lVG9SZXNwb25kIjoxNjEsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiQURGT1JNIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJpZCI6IjkyNTY5ZmRkMWRkMzY4Iiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAuMDUyNjAyODIzMTEwMDU1NSwic2l6ZSI6eyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH0sInRpbWVUb1Jlc3BvbmQiOjE2MSwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX1dLCJ3aW5uZXJzIjpbXX19XX0%3D&id=c5372e6c-4cd9-46e2-bfb0-7339cb64f87e&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:55 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame DDDF 0
103 B 1453ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjkyNTY5ZmRkMWRkMzY4IiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=c5372e6c-4cd9-46e2-bfb0-7339cb64f87e&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:56 GMT
Server: nginx

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 17F0 35 KB
17 KB 46ms
44ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=37319546;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=PZgxFyI_q7DG566n0y3OElk1KHZetUlbh2lnQ7bHirSf9tx0Bry-sCxEfOinBGUBknVjfcNolpF5l-oNR9nd4q-L1jCcJ1QnmX53ZYzR6LIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hbMlLUKNDI7M8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=JrIsYnOFaJ942u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz1RcEAhpSr81T2cuj3ZpoifWlv-U0VLenhZbYlBTiNT-6uFwuax6ujvkrnQrIWsbmM6uc85TbACpfeBxJFhnv5kq_5cc2wgkBJmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfrHhprnKquDA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDXqEaR73K3PlqGT_KVhRjhHer1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 b15.png
platform.bidgear.com/media/img/ Frame 6243 6 KB
6 KB 35ms
35ms Image
image/png 2606:4700:20::ac43:4a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.bidgear.com/media/img/b15.png
Requested by: Host: platform.bidgear.com
URL: https://platform.bidgear.com/async.php?domainid=1042&sizeid=2&zoneid=2125&k=5c00c68a67ca2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71529d12a50c366935078936f9533606bff2f00e195f62a78772cca16b7ca247

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 280159
cf-request-id: 0a4304176f00001f317e922000000001
last-modified: Thu, 20 Aug 2020 03:15:55 GMT
server: cloudflare
etag: W/"5f3deaeb-17f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lPervqiKMYmEimh4H9rxWzkFawKwt2RIxozY%2B57MOWkHhXniPNlCML3AtFvmd9pgB0i7nWnZ7C0HqkcwItKtq2xaGek5q4GWDo6tC%2F2hx4jVe98E1GHscUnPS53ygVqidx%2B7Bqd3Lx49OYEsDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 654b6f9f1a9d1f31-FRA
expires: Sun, 23 May 2021 00:46:50 GMT

GET
H2 200 bebi_v3.js Show response
st.bebi.com/ Frame 6243 133 KB
46 KB 1114ms
38ms Script
application/javascript 104.22.72.85
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.bebi.com/bebi_v3.js
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.72.85 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad05740966a78657cf685251d6aea88a1e8f9df8355707c82bd727d62133011f

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2352
x-guploader-uploadid: ABg5-UxMmxbRU-MYRFVwS5LVVVrsKrNq9EohFZs3iS8EgN3vFptc6hV6Xj_V3xfbTRdW0Rt5EQfwh1fVx_htjZcBodPvZcBJLQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a43041ba90000edafd096d000000001
last-modified: Wed, 12 Aug 2020 11:05:22 GMT
server: cloudflare
etag: W/"b6d6e376249643484befd7522dde34d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=lRAK1w==, md5=ttbjdiSWQ0hL79dSLd400g==
x-goog-generation: 1597230322238727
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 136055
cf-ray: 654b6fa5da84edaf-CDG
expires: Tue, 25 May 2021 03:07:43 GMT

GET
H2 200 rec
imp9.bidgear.com/ Frame 6243 599 B
980 B 117ms
116ms Image
image/jpeg 2606:4700:20::ac43:4a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imp9.bidgear.com/rec?t=1&z=2125&uuid=fc8a8b2442a94b69ad06a0437a2098e7&p=29&g=DE&token=4a4433543251483336527837773277323132356663386138623234343261393462363961643036613034333761323039386537d41d8cd98f00b204e9800998ecf8427e
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=3191181510d1c5163e53c1097b6d94291&cb=3371671621910813240
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28

Request headers

Referer: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=3191181510d1c5163e53c1097b6d94291&cb=3371671621910813240
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6sLt%2BW80Y%2B%2BFYQmysdNXdrB9RFdLdUskcGwjssel9C2iOX%2BSnKlnzaJubYfxRmLAdD9Zuy%2F3mhrhVkKTGAYKQYWxIVxaOzGdVlx2bdZW9%2FsTRg8lWUkyL8mHCHpGrY6MRfZASQF%2BAtS2"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cf-ray: 654b6f9f1a9e1f31-FRA
content-length: 599
cf-request-id: 0a4304176f00001f314f991000000001

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame BC8A 1 KB
2 KB 33ms
27ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=44025169;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=vaoHHWsZTCwF8VODAGusMMKIHjxpxaZOqAOHp68jmCDdTX4wGFiO5jn-YWpYMCHI8ORw6pRYdpZ3hjplprb5hKZW4sSl2RG2VPWL_jHUNVkFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5gvbkFBuf75ic8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=dlI7jPdZmP142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknToqs-kab8x1Z49sKFH88Iso7DuOl7L7qEIzdL0z2b7g_goOzn5CwcdjdjhozzwJrogzS93cDUI6taI3fDp8O7ChsTnwbpdKodmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyTwuoksXVO3DA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDZCW_Ck1jA7RcvU6a83j6vXer1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

15cf292fcb58339c782193bb837a91f730f40c195861fc40edb3214f8ec5baef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1325
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame BC8A 58 KB
24 KB 40ms
36ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

pixel
cm.adform.net/ Frame BC8A
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=adform&ssp_user_id=96763ec5-fa40-4a5c-bb69-98d62a1b94bd
https://x.bidswitch.net/sync?dsp_id=74&&user_id=180896460&expires=5&ssp=adform
https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1

43 B
162 B

27ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=8fea93fb728874b1628b7aac65a76abf3&cb=0112131621910813244
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

location: //cm.adform.net/pixel?adform_pid=3&adform_pc=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&adform_v=1
date: Tue, 25 May 2021 02:46:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.adform.net/ Frame BC8A
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

24ms
23ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=8fea93fb728874b1628b7aac65a76abf3&cb=0112131621910813244
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.40:80
AN-X-Request-Uuid: f0eccaed-f222-4fc0-b3dd-11a011da890f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame BC8A
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

43 B
162 B

24ms
23ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=8fea93fb728874b1628b7aac65a76abf3&cb=0112131621910813244
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2996
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame E42A 0
103 B 1475ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiOGU0NDU0MGEtYjUwNi00ZDA0LTkwYmMtNDhjNmVkY2I3M2U1IiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBREZPUk0ifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTgyOTI2ODVfcmVhZDdkZWFkbHlzaW5zLmNvbV9yb3NfMzAweDI1MCIsInNpemVzIjpbeyJ3aWR0aCI6MzAwLCJoZWlnaHQiOjI1MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5MDMyY2EwY2MwYTc4YyIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MTAwMzg1NTg3ODk3NTQ3LCJzaXplIjp7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfSwidGltZVRvUmVzcG9uZCI6MTM3LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IkFERk9STSIsInBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwiaWQiOiI5MDMyY2EwY2MwYTc4YyIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjA1MTAwMzg1NTg3ODk3NTQ3LCJzaXplIjp7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfSwidGltZVRvUmVzcG9uZCI6MTM3LCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=8e44540a-b506-4d04-90bc-48c6edcb73e5&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:56 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame E42A 0
103 B 1504ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjkwMzJjYTBjYzBhNzhjIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=8e44540a-b506-4d04-90bc-48c6edcb73e5&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:56 GMT
Server: nginx

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame DE47 1 KB
2 KB 50ms
16ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=42105127;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=G4qFVpeIihY1Tld3-rYkbYD9S62FUBA4f7ZOQZsmwm2u8mjPYb4ssYyAe0wTDlRbjzQwCJjw2mLU8CBximHKJxEaZtV_h-rDzdaqwHE1PFUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iJBY2EoMekUM8jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=VJrxeDkysT142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz3lkrzn4reXiEPvK1F9wo1E67ubxWiqsr44Lv8IRZDsMjoXddBNQ99zc7Ob1Yb6O6HklbpbhGQAk-4PWCxBWUyh1h_bivVkdqNmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyT2OuTp6Hi7nA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDe2mzb7r3T921lRh0OH4kPner1pltXZUmg2;

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4bf2dd6e5853b05eedfbc67dd947ee92616bc771d35c04872573b592883d9823

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1319
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame DE47 58 KB
24 KB 35ms
33ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 15:01:38 GMT
server: nginx
etag: W/"609d3f52-e80f"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

sync
x.bidswitch.net/ Frame DE47
Redirect Chain

https://x.bidswitch.net/sync?ssp=adform
https://ums.acuityplatform.com/bum?tpid=29&uid=96763ec5-fa40-4a5c-bb69-98d62a1b94bd&bidswitch_ssp_id=adform
https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

43 B
145 B

9ms
9ms

Image
image/gif

3.124.165.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.165.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://x.bidswitch.net/sync?dsp_id=236&user_id=581270858943&expires=30&user_group=1&ssp=Adform

GET
H2

200

pixel
cm.adform.net/ Frame DE47
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d16%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743

43 B
162 B

23ms
23ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.46:80
AN-X-Request-Uuid: cd5a92bf-d7b8-43b8-9036-94be23b5523c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.adform.net/pixel?adform_pid=16&adform_pc=2856234407030238743
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame DE47
Redirect Chain

https://match.adsby.bidtheatre.com/adformmatch?adform_id=AUID&return_url=https%3a%2f%2fcm.adform.net%2fpixel%3fadform_pid%3d18%26adform_pc%3d$UID
https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0

43 B
162 B

23ms
22ms

Image
image/gif

37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Requested by: Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS: s1.adform.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Tue, 12 Jul 2016 13:47:50 GMT
server: nginx
accept-ranges: bytes
etag: "5784f506-2b"
content-length: 43
content-type: image/gif

Redirect headers

Location: https://cm.adform.net/pixel?adform_pid=18&adform_pc=1350c320-eb5b-4b03-ab4a-ef7c9996f7a0
Date: Tue, 25 May 2021 02:46:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2995
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 9F0A 0
103 B 1533ms
32ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiYWYzYTExNzMtYjczOS00ZDU0LTk2ZTMtOGFmMzQ4YWM1NDE4IiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiQURGT1JNIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fSx7InBsYWNlbWVudENvZGUiOiIxODI5MjY4NV9yZWFkN2RlYWRseXNpbnMuY29tX3Jvc18zMDB4MjUwIiwic2l6ZXMiOlt7IndpZHRoIjozMDAsImhlaWdodCI6MjUwfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiQURGT1JNIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJpZCI6IjllOTRlZTNhNzE2NjVkIiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAuMDUxMDAzODU1ODc4OTc1NDcsInNpemUiOnsid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9LCJ0aW1lVG9SZXNwb25kIjoxNTAsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiQURGT1JNIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAiLCJpZCI6IjllOTRlZTNhNzE2NjVkIiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAuMDUxMDAzODU1ODc4OTc1NDcsInNpemUiOnsid2lkdGgiOjMwMCwiaGVpZ2h0IjoyNTB9LCJ0aW1lVG9SZXNwb25kIjoxNTAsImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=af3a1173-b739-4d54-96e3-8af348ac5418&part=0&on=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:56 GMT
Server: nginx

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 9F0A 0
103 B 1564ms
31ms Image
text/plain 54.195.253.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjllOTRlZTNhNzE2NjVkIiwicGxhY2VtZW50Q29kZSI6IjE4MjkyNjg1X3JlYWQ3ZGVhZGx5c2lucy5jb21fcm9zXzMwMHgyNTAifQ%3D%3D&id=af3a1173-b739-4d54-96e3-8af348ac5418&won=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.195.253.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-253-131.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 25 May 2021 02:46:56 GMT
Server: nginx

GET
H/1.1 200
OK 1537884-15.js Show response
smarttag.rubiconproject.com/a/17210/304582/ Frame CA8A 2 KB
2 KB 174ms
164ms Script
text/javascript 213.19.162.41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://smarttag.rubiconproject.com/a/17210/304582/1537884-15.js?&cb=0.230173935002975&tk_st=1&rp_s=c&p_screen_res=1600x1200&ad_slot=304582_15&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/17210.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.41 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 3337d4a9320375da050ce2c25805112a72a42a3a8d30ef789a0c6a383a864df2

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:54 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Keep-Alive: timeout=5
Content-Length: 1196
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 5DA6 6 KB
4 KB 25ms
23ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=45218947;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=G4qFVpeIihbq29qpQygQjfeMYSeh6c3E3RDG_Di5lbZ8U__CyPwZA4yAe0wTDlRbRhY7XEFMtzJjUTzeejJMYACxeP9ephrk5jVrJ45sNIUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iAGelWOrzKxc8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=sBo34bq4Frt42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknR3tvd_s1cQIdTa3vpKM0nabd7LGXjWR8wb2Nz0N7bHVhMqMAPrwA-pCjnC3xSNf1r8PUCDt9fIkQmn9qHx8dhL62aNtg0L7iFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyffLoxdqMC7wA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDSzmfmLpj7GS1IwLkOi1Phber1pltXZUmg2;;js=1;adfxid=1x;8317;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a3c8a18c3c4b380011fd8cb5d3d6f4e36d49b5246ccaf5a430c47b1ffd258504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3396
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 7E28 7 KB
4 KB 24ms
23ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=42173458;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=OS-8pJ27cx1t80IVWwQfQmE4WHGRqH-1kufqwnY4tw_1RSChZqL51DIQIJOmZt0pv7FqjbP8FygEiuMG4UneOQhh2ON4Isn69w0nsxF19yUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5jm_EH7owHJ888jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=m5D2R0CaQPB42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz10a3Jwkl4uAuOMOqtrwYj_99yHnrX3-Yq41wUtXy3s232WndsyQtExvdq5tkQ8Tp-aJ5PzzvWo-FOZ5nJE5k3ngOHYsb569ZdmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyUT9ubrsFdb5A7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDZ7UVDpnb5VfPKEpU4M09Dver1pltXZUmg2;;js=1;adfxid=2x;3850;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7b7f3cb4de673102f820d0d243ac154df53327583b2ad221052d4ee43e13a15b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3421
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 047A 6 KB
4 KB 23ms
23ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=41071221;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=uSV1xgGdzQve78zuYfx_tRDUu3ycOTSsVP-ADR8QenmrZ3Fb8oPKTPe--5-00Wf9U-B_lc3YSvlAzWIz_Hq64XyJDl13L8YgdAV0rcbm9doFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5gFj3SdCdK4k88jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=Rac_1Yf_kd542u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTvMejHOdxhNU9zZjyqtz6ozH4m33C6wV6W3ouUMgVeqI2YrOd1yOCopOxDvrEfFBGicnpwgINImTU1vRRh-jKvNNUggE0_YkFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyeoitXcusxSgA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDcA-LMOEbEeY7gH3CiRILsfer1pltXZUmg2;;js=1;adfxid=3x;5460;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d9b2a4f1389c687abccf8e956ac54443f2fe55154ab0515ecdde430290831d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3385
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame B4A2 8 KB
4 KB 33ms
22ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=45412308;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=G4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=uP9_xzm7p3gWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJGDRnenwf3ZOIZbwXk0NHvEGaRriKBgaK1upDjbA2t0vzcGsEcX2GvCO8nle1gh-LiD_96yP7hgsc-1Vp63gCqmo_iQpYtm7B4N_y1mXCcha3Qz0iQZiugfOTp_vwujtosuJwHiM67O1Itc1mWY_0sN0;pui=CQ8Cld2Xq9y0edKP5QUkDYxnuiJPnpfrSEjv6iMURvjer1pltXZUmg2;;js=1;adfxid=4x;5630;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9bf6ebdad81726c7784e2faf29949ffcc2c580333168135ecdef285bcbfb97ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3512
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 61A3 6 KB
4 KB 33ms
23ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=42668740;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=ZPkCbhmZbT_Sam2xq9o2NCaX2nwXAYytIwu2YCMks6WetEjMx1R1ZXXN1_IoWoCT9ccQe0Fk6CcpvpkjNWsolvkpcmuh4P_Ki-2NZx3GH7cFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5irtBj2g3LIFs8jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=UboeEUUWZ8B42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTxQfLXoDWXfv1euo7mBLg5_Ih_9onTnKlhd-mQT0X9GaZrvfOM9I3E6VuXf9kFnS5GicGAJ9fmRsqtXApkEPB6GTZOZuzmhWxmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfDBcvVKbR2MA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDRcihOQ3dLyuIi1y0VlSJGXer1pltXZUmg2;;js=1;adfxid=5x;3874;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

42ff00d1b71deabe8b09e61bd4f9d6affe005776c7b7e1ab99dbad0dc7696913

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3394
expires: -1

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 9FF2 35 KB
17 KB 34ms
25ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=45412305;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=vaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=s-5eOzQiG9IWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJESVOGlKxVv4DJDaNdbF2O1ojOcYwZJEop5nPdkSJb_5TIQ-27oYVOZIwBn6iFaMVNe3TqjW_zwxRjtddMWjjovOzIDDkh2KaQN_y1mXCcha3Qz0iQZiugfOTp_vwujtouxNaghpv4V744e8FXsaC100;pui=CQ8Cld2Xq9y0edKP5QUkDU6j5OjiPnXP33brx1n1qOfer1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame BC8A 35 KB
17 KB 34ms
26ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=44025169;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=vaoHHWsZTCwF8VODAGusMMKIHjxpxaZOqAOHp68jmCDdTX4wGFiO5jn-YWpYMCHI8ORw6pRYdpZ3hjplprb5hKZW4sSl2RG2VPWL_jHUNVkFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5gvbkFBuf75ic8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=dlI7jPdZmP142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknToqs-kab8x1Z49sKFH88Iso7DuOl7L7qEIzdL0z2b7g_goOzn5CwcdjdjhozzwJrogzS93cDUI6taI3fDp8O7ChsTnwbpdKodmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyTwuoksXVO3DA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDZCW_Ck1jA7RcvU6a83j6vXer1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame DFFE 8 KB
4 KB 29ms
23ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=45412305;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=sqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=UboeEUUWZ8AWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJH5G_uilC9X4banfSWfV8AZMdRrf00n8DLOdLjvvTD1yp-rhaUcjVvvDVfBLjP206BX-kYC9z2tMxAT98iFLS6SrjaTfJn5JLAN_y1mXCcha3Qz0iQZiugfOTp_vwujtotdNmOES7cPo4tc1mWY_0sN0;pui=CQ8Cld2Xq9y0edKP5QUkDTw85nQIa015X8nmRTPhshjer1pltXZUmg2;;js=1;adfxid=6x;680;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e6b97f70eb5e035264d86122b1589d3402806e41c33989aecbd767acf396c7fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3503
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 17F0 6 KB
4 KB 28ms
23ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=37319546;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=PZgxFyI_q7DG566n0y3OElk1KHZetUlbh2lnQ7bHirSf9tx0Bry-sCxEfOinBGUBknVjfcNolpF5l-oNR9nd4q-L1jCcJ1QnmX53ZYzR6LIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hbMlLUKNDI7M8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=JrIsYnOFaJ942u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz1RcEAhpSr81T2cuj3ZpoifWlv-U0VLenhZbYlBTiNT-6uFwuax6ujvkrnQrIWsbmM6uc85TbACpfeBxJFhnv5kq_5cc2wgkBJmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfrHhprnKquDA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDXqEaR73K3PlqGT_KVhRjhHer1pltXZUmg2;;js=1;adfxid=7x;9953;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

57547478e96be0120a2ccf1d357b94f46e7186e73be8dbdce9189bb458479975

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3374
expires: -1

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame DE47 35 KB
17 KB 26ms
25ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=42105127;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=G4qFVpeIihY1Tld3-rYkbYD9S62FUBA4f7ZOQZsmwm2u8mjPYb4ssYyAe0wTDlRbjzQwCJjw2mLU8CBximHKJxEaZtV_h-rDzdaqwHE1PFUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iJBY2EoMekUM8jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=VJrxeDkysT142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz3lkrzn4reXiEPvK1F9wo1E67ubxWiqsr44Lv8IRZDsMjoXddBNQ99zc7Ob1Yb6O6HklbpbhGQAk-4PWCxBWUyh1h_bivVkdqNmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyT2OuTp6Hi7nA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDe2mzb7r3T921lRh0OH4kPner1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame B4A2 36 KB
12 KB 44ms
23ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fb101fbfb40f627db5860971a51fd80a9384f0630af3db4eefd351ef04d2c35

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=U/Ax7w==, md5=xOpZ1cY5A1Y5taJ1VeQlsg==
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 34542
x-guploader-uploadid: ABg5-UyJ_H9nQC34LamJpDHH9NslyUGgt2HnpLy1C0xOavSHXN7zyRoned3kjTrQ0bqTQNn9WKIYCJM2Qp8c_zdjmPWl_ashQA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430418130000d6b105984000000001
last-modified: Thu, 06 May 2021 17:10:38 GMT
server: cloudflare
etag: W/"c4ea59d5c639035639b5a27555e425b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LOFevK4fOYGoVpaw%2Fmkd4v6uXWdyxsJfTiE9Ts1u2heHRqoXf8izFb2JZpt7ZwtUVtUgr2ypSnxFMzYOfAmPv436gAcsOdV6cISuU6qgu4H6sBn2xjBn6C3wMFEAxnz2"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321038772018
content-type: application/javascript; charset=utf-8
expires: Mon, 24 May 2021 17:11:12 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12030
cf-ray: 654b6fa01fcdd6b1-FRA
cf-bgj: minify

POST
H2 200 /
track.adform.net/csimpr/ Frame B4A2 35 B
466 B 33ms
31ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=45412308&csi=fVFSJ-H0PXKIasHIHWr6zELGRxLF8_IqPhopAHSsJosJDwKV3Zer3LR50o_lBSQNxnAF50w4D9bhVO0qk-LCjjhM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame DFFE 36 KB
12 KB 37ms
23ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fb101fbfb40f627db5860971a51fd80a9384f0630af3db4eefd351ef04d2c35

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=U/Ax7w==, md5=xOpZ1cY5A1Y5taJ1VeQlsg==
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 34542
x-guploader-uploadid: ABg5-UyJ_H9nQC34LamJpDHH9NslyUGgt2HnpLy1C0xOavSHXN7zyRoned3kjTrQ0bqTQNn9WKIYCJM2Qp8c_zdjmPWl_ashQA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430418140000d6b1b69aa000000001
last-modified: Thu, 06 May 2021 17:10:38 GMT
server: cloudflare
etag: W/"c4ea59d5c639035639b5a27555e425b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=UxUSXN2pTmtquUJoT8efyXvIjBwM9sj6%2FEOQKW8OB82dxDFh0oHuJK3kCkPFfUVMeE0PWjnJAOxZ77JulNe4IKMWmMyHV%2FLgHAhkuR5nC6dYSbq0uS3UKBy1KAc2YtUj"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321038772018
content-type: application/javascript; charset=utf-8
expires: Mon, 24 May 2021 17:11:12 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12030
cf-ray: 654b6fa01fced6b1-FRA
cf-bgj: minify

POST
H2 200 /
track.adform.net/csimpr/ Frame DFFE 35 B
466 B 25ms
23ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=45412305&csi=lU300wcIPNL7F570Cen3DlyTuYRcdj02PhopAHSsJosJDwKV3Zer3LR50o_lBSQN8xdVsnr1f85K5aXC57h3FDhM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 9FF2 8 KB
4 KB 26ms
21ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=45412305;rtbwp=L71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0;rtbdata=vaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=s-5eOzQiG9IWcRYtgUbgFIThgRpvNes-pOaDzklUtlnDicanVaun8yK7nJzVyI2SnZUztml8IJESVOGlKxVv4DJDaNdbF2O1ojOcYwZJEop5nPdkSJb_5TIQ-27oYVOZIwBn6iFaMVNe3TqjW_zwxRjtddMWjjovOzIDDkh2KaQN_y1mXCcha3Qz0iQZiugfOTp_vwujtouxNaghpv4V744e8FXsaC100;pui=CQ8Cld2Xq9y0edKP5QUkDU6j5OjiPnXP33brx1n1qOfer1pltXZUmg2;;js=1;adfxid=8x;5467;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

881c28f0bb190ad240873ff5e6bc92cfc7614a9cde673076db7286558af0c2b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3520
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame BC8A 6 KB
4 KB 39ms
22ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=44025169;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=vaoHHWsZTCwF8VODAGusMMKIHjxpxaZOqAOHp68jmCDdTX4wGFiO5jn-YWpYMCHI8ORw6pRYdpZ3hjplprb5hKZW4sSl2RG2VPWL_jHUNVkFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5gvbkFBuf75ic8jpZdvtK7yM8o70tRRicjmiUtjwUGSvMVmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=dlI7jPdZmP142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknToqs-kab8x1Z49sKFH88Iso7DuOl7L7qEIzdL0z2b7g_goOzn5CwcdjdjhozzwJrogzS93cDUI6taI3fDp8O7ChsTnwbpdKodmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyTwuoksXVO3DA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDZCW_Ck1jA7RcvU6a83j6vXer1pltXZUmg2;;js=1;adfxid=9x;2032;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ebcac200adeb2ac33b8b32b09ffe49e56b3fe4a3d77b56e87eecf8913779931f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3392
expires: -1

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame DE47 6 KB
4 KB 25ms
22ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=42105127;rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0;rtbdata=G4qFVpeIihY1Tld3-rYkbYD9S62FUBA4f7ZOQZsmwm2u8mjPYb4ssYyAe0wTDlRbjzQwCJjw2mLU8CBximHKJxEaZtV_h-rDzdaqwHE1PFUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iJBY2EoMekUM8jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0;;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=VJrxeDkysT142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz3lkrzn4reXiEPvK1F9wo1E67ubxWiqsr44Lv8IRZDsMjoXddBNQ99zc7Ob1Yb6O6HklbpbhGQAk-4PWCxBWUyh1h_bivVkdqNmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyT2OuTp6Hi7nA7z_uuw_WOM1;pui=CQ8Cld2Xq9y0edKP5QUkDe2mzb7r3T921lRh0OH4kPner1pltXZUmg2;;js=1;adfxid=10x;7780;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

27cc24ac6c6cde86f5b99575f817426d7224464fe19e98c29dd83392e1272a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3395
expires: -1

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 5DA6 85 KB
36 KB 28ms
25ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 021d67b4bdc29f3ac8f0b5187e24048857dd7380870f1b91dc4ca8ddeaac5607

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 05:35:01 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 7E28 85 KB
36 KB 31ms
27ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 021d67b4bdc29f3ac8f0b5187e24048857dd7380870f1b91dc4ca8ddeaac5607

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 05:35:01 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 047A 85 KB
36 KB 32ms
29ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 021d67b4bdc29f3ac8f0b5187e24048857dd7380870f1b91dc4ca8ddeaac5607

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 05:35:01 GMT

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:types/ Frame B4A2 33 KB
14 KB 30ms
30ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 1fd886d6575164e4f090fb066e1ac4667ee40d1ee7ba2b2283fb71ec6e4cc5cc

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:22:59 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 61A3 85 KB
36 KB 30ms
29ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 021d67b4bdc29f3ac8f0b5187e24048857dd7380870f1b91dc4ca8ddeaac5607

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 05:35:01 GMT

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:types/ Frame DFFE 33 KB
14 KB 42ms
42ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 1fd886d6575164e4f090fb066e1ac4667ee40d1ee7ba2b2283fb71ec6e4cc5cc

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:22:59 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 17F0 85 KB
36 KB 43ms
42ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 021d67b4bdc29f3ac8f0b5187e24048857dd7380870f1b91dc4ca8ddeaac5607

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 05:35:01 GMT

GET
H2 200 /
cm.steepto.com/setmuidn/ Frame 934B 0
208 B 430ms
138ms Image
image/gif 104.19.138.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.steepto.com/setmuidn/?muidf=l4oS85br5NKj
Requested by: Host: ww3.read7deadlysins.com
URL: https://ww3.read7deadlysins.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.138.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cf-ray: 654b6fa228f932b6-CDG
content-length: 0
cf-request-id: 0a43041956000032b6d2beb000000001

GET
H3-29 200 r62eglto.js Show response
ad4m.at/ Frame 9FF2 36 KB
12 KB 43ms
32ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fb101fbfb40f627db5860971a51fd80a9384f0630af3db4eefd351ef04d2c35

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=U/Ax7w==, md5=xOpZ1cY5A1Y5taJ1VeQlsg==
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 34542
x-guploader-uploadid: ABg5-UyJ_H9nQC34LamJpDHH9NslyUGgt2HnpLy1C0xOavSHXN7zyRoned3kjTrQ0bqTQNn9WKIYCJM2Qp8c_zdjmPWl_ashQA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a4304183c0000177e968f8000000001
last-modified: Thu, 06 May 2021 17:10:38 GMT
server: cloudflare
etag: W/"c4ea59d5c639035639b5a27555e425b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=CFUvlPgynrvwceidLeqEAwxXl5yB0yGGKaY9R8Y1noAgfVWBgqXsmFmIolGJkckNAayjb%2F6MqK7Zn39i%2BpKPpRhK3ytSK4JBJ557m5LtxF4Ik%2BbGdaAJ36egMLXngXs6"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321038772018
content-type: application/javascript; charset=utf-8
expires: Mon, 24 May 2021 17:11:12 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12030
cf-ray: 654b6fa05aee177e-FRA
cf-bgj: minify

POST
H2 200 /
track.adform.net/csimpr/ Frame 9FF2 35 B
466 B 23ms
22ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=45412305&csi=ro7frMCHH3BWX1eCHCDVxlkeRXn5YZGCPhopAHSsJosJDwKV3Zer3LR50o_lBSQNLOZ-YumPsZKmiJT9WMP3xzhM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame A8D3 2 KB
2 KB 21ms
18ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Tue, 25 May 2021 03:46:54 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 107458
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a4304184a0000177e0ab30000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tsC5BMGFXd9hfBcSr7eT02D7DWwj5%2FT4Zlp0K3wvHd6%2FwMIZFHr0%2FGcTj3CF1JyBrwJYo59DBHVOrL4sq52CNV7oLSQuLODhx%2BR31%2BJzMs0qnBJpP7td%2Fff%2BO2UG3WJj"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 654b6fa07b02177e-FRA
content-encoding: br

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 1F5A 2 KB
2 KB 22ms
20ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Tue, 25 May 2021 03:46:54 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 107458
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a4304185e0000177ea3bd7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sr5BlLOhww83uW9TWZsuXr51RrEM5KaoocXUqz9%2FMeH%2FygvQMEm0gTWDpJB9Z0AENlH8hcm0KrrKVyVud9dhsCKmtjxWTiarz%2Bi4ftc%2F6lbJC47LiimvzypDew5vOAmQ"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 654b6fa09b1c177e-FRA
content-encoding: br

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame CA8A 1 KB
1 KB 22ms
21ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=46051965;rtbwp=FD095DA38919D0EF;rtbdata=eexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1;OOBClickTrack=http://beacon-nf.rubiconproject.com/beacon/v2/t/0/6804596f-db20-4b25-bc2b-5c2363fd6e5a/

Requested by

Host: smarttag.rubiconproject.com
URL: https://smarttag.rubiconproject.com/a/17210/304582/1537884-15.js?&cb=0.230173935002975&tk_st=1&rp_s=c&p_screen_res=1600x1200&ad_slot=304582_15&rp_secure=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c4fb149a043758e7e05dd49e904e01e2f4c2479824151bc4cbde84a0495d6fcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 863
expires: -1

GET
H/1.1 200 6804596f-db20-4b25-bc2b-5c2363fd6e5a
beacon-ams3.rubiconproject.com/beacon/d/ Frame CA8A 43 B
378 B 55ms
13ms Image
image/avif 2602:803:c003:200::57
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/6804596f-db20-4b25-bc2b-5c2363fd6e5a?oo=0&accountId=17210&siteId=304582&zoneId=1537884&sizeId=15&e=6A1E40E384DA563BDC0CC96F7D07676979906F7A0A5211CF7DBD4E13666E2C0B0CF1D94A0108CED5642F4A31D7D2F084B8B520C6696685694A112B3FA0F41335A51AAA4531C200761EA92AE264E2D4782FC4094E1765F1F1E2D69185ED83D58F7FEA325213A3424BEB529D0FD8A712467DE87848D6DDE783B99BA36C83A2EF1FFA7A8C89B82FB18108134E79330163F8D9F5EF3DFEA449C2F0C7E9F0B2DD5C3A5CED6570276C8658C35F3AA2EA0F64836840CAFD33D353D7882FF1FE5F61E269E82A954C1004678A

Requested by

Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

2602:803:c003:200::57 , United States, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:46:53 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: image/avif
Cache-Control: private, max-age=0, no-cache
Connection: keep-alive
Keep-Alive: timeout=60
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: 01 Jan 1970 10:00:00 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 5DA6 35 B
466 B 22ms
21ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=45218947&csi=19yRpotRsWzJVFs1decvX86UnxKON-NhznizZLCKQxUJDwKV3Zer3LR50o_lBSQNDS0CP4jm4nvIfQ2mNs0_qzhM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 44401350.png
s1.adform.net/Banners/44401350/ Frame 5DA6 93 KB
93 KB 21ms
21ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/44401350/44401350.png?bv=2

Requested by

Host: runwaff.com
URL: https://runwaff.com/syncro?i=u1dvjpo9e55sy80hm5&a=59338ab25f27652e7e47e53fbab83cd65&cb=0176411621910813233

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

598487ff2c5dece3c38a8e51802ba4d4f4a0108424350e35b214cd7f96806b64

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Thu, 08 Apr 2021 09:42:50 GMT
server: nginx
etag: "606ed01a-17414"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 95252

POST
H2 200 /
track.adform.net/csimpr/ Frame 7E28 35 B
466 B 22ms
22ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=42173458&csi=1ag1TOcnAKI3dduSV9XMVcxfvzLZIZXIkW0mlJBoOvEJDwKV3Zer3LR50o_lBSQNnWL6sVfg-MkFiGZus0HREDhM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 42147175.png
s1.adform.net/Banners/42147175/ Frame 7E28 24 KB
25 KB 21ms
21ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/42147175/42147175.png?bv=2

Requested by

Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

6de239521ea70aada90cfdb8dc62a42b2c2477815074638fc07c2608e127e310

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Fri, 27 Nov 2020 11:13:21 GMT
server: nginx
etag: "5fc0df51-61e2"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 25058

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:types/ Frame 9FF2 33 KB
14 KB 25ms
24ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 1fd886d6575164e4f090fb066e1ac4667ee40d1ee7ba2b2283fb71ec6e4cc5cc

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:22:59 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame BC8A 85 KB
36 KB 28ms
27ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 021d67b4bdc29f3ac8f0b5187e24048857dd7380870f1b91dc4ca8ddeaac5607

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 05:35:01 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame DE47 85 KB
36 KB 32ms
31ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 021d67b4bdc29f3ac8f0b5187e24048857dd7380870f1b91dc4ca8ddeaac5607

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 05:35:01 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 047A 35 B
466 B 23ms
23ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=41071221&csi=Tk46Ze5dvleJLu09MTwrvm2JLwteaBN2iThF86C_oRwJDwKV3Zer3LR50o_lBSQNdlsEil4N26dmMlfqHQVlNThM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 41326664.png
s1.adform.net/Banners/41326664/ Frame 047A 39 KB
40 KB 44ms
43ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/41326664/41326664.png?bv=2

Requested by

Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=9f8bdfdac88cc4de95ab77e8feb3ba161&cb=7481451621910813232

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a3b93a74fd2b2900ce800a3b460688417f21675f8fe051de5c990b09b04598a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Wed, 21 Oct 2020 09:52:16 GMT
server: nginx
etag: "5f9004d0-9d62"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 40290

POST
H2 200 /
track.adform.net/csimpr/ Frame 61A3 35 B
466 B 23ms
22ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=42668740&csi=K_p0qtNmulLEmcElD3urUolSeP38JqywPa4wdYQIUuAJDwKV3Zer3LR50o_lBSQNSwUdggoCSQnS5WRgoisj-ThM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 42547297.png
s1.adform.net/Banners/42547297/ Frame 61A3 41 KB
41 KB 45ms
44ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/42547297/42547297.png?bv=2

Requested by

Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=1957367064e5b26088677bc61fc98dc05&cb=4564701621910813231

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

6e98283c4e77cee6422b67aac372a613ca467ffda2f21e78beca71dc029c6140

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Fri, 11 Dec 2020 08:37:09 GMT
server: nginx
etag: "5fd32fb5-a33a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 41786

POST
H2 200 /
track.adform.net/csimpr/ Frame 17F0 35 B
466 B 63ms
62ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=37319546&csi=38KNUypKB9XjExUV4XWSQsbxyevbTH9-0tFQ7u8ML9UJDwKV3Zer3LR50o_lBSQNW5vejlWLU9EOPV22-bN_IzhM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 38463323.png
s1.adform.net/Banners/38463323/ Frame 17F0 25 KB
26 KB 40ms
40ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/38463323/38463323.png?bv=2

Requested by

Host: runwaff.com
URL: https://runwaff.com/usync?i=u1dvjpo9e55sy80hm5&a=c875f76156c3307c45687011d2d8e2cf1&cb=1388981621910813236

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8d410bd217dee28743b3f64f21171897ff4845ade84e599da28e9b9032410add

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Wed, 20 May 2020 11:47:05 GMT
server: nginx
etag: "5ec518b9-653d"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 25917

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 94BE 2 KB
2 KB 18ms
17ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Tue, 25 May 2021 03:46:54 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 107458
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a430418ad0000177ef58cd000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=e%2B00chsB2FeL3w%2FBT9DF4ZAwclxfU9OSrrTsjARA2Haxyi%2B5FCYepWjC5ovw%2BOtw%2FX6cXLw4fOtwebt2nrct%2Fd6azoyGiWNmrr7UXrl%2BQxrOYsJB1WlR5j6L0zMwmnXh"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 654b6fa11b7e177e-FRA
content-encoding: br

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame CA8A 35 KB
17 KB 33ms
31ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=46051965;rtbwp=FD095DA38919D0EF;rtbdata=eexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1;OOBClickTrack=http://beacon-nf.rubiconproject.com/beacon/v2/t/0/6804596f-db20-4b25-bc2b-5c2363fd6e5a/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:25:32 GMT

GET
H2 200 frame.html Show response
ad4mat.net/ Frame 3DAC 1 KB
1 KB 31ms
15ms Document
text/html 2606:4700:3032::ac43:aa7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4mat.net/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:aa7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-type: text/html
last-modified: Thu, 12 Apr 2018 07:50:15 GMT
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: HIT
age: 2637
cf-request-id: 0a430418d700004eb03a286000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sdqvPgI85XxdPNfhaJ2MVhkxkKVFLMPw1H9%2Fm5uRA2YxZRGqnXmLLgrhLREJQPiXh4tfx7yMpOAyZn5yt1n5yiBYPfRqyDZPMfLBY8TjEFj13waWXqRV71b1mp0aZT1fQwSN3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 654b6fa15a814eb0-FRA
content-encoding: br

GET
H2 200 frame.html Show response
ad4mat.net/ Frame F382 1 KB
949 B 36ms
20ms Document
text/html 2606:4700:3032::ac43:aa7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4mat.net/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:aa7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
content-type: text/html
last-modified: Thu, 12 Apr 2018 07:50:15 GMT
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: HIT
age: 2637
cf-request-id: 0a430418d700004eb06b3d7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jQ97lr0eSqI8N%2FW%2BUOWSNr3sJgZtZOA6%2Fegb8Ms%2FNKYFwvNAbYkkiD9fDxomSbYV%2BX%2F0EUWkEYWEQ0Cq1dbb4Rr6vyghhscomwuRFkCkhl44%2BejKoQ1kD4l6MZG55iWnkgK5nA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 654b6fa15a824eb0-FRA
content-encoding: br

POST
H2 200 /
track.adform.net/csimpr/ Frame BC8A 35 B
466 B 32ms
30ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=44025169&csi=L9fYGsDBbu44IaUX7hkp11BJd2c_5rxjpwi2Mhi5338JDwKV3Zer3LR50o_lBSQNVVKUsG2GEOMm57IptAVniDhM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 43601094.png
s1.adform.net/Banners/43601094/ Frame BC8A 73 KB
73 KB 23ms
22ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/43601094/43601094.png?bv=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

0891e066d82ad968922f0032fe99e239101e9cabd5740be8e9861d55e9303a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Thu, 18 Feb 2021 09:40:27 GMT
server: nginx
etag: "602e360b-122c0"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 74432

POST
H2 200 /
track.adform.net/csimpr/ Frame DE47 35 B
466 B 50ms
48ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=42105127&csi=lAXESL8VkSsNvNg2BwIZoYHK2onhU9XTVwl3yuLTrIgJDwKV3Zer3LR50o_lBSQNlaebs2jRj6dIY2Bvu6osIDhM5BI1nmY5zmHUS6DXzFQDvP-67D9Y4w2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 42106217.png
s1.adform.net/Banners/42106217/ Frame DE47 66 KB
66 KB 24ms
24ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/42106217/42106217.png?bv=2

Requested by

Host: runwaff.com
URL: https://runwaff.com/user?i=u1dvjpo9e55sy80hm5&a=84cb9494c74b11c9c2dbca056fd5c2803&cb=0801951621910813242

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2b1632b55badd808b7f8d26f2a6267c6941b99cb26165966072ce80a5dc00dc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:54 GMT
last-modified: Wed, 25 Nov 2020 07:42:33 GMT
server: nginx
etag: "5fbe0ae9-10606"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 67078

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame CA8A 6 KB
3 KB 21ms
21ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=46051965;rtbwp=FD095DA38919D0EF;rtbdata=eexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1;oobclicktrack=http%3a%2f%2fbeacon-nf.rubiconproject.com%2fbeacon%2fv2%2ft%2f0%2f6804596f-db20-4b25-bc2b-5c2363fd6e5a%2f;js=1;adfxid=11x;7204;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fww3.read7deadlysins.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

03f37dbd082074567ec2f59602fe0aa634f72fcadded136ddd4f04cfb34e2592

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2615
expires: -1

GET
H3-29 200 frame.html Show response
ad4mat.net/ Frame 12F5 1 KB
1 KB 22ms
12ms Document
text/html 2606:4700:3032::ac43:aa7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4mat.net/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:aa7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-type: text/html
last-modified: Thu, 12 Apr 2018 07:50:15 GMT
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: HIT
age: 2638
cf-request-id: 0a4304191500002b7db738a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3smef2yEoUVDUhQZXToe2SfLs7YVgkdUfl74is6GJG83BmK2FjdMpHcfAUyEvY%2FhjVQSujc%2FxMCwWtg7%2BlEV%2FkeIJv3%2FhEDftkABCFbF8M30yrO3cQlwPpxFxxl1tOxuverauQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 654b6fa1bd5f2b7d-FRA
content-encoding: br

POST
H3-29 200 rs Show response
ad4m.at/ Frame DFFE 1 KB
2 KB 21ms
20ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d98c62f55417af0d5b31d77653c0cbe88585490ac72c5a39b173b4c95f0706f0

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-rvz5
cf-request-id: 0a4304193100003248083c0000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HVWj%2FZ%2Bh%2BcUrQHh1S7lWA29HJLn71KRQsw8gqjGNyixJpN2Q2R%2Bynl8s%2FBBKb%2BRho5e4%2FHY6p20AFH3WY0DlUdxdStxZXi9wvPOXBvr%2FhKthsSV7S4iOARFy5oIfbLMx"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://runwaff.com
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 654b6fa1e8383248-FRA

OPTIONS
H3-29 200 rs
ad4m.at/ Frame 0
0 27ms
19ms Preflight
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3-29
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://runwaff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://runwaff.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: rs-rvz5
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a4304191d00003248f8b23000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=oeV6jGnDRHSsnrV3U1iuGVgMdOxHCSCkW5IEofM3MfSbVEhLGWjmwcFA2RdS164OZMPW8fMsZlQeMNo7FfGdZ%2BW7Yc8ipPnbNNNBCYOaiZofNIJ1b5PeeeTa69bUNSTk"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 654b6fa1c8123248-FRA

POST
H3-29 200 rs Show response
ad4m.at/ Frame B4A2 1 KB
2 KB 30ms
29ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0877f0efe6a70b39312d90f9245d76b4484efbc1aeb9f224dcee315b15571275

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-rvz5
cf-request-id: 0a43041930000032481116b000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=aegtcDIuSEUEvPG4RAuIUkgq1e7GBA%2B1tbhk4FENEiTziFcuXpuopxaRcKzAUR77yH1g9LMpdLKhn1hr8tWOzipKHc2DzbTCM5eAbMMc5XRrIK2RUQWcA%2FXS1A7WNdOo"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://runwaff.com
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 654b6fa1e8363248-FRA

OPTIONS
H3-29 200 rs
ad4m.at/ Frame 0
0 26ms
18ms Preflight
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3-29
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://runwaff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://runwaff.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: rs-rvz5
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a4304191c0000324860a7d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=smX3aI9IAQzysbKdpYrsNFxar2KvAtAcea7fLzeUPm%2BDMg9a6VrVI0JmPe9O95b1%2FytP2zy2FlKVI%2FIcYxwjkLikVLWQDXii%2BiRpFKDD6JGsbM7a0NDTiMVg0LLPHR6R"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 654b6fa1c8153248-FRA

GET
H3-29 200 r62eglto.js Show response
ad4m.at/ Frame CA8A 36 KB
12 KB 17ms
16ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fb101fbfb40f627db5860971a51fd80a9384f0630af3db4eefd351ef04d2c35

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=U/Ax7w==, md5=xOpZ1cY5A1Y5taJ1VeQlsg==
date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 34543
x-guploader-uploadid: ABg5-UyJ_H9nQC34LamJpDHH9NslyUGgt2HnpLy1C0xOavSHXN7zyRoned3kjTrQ0bqTQNn9WKIYCJM2Qp8c_zdjmPWl_ashQA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430419180000177efa839000000001
last-modified: Thu, 06 May 2021 17:10:38 GMT
server: cloudflare
etag: W/"c4ea59d5c639035639b5a27555e425b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fHpnrBJCunN8let2PzKJFs126bTsu%2Fh3IwQZGkE4kj5is%2FqcKlrxBo3O7cbLkxJ%2FqWtACSmXxOOgouHNDhfO7NkjXiMcyOPfAQ3jhukGhHWNPSpa2SEn7nhAoYYfVv1U"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321038772018
content-type: application/javascript; charset=utf-8
expires: Mon, 24 May 2021 17:11:12 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12030
cf-ray: 654b6fa1bc09177e-FRA
cf-bgj: minify

POST
H2 200 /
track.adform.net/csimpr/ Frame CA8A 35 B
466 B 21ms
21ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=46051965&csi=3Ik5JBbg8Or7qKXfLrKQ6aNmv2g7fR79_UjQMQvThmgJDwKV3Zer3LR50o_lBSQNiTfJsHxTbsrkiIGYzD_jumQBbo50IEXs0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:55 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H3-29 200 rs Show response
ad4m.at/ Frame 9FF2 1 KB
2 KB 24ms
24ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 378f3adea9e843d94e73295fe3582335a2b6508104b4e19e1c01f0218a777025

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-rvz5
cf-request-id: 0a4304193f000032488e99a000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=flDorvCjLZmwz0m2GWs23bjaRrEzbaLcyLl%2FIh7RIQGOUPY8TdHh3e0hBqYiF0w1tkhdAGdBH1%2BwxbOLDUKamvdGStrxjdFCTpqNrbztc2LkJC5lrgMCDWpOCQlqb%2Bw5"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://runwaff.com
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 654b6fa1f8453248-FRA

OPTIONS
H3-29 200 rs
ad4m.at/ Frame 0
0 18ms
18ms Preflight
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3-29
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://runwaff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://runwaff.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: rs-rvz5
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a4304192d000032482e3d2000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=aGI%2B5BX3MJ0fvvXQ1uI8laoXw5vPStVxmR%2FdXH4Di%2FPhytAWtgdmDKek4ArITaC9tf75lQ%2F%2BaoBNuNTEE14UoljCneDFkyogpx400ZEd5%2BYbkh2pw85HusPEZYzxjLBw"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 654b6fa1e8313248-FRA

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 6F6A 281 B
554 B 304ms
23ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://runwaff.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: khaos=KP3FTL71-5-74US; rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhLqCtjDNRTpP3Ow53wYOSPWuPRcOUZLLlho/RRR2s2jWpYWSoeROXM3r9QV20o10JuQw19gMkasvdREJwzG6pEKJbU63jTKC3MjDFVf/xlH9h; ses15=304582^1; vis15=304582^1; audit=1|naVuGyos1qrB1FpSeC0jSTA74iiLmcgBIA6FVSLjBqqBIGhoSCxHwoFPVx8XV/mY4HEYI5ehIrVKZ8sN+D1MCtzpQ7vzkXQ/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 May 2021 02:46:55 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 5F28 2 KB
2 KB 28ms
27ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=1ec7e791c6ef79bd1003e2024a8f0abe%2F11814737698229882658&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3Dsqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oQhRQLkAt7Arf7tP55GRygJlWrK0u6IK2caLdAVTuB1saHm1W9MNp_NLx0fnI-txy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazEreEstr761M-htsZ9hfyp-RkKN2gb8JZDnNEcePUX0EoDEtdDRzdaDlfXyXxTzonRr9r15uYFY4-Pwd3O2PDCRwKNkGtVFnPSDbaj6g5kRYaJMPtnZb0DkIBNee2rteoKUGDhRxNMT7cOLRLedj17CrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz579KkDq7bT4mE3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c41c866d6902c5da08e83a63238b985c84e23a5f7d5f25b31db319a1e6f7399

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=1ec7e791c6ef79bd1003e2024a8f0abe%2F11814737698229882658&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3Dsqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oQhRQLkAt7Arf7tP55GRygJlWrK0u6IK2caLdAVTuB1saHm1W9MNp_NLx0fnI-txy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazEreEstr761M-htsZ9hfyp-RkKN2gb8JZDnNEcePUX0EoDEtdDRzdaDlfXyXxTzonRr9r15uYFY4-Pwd3O2PDCRwKNkGtVFnPSDbaj6g5kRYaJMPtnZb0DkIBNee2rteoKUGDhRxNMT7cOLRLedj17CrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz579KkDq7bT4mE3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a4304194a0000d6b1b1202000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 654b6fa20984d6b1-FRA
content-encoding: br

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 3EA8 2 KB
3 KB 20ms
20ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=119116&b=PxqtBfbf4mwGC9HKtrHMtYB6hbt9TP9q&f=bMVSQfZfPRgGFYH5tGH8Cqz4setJT5g3&c=300&d=250&e=&g=8c2dfe61bfd68cd2b598f4a12f236fd5%2F4511513325921262261&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412308%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DG4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DG8C8Y9AL2dISR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oe_RisuYBT5xRGB_YVfjUg-mrZxjDp3m2caLdAVTuB5zRdKnPZMO_2nVn917_uc5y9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazHBBb7JqfFGAGVbZsWw4W5fYEY6FkvemZ38PWgWGGnFg1lE7ZC95ufvSsRebcEwLSdiWhc-7sVIJl0UcCmMQ687orUxo8SA7m-bc70N3p7oQaJMPtnZb0DkIBNee2rteoL5VPxy82Eug035FUk2JcACrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz57aHDxQ2pBj203khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c6a634c293e31ba80145d58b0f31fdb06a74dc097fcbe1bff6164c3da2a0515

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=119116&b=PxqtBfbf4mwGC9HKtrHMtYB6hbt9TP9q&f=bMVSQfZfPRgGFYH5tGH8Cqz4setJT5g3&c=300&d=250&e=&g=8c2dfe61bfd68cd2b598f4a12f236fd5%2F4511513325921262261&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412308%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DG4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DG8C8Y9AL2dISR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oe_RisuYBT5xRGB_YVfjUg-mrZxjDp3m2caLdAVTuB5zRdKnPZMO_2nVn917_uc5y9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazHBBb7JqfFGAGVbZsWw4W5fYEY6FkvemZ38PWgWGGnFg1lE7ZC95ufvSsRebcEwLSdiWhc-7sVIJl0UcCmMQ687orUxo8SA7m-bc70N3p7oQaJMPtnZb0DkIBNee2rteoL5VPxy82Eug035FUk2JcACrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz57aHDxQ2pBj203khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a4304194f0000d6b1be064000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 654b6fa2198bd6b1-FRA
content-encoding: br

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 5FA8 2 KB
2 KB 28ms
28ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=39c5e1359af49312fe31e80fb9b26d96%2F17007975655370622870&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DvaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ2C1u3FmmP9GnS_qTAqfjmBPRMdCKlkmEu2caLdAVTuB_j91a6UboQiZO_bMJ2DSQNy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazlm3Lze6NIuKL7cpn-6RuLv_rt-SikdzH4k-FjhLFUeM-KqfXdtgCVJawW7lOiIlVvPGDPRVBPetZaDJr0hfCWYfRpmkie5oThOHMqFTFsaUaJMPtnZb0DkIBNee2rteo1RXDA0raOzFz5dO7FFtGeBtNBc4oIsBSQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz569SDK4PQehBU3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eab1c2d0f737bc7c297139b39cd025892a87b8b191abc0f3408b2b048279f178

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=39c5e1359af49312fe31e80fb9b26d96%2F17007975655370622870&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DvaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ2C1u3FmmP9GnS_qTAqfjmBPRMdCKlkmEu2caLdAVTuB_j91a6UboQiZO_bMJ2DSQNy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazlm3Lze6NIuKL7cpn-6RuLv_rt-SikdzH4k-FjhLFUeM-KqfXdtgCVJawW7lOiIlVvPGDPRVBPetZaDJr0hfCWYfRpmkie5oThOHMqFTFsaUaJMPtnZb0DkIBNee2rteo1RXDA0raOzFz5dO7FFtGeBtNBc4oIsBSQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz569SDK4PQehBU3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a4304195c0000d6b197367000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 654b6fa22996d6b1-FRA
content-encoding: br

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggLA/i/vCAv.IAAAAAoAA/r:types/ Frame CA8A 33 KB
14 KB 23ms
22ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.206/e/2gSBggLA/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 1fd886d6575164e4f090fb066e1ac4667ee40d1ee7ba2b2283fb71ec6e4cc5cc

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
last-modified: Tue, 04 May 2021 13:03:07 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 26 May 2021 06:04:43 GMT

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.6/one-ad/ Frame 3EA8 59 KB
7 KB 22ms
21ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.6/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119116&b=PxqtBfbf4mwGC9HKtrHMtYB6hbt9TP9q&f=bMVSQfZfPRgGFYH5tGH8Cqz4setJT5g3&c=300&d=250&e=&g=8c2dfe61bfd68cd2b598f4a12f236fd5%2F4511513325921262261&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412308%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DG4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DG8C8Y9AL2dISR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oe_RisuYBT5xRGB_YVfjUg-mrZxjDp3m2caLdAVTuB5zRdKnPZMO_2nVn917_uc5y9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazHBBb7JqfFGAGVbZsWw4W5fYEY6FkvemZ38PWgWGGnFg1lE7ZC95ufvSsRebcEwLSdiWhc-7sVIJl0UcCmMQ687orUxo8SA7m-bc70N3p7oQaJMPtnZb0DkIBNee2rteoL5VPxy82Eug035FUk2JcACrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz57aHDxQ2pBj203khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36ae5665d20b3043d7c330846a2712a01de07cc1a8819d08f306853249a3bb52

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=119116&b=PxqtBfbf4mwGC9HKtrHMtYB6hbt9TP9q&f=bMVSQfZfPRgGFYH5tGH8Cqz4setJT5g3&c=300&d=250&e=&g=8c2dfe61bfd68cd2b598f4a12f236fd5%2F4511513325921262261&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412308%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DG4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DG8C8Y9AL2dISR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oe_RisuYBT5xRGB_YVfjUg-mrZxjDp3m2caLdAVTuB5zRdKnPZMO_2nVn917_uc5y9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazHBBb7JqfFGAGVbZsWw4W5fYEY6FkvemZ38PWgWGGnFg1lE7ZC95ufvSsRebcEwLSdiWhc-7sVIJl0UcCmMQ687orUxo8SA7m-bc70N3p7oQaJMPtnZb0DkIBNee2rteoL5VPxy82Eug035FUk2JcACrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz57aHDxQ2pBj203khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 491347
cf-polished: origSize=60706
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a4304196c0000177e02064000000001
cf-ray: 654b6fa24cae177e-FRA
expires: Tue, 25 May 2021 03:46:55 GMT

GET
H2

200

Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_1.jpg
data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/ Frame 3EA8
Redirect Chain

https://mediaintelligence.de/trck/eview/d03c861535324350b0ad97ff284ec795
https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_1.jpg

65 KB
65 KB

330ms
35ms

Image
image/jpeg

46.105.198.150
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_1.jpg
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119116&b=PxqtBfbf4mwGC9HKtrHMtYB6hbt9TP9q&f=bMVSQfZfPRgGFYH5tGH8Cqz4setJT5g3&c=300&d=250&e=&g=8c2dfe61bfd68cd2b598f4a12f236fd5%2F4511513325921262261&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412308%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DG4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DG8C8Y9AL2dISR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oe_RisuYBT5xRGB_YVfjUg-mrZxjDp3m2caLdAVTuB5zRdKnPZMO_2nVn917_uc5y9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazHBBb7JqfFGAGVbZsWw4W5fYEY6FkvemZ38PWgWGGnFg1lE7ZC95ufvSsRebcEwLSdiWhc-7sVIJl0UcCmMQ687orUxo8SA7m-bc70N3p7oQaJMPtnZb0DkIBNee2rteoL5VPxy82Eug035FUk2JcACrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz57aHDxQ2pBj203khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.198.150 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: c2ecfb9ea3fbede2b9da9158bc8438f985060f0cb00dc2dba1a020fd0c4dc446

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 01 May 2021 19:37:07 GMT
x-cacheable: Matched cache
x-cdn-pop: rbx1
content-length: 66326
x-request-id: 76054601
last-modified: Mon, 26 Apr 2021 13:30:20 GMT
x-cdn-pop-ip: 51.254.41.128/26
etag: "6086c06c-10316"
access-control-max-age: 3600
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=2592000
accept-ranges: bytes
access-control-allow-headers: Range
expires: Mon, 31 May 2021 19:37:07 GMT

Redirect headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
x-cacheable: Cacheable
x-cdn-pop: rbx1
x-request-id: 767236091
pragma: no-cache
x-cdn-pop-ip: 51.254.41.128/26
location: https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_1.jpg
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 301 d03c861535324350b0ad97ff284ec795
mediaintelligence.de/trck/epv/ Frame 3EA8 0
1 KB 96ms
61ms Image
text/html 46.105.199.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mediaintelligence.de/trck/epv/d03c861535324350b0ad97ff284ec795?t=htlp&subid=oneidPxqtBfbf4mwGC9HKtrHMtYB6hbt9TP9qoneid__adfPros&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119116&b=PxqtBfbf4mwGC9HKtrHMtYB6hbt9TP9q&f=bMVSQfZfPRgGFYH5tGH8Cqz4setJT5g3&c=300&d=250&e=&g=8c2dfe61bfd68cd2b598f4a12f236fd5%2F4511513325921262261&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412308%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DG4qFVpeIihYt4gKkbkiaa3QPpHvut7InIRHm1FrMLppYx3RBRlE7ZTIQIJOmZt0pESadfMC1e-KFskMwGawnSQubxJAa6YEL6FOWrUH8sXIFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5iTi3RI0_wrxCPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DG8C8Y9AL2dISR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oe_RisuYBT5xRGB_YVfjUg-mrZxjDp3m2caLdAVTuB5zRdKnPZMO_2nVn917_uc5y9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazHBBb7JqfFGAGVbZsWw4W5fYEY6FkvemZ38PWgWGGnFg1lE7ZC95ufvSsRebcEwLSdiWhc-7sVIJl0UcCmMQ687orUxo8SA7m-bc70N3p7oQaJMPtnZb0DkIBNee2rteoL5VPxy82Eug035FUk2JcACrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz57aHDxQ2pBj203khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.199.182 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
x-cacheable: Cacheable
x-cdn-pop: rbx1
x-request-id: 767236092
pragma: no-cache
x-cdn-pop-ip: 51.254.41.128/26
location
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.6/one-ad/ Frame 5F28 59 KB
7 KB 17ms
17ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.6/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=1ec7e791c6ef79bd1003e2024a8f0abe%2F11814737698229882658&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3Dsqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oQhRQLkAt7Arf7tP55GRygJlWrK0u6IK2caLdAVTuB1saHm1W9MNp_NLx0fnI-txy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazEreEstr761M-htsZ9hfyp-RkKN2gb8JZDnNEcePUX0EoDEtdDRzdaDlfXyXxTzonRr9r15uYFY4-Pwd3O2PDCRwKNkGtVFnPSDbaj6g5kRYaJMPtnZb0DkIBNee2rteoKUGDhRxNMT7cOLRLedj17CrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz579KkDq7bT4mE3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36ae5665d20b3043d7c330846a2712a01de07cc1a8819d08f306853249a3bb52

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=1ec7e791c6ef79bd1003e2024a8f0abe%2F11814737698229882658&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3Dsqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oQhRQLkAt7Arf7tP55GRygJlWrK0u6IK2caLdAVTuB1saHm1W9MNp_NLx0fnI-txy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazEreEstr761M-htsZ9hfyp-RkKN2gb8JZDnNEcePUX0EoDEtdDRzdaDlfXyXxTzonRr9r15uYFY4-Pwd3O2PDCRwKNkGtVFnPSDbaj6g5kRYaJMPtnZb0DkIBNee2rteoKUGDhRxNMT7cOLRLedj17CrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz579KkDq7bT4mE3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 491347
cf-polished: origSize=60706
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a4304196c0000177e04864000000001
cf-ray: 654b6fa24cb0177e-FRA
expires: Tue, 25 May 2021 03:46:55 GMT

GET
H2

200

Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg
data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/ Frame 5F28
Redirect Chain

https://mediaintelligence.de/trck/eview/d03c861535324350a884072b350f2094
https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg

66 KB
67 KB

310ms
15ms

Image
image/jpeg

46.105.198.150
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=1ec7e791c6ef79bd1003e2024a8f0abe%2F11814737698229882658&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3Dsqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oQhRQLkAt7Arf7tP55GRygJlWrK0u6IK2caLdAVTuB1saHm1W9MNp_NLx0fnI-txy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazEreEstr761M-htsZ9hfyp-RkKN2gb8JZDnNEcePUX0EoDEtdDRzdaDlfXyXxTzonRr9r15uYFY4-Pwd3O2PDCRwKNkGtVFnPSDbaj6g5kRYaJMPtnZb0DkIBNee2rteoKUGDhRxNMT7cOLRLedj17CrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz579KkDq7bT4mE3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.198.150 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 1c841693330e27e579ddb12599321982d6ab7ff4da41cb4e6a1287cc8b625599

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 01 May 2021 19:36:35 GMT
x-cacheable: Matched cache
x-cdn-pop: rbx1
content-length: 68014
x-request-id: 33292316
last-modified: Mon, 26 Apr 2021 13:30:20 GMT
x-cdn-pop-ip: 51.254.41.128/26
etag: "6086c06c-109ae"
access-control-max-age: 3600
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=2592000
accept-ranges: bytes
access-control-allow-headers: Range
expires: Mon, 31 May 2021 19:36:35 GMT

Redirect headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
x-cacheable: Cacheable
x-cdn-pop: rbx1
x-request-id: 767236094
pragma: no-cache
x-cdn-pop-ip: 51.254.41.128/26
location: https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 301 d03c861535324350a884072b350f2094
mediaintelligence.de/trck/epv/ Frame 5F28 0
1 KB 95ms
61ms Image
text/html 46.105.199.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mediaintelligence.de/trck/epv/d03c861535324350a884072b350f2094?t=htlp&subid=oneid2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wdoneid__adfPros&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=1ec7e791c6ef79bd1003e2024a8f0abe%2F11814737698229882658&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3Dsqq3TV7cbiW2rB9QULtn4Thgtxj4qX4ewa9qA44ZIDd13RUrnFUIIyxEfOinBGUBBEun7u0aJjZhnoLJN_lFHr7KQ9W8XCmcotc8GjqJizgFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5goUZDVkrGBoyPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk5GUMTER0GflYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ3oQhRQLkAt7Arf7tP55GRygJlWrK0u6IK2caLdAVTuB1saHm1W9MNp_NLx0fnI-txy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazEreEstr761M-htsZ9hfyp-RkKN2gb8JZDnNEcePUX0EoDEtdDRzdaDlfXyXxTzonRr9r15uYFY4-Pwd3O2PDCRwKNkGtVFnPSDbaj6g5kRYaJMPtnZb0DkIBNee2rteoKUGDhRxNMT7cOLRLedj17CrfrFJUwRvmQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz579KkDq7bT4mE3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.199.182 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
x-cacheable: Cacheable
x-cdn-pop: rbx1
x-request-id: 767236093
pragma: no-cache
x-cdn-pop-ip: 51.254.41.128/26
location
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.6/one-ad/ Frame 5FA8 59 KB
7 KB 19ms
18ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.6/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=39c5e1359af49312fe31e80fb9b26d96%2F17007975655370622870&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DvaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ2C1u3FmmP9GnS_qTAqfjmBPRMdCKlkmEu2caLdAVTuB_j91a6UboQiZO_bMJ2DSQNy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazlm3Lze6NIuKL7cpn-6RuLv_rt-SikdzH4k-FjhLFUeM-KqfXdtgCVJawW7lOiIlVvPGDPRVBPetZaDJr0hfCWYfRpmkie5oThOHMqFTFsaUaJMPtnZb0DkIBNee2rteo1RXDA0raOzFz5dO7FFtGeBtNBc4oIsBSQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz569SDK4PQehBU3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36ae5665d20b3043d7c330846a2712a01de07cc1a8819d08f306853249a3bb52

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=39c5e1359af49312fe31e80fb9b26d96%2F17007975655370622870&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DvaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ2C1u3FmmP9GnS_qTAqfjmBPRMdCKlkmEu2caLdAVTuB_j91a6UboQiZO_bMJ2DSQNy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazlm3Lze6NIuKL7cpn-6RuLv_rt-SikdzH4k-FjhLFUeM-KqfXdtgCVJawW7lOiIlVvPGDPRVBPetZaDJr0hfCWYfRpmkie5oThOHMqFTFsaUaJMPtnZb0DkIBNee2rteo1RXDA0raOzFz5dO7FFtGeBtNBc4oIsBSQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz569SDK4PQehBU3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 491347
cf-polished: origSize=60706
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a4304197a0000177ec6166000000001
cf-ray: 654b6fa25ccb177e-FRA
expires: Tue, 25 May 2021 03:46:55 GMT

GET
H2

200

Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg
data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/ Frame 5FA8
Redirect Chain

https://mediaintelligence.de/trck/eview/d03c861535324350a884072b350f2094
https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg

66 KB
67 KB

40ms
35ms

Image
image/jpeg

46.105.198.150
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=39c5e1359af49312fe31e80fb9b26d96%2F17007975655370622870&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DvaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ2C1u3FmmP9GnS_qTAqfjmBPRMdCKlkmEu2caLdAVTuB_j91a6UboQiZO_bMJ2DSQNy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazlm3Lze6NIuKL7cpn-6RuLv_rt-SikdzH4k-FjhLFUeM-KqfXdtgCVJawW7lOiIlVvPGDPRVBPetZaDJr0hfCWYfRpmkie5oThOHMqFTFsaUaJMPtnZb0DkIBNee2rteo1RXDA0raOzFz5dO7FFtGeBtNBc4oIsBSQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz569SDK4PQehBU3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.198.150 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 1c841693330e27e579ddb12599321982d6ab7ff4da41cb4e6a1287cc8b625599

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 01 May 2021 19:36:35 GMT
x-cacheable: Matched cache
x-cdn-pop: rbx1
content-length: 68014
x-request-id: 33292316
last-modified: Mon, 26 Apr 2021 13:30:20 GMT
x-cdn-pop-ip: 51.254.41.128/26
etag: "6086c06c-109ae"
access-control-max-age: 3600
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=2592000
accept-ranges: bytes
access-control-allow-headers: Range
expires: Mon, 31 May 2021 19:36:35 GMT

Redirect headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
x-cacheable: Cacheable
x-cdn-pop: rbx1
x-request-id: 767236095
pragma: no-cache
x-cdn-pop-ip: 51.254.41.128/26
location: https://data.mediaintelligence.de/min/205_Ibrance_Digital_DTC_2021_48619/Ibrance_2101_PatKam_Banner_Chemo_300x250px_Motiv_3.jpg
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 301 d03c861535324350a884072b350f2094
mediaintelligence.de/trck/epv/ Frame 5FA8 0
1 KB 365ms
345ms Image
text/html 46.105.199.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mediaintelligence.de/trck/epv/d03c861535324350a884072b350f2094?t=htlp&subid=oneid2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wdoneid__adfPros&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=119118&b=2b9F6fqf7EerSVH6tbH8tVXYfzt7T7Wd&f=4r4fEf5fEpBPTGHxtGHzCEB9FdtpTr28&c=300&d=250&e=&g=39c5e1359af49312fe31e80fb9b26d96%2F17007975655370622870&i=30106&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D45412305%3Bcrtbwp%3DL71Is_rzpav9k9TrRtWkJ6dgnaMU4Hum0%3Bcrtbdata%3DvaoHHWsZTCxLVCA4t8pqMFgHNoIIotr54HjC24DIYhHDAVK2Tb7Ew7Kp2roO6C5Q4xQ5Q8C9Np6dG0LPY5AYZc5UeU4uCXBSJE7h14MeRBMFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5hGdYStbDnGsSPp4A1Sb4y3KXNA916tQOKFIo66tc8Hd8VmTFKgGOZiswmFfVqDPk6UAl1RLVpknYCIxEzHzL-f0%3Badfibeg%3D0%3Bcdata%3DcuuWxpFi3FUSR9aSkl7IFxX5u_jltkcBt6yQai50qQ2C1u3FmmP9GnS_qTAqfjmBPRMdCKlkmEu2caLdAVTuB_j91a6UboQiZO_bMJ2DSQNy9fKfHydyzsxTmjn-06XGuRBwPFLeI0G7k4Mj2eXOOoFRBcsZqFazlm3Lze6NIuKL7cpn-6RuLv_rt-SikdzH4k-FjhLFUeM-KqfXdtgCVJawW7lOiIlVvPGDPRVBPetZaDJr0hfCWYfRpmkie5oThOHMqFTFsaUaJMPtnZb0DkIBNee2rteo1RXDA0raOzFz5dO7FFtGeBtNBc4oIsBSQCsFVWxHkRG1UG2W865s4VMdsdWLNnr29bt5o52tz569SDK4PQehBU3khyzEuZZ39bt5o52tz54VDraZgoN38w2%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.199.182 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
x-cacheable: Cacheable
x-cdn-pop: rbx1
x-request-id: 767236096
pragma: no-cache
x-cdn-pop-ip: 51.254.41.128/26
location
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 6F6A 31 KB
9 KB 14ms
14ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 3ed1ebf0d6f605635332d2dc7d98bd3cb3fff298bffb5765c1969ab93b3fbeb6

Request headers

Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:46:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 May 2021 19:07:56 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=15688
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9266
Expires: Tue, 25 May 2021 07:08:23 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6F6A
Redirect Chain

https://token.rubiconproject.com/token?pid=25470&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AzRlRMNzEtNS03NFVT&gdpr=1

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AzRlRMNzEtNS03NFVT&gdpr=1

Requested by

Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1AzRlRMNzEtNS03NFVT&gdpr=1
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 6F6A 0
0 1044ms
14ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif?gdpr=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6F6A
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGRjNjEyM2ViY2I2YTY4MmZiNDhmMjQ5NThkZGJiMjhhMWZlYjE5MA&gdpr=1

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGRjNjEyM2ViY2I2YTY4MmZiNDhmMjQ5NThkZGJiMjhhMWZlYjE5MA&gdpr=1

Requested by

Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGRjNjEyM2ViY2I2YTY4MmZiNDhmMjQ5NThkZGJiMjhhMWZlYjE5MA&gdpr=1
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 6F6A
Redirect Chain

https://token.rubiconproject.com/token?pid=26594&gdpr=1
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KP3FTL71-5-74US&sigv=1&esig=2~c2739ced0762a75041aee14209ca9ffd5eb772f5&gdpr=1

0
445 B

21ms
6ms

Image
text/plain

2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KP3FTL71-5-74US&sigv=1&esig=2~c2739ced0762a75041aee14209ca9ffd5eb772f5&gdpr=1

Requested by

Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KP3FTL71-5-74US&sigv=1&esig=2~c2739ced0762a75041aee14209ca9ffd5eb772f5&gdpr=1
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 6F6A 70 B
264 B 32ms
30ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon?gdpr=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:55 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 6F6A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=1
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=e06160ac-651d-4e00-8de7-6426066579f3&gdpr=1&gdpr_consent=

0
239 B

9ms
8ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=e06160ac-651d-4e00-8de7-6426066579f3&gdpr=1&gdpr_consent=
Requested by: Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

Date: Tue, 25 May 2021 02:46:49 GMT
Server: MT3 3736 915c305 master zrh-pixel-x3
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=e06160ac-651d-4e00-8de7-6426066579f3&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 25 May 2021 02:46:48 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 6F6A
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=1
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=1&_test=YKxlIAABOunkDQAC
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YKxlIAABOunkDQAC&gdpr=1&_test=YKxlIAABOunkDQAC

0
239 B

7ms
7ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YKxlIAABOunkDQAC&gdpr=1&_test=YKxlIAABOunkDQAC
Requested by: Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:56 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1621910817.598888,VS0,VE0
x-served-by: cache-hhn4058-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YKxlIAABOunkDQAC&gdpr=1&_test=YKxlIAABOunkDQAC
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 6F6A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEKLQB7y9SH0cNW6q1HzEapY&google_cver=1

0
239 B

39ms
8ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEKLQB7y9SH0cNW6q1HzEapY&google_cver=1
Requested by: Host: runwaff.com
URL: https://runwaff.com/count?i=u1dvjpo9e55sy80hm5&a=6a61c97338f087e01f469fd41bde18ed9&cb=5959071621910813238
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:55 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEKLQB7y9SH0cNW6q1HzEapY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sa Show response
go.bebi.com/w/1.1/ Frame 6243 1 KB
1 KB 160ms
150ms Script
application/json 104.22.72.85
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.bebi.com/w/1.1/sa?o=1481953805&callback=n08r4601glc1481953805&ju=https%3A//ww3.read7deadlysins.com/&jr=&stck=https%3A//ww3.read7deadlysins.com/%2Chttps%3A//runwaff.com/stat%3Fi%3Du1dvjpo9e55sy80hm5%26a%3D3191181510d1c5163e53c1097b6d94291%26cb%3D3371671621910813240%2Chttps%3A//runwaff.com/stat%3Fi%3Du1dvjpo9e55sy80hm5%26a%3D3191181510d1c5163e53c1097b6d94291%26cb%3D3371671621910813240%2Chttps%3A//runwaff.com/stat%3Fi%3Du1dvjpo9e55sy80hm5%26a%3D3191181510d1c5163e53c1097b6d94291%26cb%3D3371671621910813240&ai=1&r=870252176&pl=42861&dims=300x250&adxy=0%2C0&exclude=&res=1600x1200x24&plg=pm&ch=UTF-8&tz=-120&ws=301x251&ifr=1&bi=1e9e06fc-c4b9-41bc-bccc-57ec8acc927b&pxr=false
Requested by: Host: st.bebi.com
URL: https://st.bebi.com/bebi_v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.72.85 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c5aecf6f8d125f8f91b47761d6fda3ff801ba9dd37249f51663529183d36ea4

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1135
cf-request-id: 0a43041bf90000edaf063b0000000001
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/json
via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
cf-ray: 654b6fa65ac8edaf-CDG
link: <https://c.bebi.com/cbbd6e56-75fb-4aba-88b3-877507b07fe1.jpg>; rel=preload; as=image
expires: 0

GET
H2 200 cbbd6e56-75fb-4aba-88b3-877507b07fe1.jpg
c.bebi.com/ Frame 6243 59 KB
59 KB 36ms
28ms Image
image/webp 104.22.72.85
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bebi.com/cbbd6e56-75fb-4aba-88b3-877507b07fe1.jpg
Requested by: Host: runwaff.com
URL: https://runwaff.com/stat?i=u1dvjpo9e55sy80hm5&a=3191181510d1c5163e53c1097b6d94291&cb=3371671621910813240
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.72.85 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49c5062b357f17aa4cd7c3f8b6c052107cb0499e73fb7da71782f349c3055ca5

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:55 GMT
cf-cache-status: HIT
age: 447037
cf-polished: origFmt=jpeg, origSize=69209
x-guploader-uploadid: ABg5-Uy_UcfQnjCaZy-AklImfQuLqaBwvcbAOE8OU4T6aOH5Mnqi3Sz9EmKWWP7SsdSaB80ACqM7sTUnoEMMzD9RCeg6SWtBIA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="cbbd6e56-75fb-4aba-88b3-877507b07fe1.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 59904
cf-request-id: 0a43041c990000edaf489e5000000001
last-modified: Thu, 21 Jan 2021 02:43:28 GMT
server: cloudflare
etag: "e14426a2a494854c1eb410a655000268"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=zLWxIQ==, md5=4UQmoqSUhUwetBCmVQACaA==
x-goog-generation: 1611197008039250
content-type: image/webp
expires: Thu, 19 May 2022 22:36:18 GMT
cache-control: public, max-age=31536000
x-goog-stored-content-length: 69209
accept-ranges: bytes
cf-ray: 654b6fa75b45edaf-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 micro-logo.png
st.bebi.com/ Frame 6243 852 B
1 KB 327ms
26ms Image
image/webp 104.22.72.85
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.bebi.com/micro-logo.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.72.85 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f14d49c61900359e36033037f41b3551af293a3ae24076af4511e92217e841a7

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:56 GMT
cf-cache-status: HIT
age: 47
cf-polished: origFmt=png, origSize=1922
x-guploader-uploadid: ABg5-UwBx0v0hGluEfAB92JTEZpXgV3ZUhH30uGrSh3RIjfQCsFU7nqGpQdtrCQXvEjq7tTqmXloPeEqKDHFVShj6xU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="micro-logo.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 852
cf-request-id: 0a43041dc30000edafc83ea000000001
last-modified: Mon, 29 Jan 2018 10:32:41 GMT
server: cloudflare
etag: "1a47d36a38efc2702644dfb1055740cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=qmfGMw==, md5=GkfTajjvwnAmRN+xBVdAzQ==
x-goog-generation: 1517221961054923
content-type: image/webp
expires: Tue, 25 May 2021 03:46:09 GMT
cache-control: public, max-age=3600
x-goog-stored-content-length: 1922
accept-ranges: bytes
cf-ray: 654b6fa93c8fedaf-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 go
trck.bebi.com/1.0/ Frame 6243 43 B
223 B 43ms
34ms Image
image/gif 104.22.72.85
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trck.bebi.com/1.0/go?tq=UL3sv4aaTy2ij3Jz0lAkrRolq3ChyW-q0whxFH2VtQjQv5Ac9Mo8a322excxAvkBu93_evxPfmbs6YwfJD0laly3cDCq_QS9g0xjKfxoDG4u8DRY24_S2pncgCtrDRDpyVcb1H45_5X7Yvqu1KNBPznz3sTzPz7nvuZylIe2dFxdoI_oi1t9oNelsQi74wzdEbwb85TlrjdS_vcA06QvsXuVuDqHGE72gUFbdxcGjeOZnrxXRmrb9IY1Pg7iL94IA4LfyKhih6zVUYLL1XqkF_8I459DS4T58Uu5L36CRD4nVVaXYuJrmxBs0fn-SPhq5LDLInYgQwR0bhwKQxYDnT71g7c5FhWuWpIPfIWFXc3GXhguaowoymikeHLu8IgCsVfMhlsrDg9PNnyO6pM2QZnNWb_Jl-qg5HWFsWLFmxKCEWBwIECyR58zgZDMwO8UYMMgi04_tverpk1lRoI7Ig6s2_IF3v5HvJURc950LRG-u0TRjduneRf1zcCnibqlaf1A0_LuizFSG9_FIkwmO98BouteIrfTe-h4KQai6Qd2nFijDAlntvCX2Pst-LUdCKVX3hStGb-OW8jzTVQ6JQIC_LassTRjcMU627lC1YZhzCmGB7VWhdu0rdJoPd-0wSzKDC6UZsu7vwaqafF1hK7rRLmNdkfmoUscvqUbwG_9GduJ9WA1jn-yMdLJ5cZCe3uLgiJlRj9o09wZhv6LNvNYB5qKMe1Bf4qZ_xa74GUDM3Rpln7NO70d_aSi89N-WKhXVsfjNh68PhrdejCTywr0c5-S0S_qBksVtmLkw3NekSRteInL586E9hz0SmBGWSIJbUh0BqOpg-PRC0cNjQjAGTBWX1G4BUIMCXhB8blJfNXm5gocojis5cGg3LWZkLN59bijPirNN5jxZpP1UnTuAcoCRoQAXRHWXgqHCGcJKp2c0ShE5Kbk4MicasydJrFZTKZH2RL9WTjFgaxrTEQUbYHrapgdQAJDg6e6BgwW4Wu0tOu9OhGGaj1AeLtuEsMWqA0LS8DqTPbOOHj2Z9uzcfWvhyezwzuPxAfO4Fi9A_LnicwHuB5DXvGKjdWe9FDe9jv3YAnYmNK7jIHRd32uCsunbG0IjvINJx-bcfokUtxLE_aWHoskOa9ATeD2&bi=1fb64b28-1003-4bd5-9484-b187b77208dd&bbuid=98ebe87b-83b6-4edf-91f3-097565b277b3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.72.85 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-cache, private, no-cache no-store proxy-revalidate
cf-ray: 654b6fa76b4dedaf-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
cf-request-id: 0a43041c9f0000edaf30232000000001
expires: Thu, 01 Jan 1970 00:00:01 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7E28 35 B
466 B 21ms
21ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&pud=mZLFkVBv7y7siwVHQsJinwKw7tBGW7MjqPgsxXkEpaNjVA9bVUZ9fiOwd1kEMzRr2qrb3w1_oWOGt-ippZuF-QVZoehuYzNpHarZC3UVhJUDDQ5vRSs2T9GQfRICSu8c8fkvCkV0AKiibu5ODd1AyZGSuffMaAQB4HnxjK2K5tclD_3jwMhsFVCsKFctvLV3cdJbAB9-JKE1&unload=6833267819561969969@@42173458,3132587077540134277,100|1200|0|0|0|0|0|0|0||47|1|2464|4967cd04c6fb43729fb23a47aa964161-1-2464_20035fb0a5d8488aa73d8bb54cc134f5|||1|0|0|Hh-6VTMaeTyoMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I4ErQHerjrL65MiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|m5D2R0CaQPB42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz10a3Jwkl4uAuOMOqtrwYj_99yHnrX3-Yq41wUtXy3s232WndsyQtExvdq5tkQ8Tp-aJ5PzzvWo-FOZ5nJE5k3ngOHYsb569ZdmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyUT9ubrsFdb5A7z_uuw_WOM1||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:56 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7E28 35 B
466 B 22ms
21ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@42173458,3132587077540134277,100|1201|0|0|0|0|0|0|0||47|1|2464|4967cd04c6fb43729fb23a47aa964161-1-2464_20035fb0a5d8488aa73d8bb54cc134f5|||1|0|0|Hh-6VTMaeTyoMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I4ErQHerjrL65MiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|m5D2R0CaQPB42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz10a3Jwkl4uAuOMOqtrwYj_99yHnrX3-Yq41wUtXy3s232WndsyQtExvdq5tkQ8Tp-aJ5PzzvWo-FOZ5nJE5k3ngOHYsb569ZdmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyUT9ubrsFdb5A7z_uuw_WOM1||01|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:56 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 /
track.adform.net/Serving/Event/ Frame 7E28 35 B
303 B 21ms
21ms Image
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.adform.net/Serving/Event/?bn=42173458&event=178&time=2&baid=42147175&name=Viewable%20impressions&imprid=3132587077540134277&icid=6833267819561969969&eData=1ag1TOcnAKJxemCkR6owFqFQn6mnkCmgYaJU2uM20NnmbmguGaWy-jJUa_m-3FJj-zqKabl9vormbmguGaWy-ob6_1lUY3vj0&adxvars=m5D2R0CaQPB42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz10a3Jwkl4uAuOMOqtrwYj_99yHnrX3-Yq41wUtXy3s232WndsyQtExvdq5tkQ8Tp-aJ5PzzvWo-FOZ5nJE5k3ngOHYsb569ZdmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyUT9ubrsFdb5A7z_uuw_WOM1&rtbdata=OS-8pJ27cx1t80IVWwQfQmE4WHGRqH-1kufqwnY4tw_1RSChZqL51DIQIJOmZt0pv7FqjbP8FygEiuMG4UneOQhh2ON4Isn69w0nsxF19yUFWaHobmMzaZuQe68hRSWgBbX2Scja7xpnAf87BMs8pTiqfUioUQ5fjk4f5IofKguQWvFgxpEjr0cpc6KrPjLHQ18R7_DTXbsLjmCGi5lbJog59SdzMJjD1_IkojTLs1Wvowv_9ATKQmE1N-xRNl4GvtZFONlts83oe2PKfD381SC80MFHzDQq32ffiUnjj5jm_EH7owHJ888jpZdvtK7yM8o70tRRicjmiUtjwUGSvFqirAD_H0c-swmFfVqDPk5d1Vab-EFQvICIxEzHzL-f0&rtbwp=CBiagR-ESe0N4_IzXSGVYekjTfC56_cS0&rnd=545450457

Requested by

Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=u1dvjpo9e55sy80hm5&a=1a0c8985ce32a33755c3d97ef8fe86d15&cb=2363071621910813243

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:56 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
expires: -1

POST
H2 200 /
adx.adform.net/adx/unload/ Frame 7E28 35 B
486 B 21ms
20ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/unload/?1621910816483

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:56 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
650 B 138ms
122ms XHR
text/plain 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://ww3.read7deadlysins.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=H7F6tPBWsxTp5QdXDWR92r6%2BGJvL1fIy87Z1GM1t5%2FbEjA9dAoex55vDCKPs4iV1wO6O6w%2B0cHQt2ivxsf4jSPVRhdZJkwD08OYe4JdakXiU7tK04v1ae6HBD2Uo1K9roB2FBSXGkioOA7gu9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 654b6faf092e0eb3-FRA
cf-request-id: 0a4304216000000eb371b5a000000001

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
372 B 353ms
160ms XHR
text/plain 136.144.59.88
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.59.88 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ww3.read7deadlysins.com
date: Tue, 25 May 2021 02:46:57 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 65
vary: origin

GET
H2

200

ROS Show response
ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/
Redirect Chain

https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x...
https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?ct=1&rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3...

622 B
1 KB

21ms
18ms

XHR
application/json

46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?ct=1&rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=https%3A%2F%2Fww3.read7deadlysins.com%2F&r=pbjs&pbv=4.38.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fww3.read7deadlysins.com%2F&gdpr=1&gdprcs=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 06cc0df26c32fe3c458ffe56518d7b3cdddebb8ff9075baa3885ea39e970c6a3

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://ww3.read7deadlysins.com
expires: Tue, 25 May 2021 02:46:57 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 622
x-sid: AMS-747

Redirect headers

date: Tue, 25 May 2021 02:46:57 GMT
server: openresty
access-control-allow-origin: https://ww3.read7deadlysins.com
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2c995/1/ww3.read7deadlysins.com/ROS?ct=1&rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=https%3A%2F%2Fww3.read7deadlysins.com%2F&r=pbjs&pbv=4.38.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fww3.read7deadlysins.com%2F&gdpr=1&gdprcs=
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-747

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
185 B 58ms
21ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ww3.read7deadlysins.com
date: Tue, 25 May 2021 02:46:57 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
153 B 56ms
16ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.38.0&cb=47428952431
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ww3.read7deadlysins.com
date: Tue, 25 May 2021 02:46:56 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 vi-logo.svg
assets.vlitag.com/media/icon/ 11 KB
3 KB 17ms
16ms Image
image/svg+xml 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/media/icon/vi-logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 935091
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430422bc0000c27777a91000000001
x-robots-tag: noindex, nofollow
last-modified: Fri, 01 Nov 2019 05:04:49 GMT
server: cloudflare
etag: W/"5dbbbcf1-2c34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0DnET3LUerynA7OBU6viZMix8F%2FShvUXNUJYGV0lzisbp1BSCVavgVS7Jeqoz%2FrZDS3OAk8E8b5aTIWcDUrBo5d8zsdX36QCxTVYfAJ3qfUfvYQXGEvTEaC57GfEP0kdUBqO2q%2F3HIGAyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 654b6fb12f47c277-FRA

GET
H2 200 frame.html Show response
ad4m.at/ Frame B43B 2 KB
2 KB 23ms
23ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Tue, 25 May 2021 03:46:57 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 107461
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a430423110000d6b117922000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tLPm7TYADgwO9mJlaR4K0qUeWdwjzM5Bg1YHq%2FsyXDcjdM9z8NseG7P2FFLkRlgtOCh04MWYzXP2vLyqZc%2B1LXjCilr8fxJ66dvW94wSr0mv11WVqNkN12JU8OsAMXQV"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 654b6fb1be11d6b1-FRA
content-encoding: br

GET
H2 200 frame.html Show response
ad4mat.net/ Frame A50E 1 KB
970 B 11ms
11ms Document
text/html 2606:4700:3032::ac43:aa7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4mat.net/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:aa7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
content-type: text/html
last-modified: Thu, 12 Apr 2018 07:50:15 GMT
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: HIT
age: 2640
cf-request-id: 0a4304233700004eb03a2fa000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mk6U%2FmYGZER6GY3xH2QZMIJl4gg1Y8phQQ9iMiEiCI0aDMxut99%2FdnuhmlWujeKlhKH1uKFb73WzkrhUtFxUa5LODb0RV8vLsxqSLKkDQ3oOVNXyzEOGCVbW7dPXDdvjQt1SpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 654b6fb1fd804eb0-FRA
content-encoding: br

POST
H3-29 200 rs Show response
ad4m.at/ Frame CA8A 955 B
1 KB 28ms
27ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e29d014db9a69bc9ca7e8785266b23a428aaa17c24970d18dee4a3cfcef031a

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 654b6fb23d113248-FRA
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8DRWII4Yh82%2Fae9MJ5XPYPkIaJbPqg2VWSfRrKBzt%2FMgYJgnL4DD72i5KpbhqgqHWbtDGRJ6wjbqXTEJ0P2PextOtiKwUHG2ajKXX5mpQZ394g5541Pv1FBUlVZgqZqQ"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://runwaff.com
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-rvz5
cf-request-id: 0a4304236000003248111bd000000001

OPTIONS
H3-29 200 rs
ad4m.at/ Frame 0
0 19ms
18ms Preflight
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3-29
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://runwaff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://runwaff.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: rs-rvz5
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a4304234c000032482e025000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=30SWpU%2BhkLiE%2FedQNLYD8YVFdW4KWYAf7%2Bi8HDL9%2F6NVOzcF%2FaGIQPNjX59oSfbzrq%2BSzS7qyiplx8UgkA9qBg0xzFdfpg%2BgBfNmdsSd1BjQ4T04o%2BlxMIGbYIL5w9X7"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 654b6fb21cf93248-FRA

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame E55E 2 KB
2 KB 24ms
23ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=114736&b=bMVSQfZfP5pkTYH5tGHKtqQMTetJT52P&f=3P4tpf4fmXg4c7HqtXHXCkBwuMtWTAje&c=300&d=250&e=&g=425545bf7a8e67ade5cb81e3ac30e1f1%2F14510462578530007900&i=29459&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D46051965%3Bcrtbwp%3DFD095DA38919D0EF%3Bcrtbdata%3DeexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1%3Badfibeg%3D0%3Bcdata%3Dzi6nw54RqoVNkoim8y32RgwRZGuFuL6pEx14g_hcwfpYBRXMc3-0AkKr1ztCzqheMrfXzzOMYt4tEB0NuJcKv7FMG_vafx5947mRGi7fX-2UcVaqQ_HzhsmtYN-uo950ZSAqiu-gwQTu--L5nqeNZ4bpOaa11T_TzgNVONeC3BPZKrp3hnDIH84jHBodwGdCZr-bjp8GuG-vPCrSsv5_L3LLb10zwiQqVmT03catJI-KMvty0L-hgdPIoSoiCNp5U9pRs-Y54C3kPlaDTc2TXeFBboVeNKvP0%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd237451c1129b755eb037be222af2716f91fe45e0938e7711ef9aa9614ed0ac

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=114736&b=bMVSQfZfP5pkTYH5tGHKtqQMTetJT52P&f=3P4tpf4fmXg4c7HqtXHXCkBwuMtWTAje&c=300&d=250&e=&g=425545bf7a8e67ade5cb81e3ac30e1f1%2F14510462578530007900&i=29459&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D46051965%3Bcrtbwp%3DFD095DA38919D0EF%3Bcrtbdata%3DeexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1%3Badfibeg%3D0%3Bcdata%3Dzi6nw54RqoVNkoim8y32RgwRZGuFuL6pEx14g_hcwfpYBRXMc3-0AkKr1ztCzqheMrfXzzOMYt4tEB0NuJcKv7FMG_vafx5947mRGi7fX-2UcVaqQ_HzhsmtYN-uo950ZSAqiu-gwQTu--L5nqeNZ4bpOaa11T_TzgNVONeC3BPZKrp3hnDIH84jHBodwGdCZr-bjp8GuG-vPCrSsv5_L3LLb10zwiQqVmT03catJI-KMvty0L-hgdPIoSoiCNp5U9pRs-Y54C3kPlaDTc2TXeFBboVeNKvP0%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://runwaff.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://runwaff.com/

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a4304237f0000d6b1ba87b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 654b6fb26ea1d6b1-FRA
content-encoding: br

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.6/one-ad/ Frame E55E 59 KB
7 KB 17ms
16ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.6/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=114736&b=bMVSQfZfP5pkTYH5tGHKtqQMTetJT52P&f=3P4tpf4fmXg4c7HqtXHXCkBwuMtWTAje&c=300&d=250&e=&g=425545bf7a8e67ade5cb81e3ac30e1f1%2F14510462578530007900&i=29459&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D46051965%3Bcrtbwp%3DFD095DA38919D0EF%3Bcrtbdata%3DeexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1%3Badfibeg%3D0%3Bcdata%3Dzi6nw54RqoVNkoim8y32RgwRZGuFuL6pEx14g_hcwfpYBRXMc3-0AkKr1ztCzqheMrfXzzOMYt4tEB0NuJcKv7FMG_vafx5947mRGi7fX-2UcVaqQ_HzhsmtYN-uo950ZSAqiu-gwQTu--L5nqeNZ4bpOaa11T_TzgNVONeC3BPZKrp3hnDIH84jHBodwGdCZr-bjp8GuG-vPCrSsv5_L3LLb10zwiQqVmT03catJI-KMvty0L-hgdPIoSoiCNp5U9pRs-Y54C3kPlaDTc2TXeFBboVeNKvP0%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36ae5665d20b3043d7c330846a2712a01de07cc1a8819d08f306853249a3bb52

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=114736&b=bMVSQfZfP5pkTYH5tGHKtqQMTetJT52P&f=3P4tpf4fmXg4c7HqtXHXCkBwuMtWTAje&c=300&d=250&e=&g=425545bf7a8e67ade5cb81e3ac30e1f1%2F14510462578530007900&i=29459&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D46051965%3Bcrtbwp%3DFD095DA38919D0EF%3Bcrtbdata%3DeexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1%3Badfibeg%3D0%3Bcdata%3Dzi6nw54RqoVNkoim8y32RgwRZGuFuL6pEx14g_hcwfpYBRXMc3-0AkKr1ztCzqheMrfXzzOMYt4tEB0NuJcKv7FMG_vafx5947mRGi7fX-2UcVaqQ_HzhsmtYN-uo950ZSAqiu-gwQTu--L5nqeNZ4bpOaa11T_TzgNVONeC3BPZKrp3hnDIH84jHBodwGdCZr-bjp8GuG-vPCrSsv5_L3LLb10zwiQqVmT03catJI-KMvty0L-hgdPIoSoiCNp5U9pRs-Y54C3kPlaDTc2TXeFBboVeNKvP0%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 491349
cf-polished: origSize=60706
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a4304239c0000177ec690b000000001
cf-ray: 654b6fb29928177e-FRA
expires: Tue, 25 May 2021 03:46:57 GMT

GET
H2

200

300x250_SB_Banner.jpg
data.mediaintelligence.de/min/144_Smartbroker_CPL_51382/ Frame E55E
Redirect Chain

https://mediaintelligence.de/trck/eview/ba4f619de1bd236c67be15f740811830
https://data.mediaintelligence.de/min/144_Smartbroker_CPL_51382/300x250_SB_Banner.jpg

19 KB
19 KB

15ms
15ms

Image
image/jpeg

46.105.198.150
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.mediaintelligence.de/min/144_Smartbroker_CPL_51382/300x250_SB_Banner.jpg
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=114736&b=bMVSQfZfP5pkTYH5tGHKtqQMTetJT52P&f=3P4tpf4fmXg4c7HqtXHXCkBwuMtWTAje&c=300&d=250&e=&g=425545bf7a8e67ade5cb81e3ac30e1f1%2F14510462578530007900&i=29459&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D46051965%3Bcrtbwp%3DFD095DA38919D0EF%3Bcrtbdata%3DeexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1%3Badfibeg%3D0%3Bcdata%3Dzi6nw54RqoVNkoim8y32RgwRZGuFuL6pEx14g_hcwfpYBRXMc3-0AkKr1ztCzqheMrfXzzOMYt4tEB0NuJcKv7FMG_vafx5947mRGi7fX-2UcVaqQ_HzhsmtYN-uo950ZSAqiu-gwQTu--L5nqeNZ4bpOaa11T_TzgNVONeC3BPZKrp3hnDIH84jHBodwGdCZr-bjp8GuG-vPCrSsv5_L3LLb10zwiQqVmT03catJI-KMvty0L-hgdPIoSoiCNp5U9pRs-Y54C3kPlaDTc2TXeFBboVeNKvP0%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.198.150 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 65bf6dbed881d8b4aa47ea477227f1860721a053dd6e3541718b377d66fe4f54

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 13:17:00 GMT
x-cacheable: Matched cache
x-cdn-pop: rbx1
content-length: 19488
x-request-id: 679018605
last-modified: Tue, 17 Nov 2020 14:41:38 GMT
x-cdn-pop-ip: 51.254.41.128/26
etag: "5fb3e122-4c20"
access-control-max-age: 3600
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=2592000
accept-ranges: bytes
access-control-allow-headers: Range
expires: Thu, 10 Jun 2021 13:17:00 GMT

Redirect headers

date: Tue, 25 May 2021 02:46:57 GMT
content-encoding: gzip
x-cacheable: Cacheable
x-cdn-pop: rbx1
x-request-id: 767236097
pragma: no-cache
x-cdn-pop-ip: 51.254.41.128/26
location: https://data.mediaintelligence.de/min/144_Smartbroker_CPL_51382/300x250_SB_Banner.jpg
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 301 ba4f619de1bd236c67be15f740811830
mediaintelligence.de/trck/epv/ Frame E55E 0
1 KB 62ms
61ms Image
text/html 46.105.199.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mediaintelligence.de/trck/epv/ba4f619de1bd236c67be15f740811830?t=htlp&subid=oneidbMVSQfZfP5pkTYH5tGHKtqQMTetJT52Poneid__adfPros&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=114736&b=bMVSQfZfP5pkTYH5tGHKtqQMTetJT52P&f=3P4tpf4fmXg4c7HqtXHXCkBwuMtWTAje&c=300&d=250&e=&g=425545bf7a8e67ade5cb81e3ac30e1f1%2F14510462578530007900&i=29459&j=39&k=0&l=0&m=0&n=&p=&q=&o=adfPros&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D46051965%3Bcrtbwp%3DFD095DA38919D0EF%3Bcrtbdata%3DeexlOhwnJXjVCp_2uBgXfqtfrjbtmQ58MOxZQ_gY2wzhTGGCCIJj2PW_10kGnGr9SX4_7xlXf9jOlFFh5hRjeBTRe2rbcZFd8l8zDMPXciTovC4kXZO6f4PuH_C3NjJtikSyMY6XAlzxfyL_dKvc-nGp_9uALbw4En9elTQS8X-SJnX428MvaIdxpqqzJrFDp6gT8PYJ2CMexR5bUXfDEQ1OiY7EkU-hSAWVgExTW7Y1%3Badfibeg%3D0%3Bcdata%3Dzi6nw54RqoVNkoim8y32RgwRZGuFuL6pEx14g_hcwfpYBRXMc3-0AkKr1ztCzqheMrfXzzOMYt4tEB0NuJcKv7FMG_vafx5947mRGi7fX-2UcVaqQ_HzhsmtYN-uo950ZSAqiu-gwQTu--L5nqeNZ4bpOaa11T_TzgNVONeC3BPZKrp3hnDIH84jHBodwGdCZr-bjp8GuG-vPCrSsv5_L3LLb10zwiQqVmT03catJI-KMvty0L-hgdPIoSoiCNp5U9pRs-Y54C3kPlaDTc2TXeFBboVeNKvP0%3B%3BCREFURL%3Dhttps%253a%252f%252fww3.read7deadlysins.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.199.182 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:57 GMT
content-encoding: gzip
x-cacheable: Cacheable
x-cdn-pop: rbx1
x-request-id: 767236098
pragma: no-cache
x-cdn-pop-ip: 51.254.41.128/26
location
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H2 200 /
adx.adform.net/adx/unload/ Frame EB94 35 B
486 B 21ms
20ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/unload/?1621910818842

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:58 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 83 KB
27 KB 68ms
23ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 982d34951038f20a2cfd09cb3fb85a55ccecd7016b73a10f5bac83cdc5d55fee

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:59 GMT
content-encoding: gzip
last-modified: Thu, 20 May 2021 06:12:34 GMT
server: nginx
etag: W/"60a5fdd2-14a5d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 26 May 2021 02:46:59 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0AA1 0
326 B 26ms
24ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ww3.read7deadlysins.com&gdpr=1&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=ww3.read7deadlysins.com&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2124
set-cookie: uid=c04b014d-566b-4216-a523-248050e6dde7; expires=Wed, 25 May 2022 02:46:58 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Tue, 25 May 2021 02:46:58 GMT
content-length: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 83 KB
27 KB 65ms
23ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 982d34951038f20a2cfd09cb3fb85a55ccecd7016b73a10f5bac83cdc5d55fee

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:59 GMT
content-encoding: gzip
last-modified: Thu, 20 May 2021 06:12:34 GMT
server: nginx
etag: W/"60a5fdd2-14a5d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 26 May 2021 02:46:59 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame CA8A 35 B
466 B 21ms
21ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@46051965,6997482077317407980,100|1200|0|0|0|0|0|0|0||47|1|31|cfe71342e3c17b000bfb44b6f740d92112d9067c_1|||1|0|0|SUzBXLpLfnW48M5tcwHHbYx08YdLfAZPjIqc1sBy0I4uyJLKMeR3NskllzAqADQrA7z_uuw_WOM1|||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:59 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 5DA6 35 B
466 B 20ms
20ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@45218947,3436677471174902835,0|0|0|0|0|0|0|0|0||0|1|2464|6415693d736a4c38a53a65ffb2158a84-1-2464_3611e70c58604a3d8dd0528e29280484|||1|0|0|tfdFEdv7U5KoMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I5cr_HE3E6zMpMiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|sBo34bq4Frt42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknR3tvd_s1cQIdTa3vpKM0nabd7LGXjWR8wb2Nz0N7bHVhMqMAPrwA-pCjnC3xSNf1r8PUCDt9fIkQmn9qHx8dhL62aNtg0L7iFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyffLoxdqMC7wA7z_uuw_WOM1||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:59 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7E28 35 B
466 B 20ms
20ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@42173458,3132587077540134277,100|4700|0|0|0|0|0|0|0||184|1|2464|4967cd04c6fb43729fb23a47aa964161-1-2464_20035fb0a5d8488aa73d8bb54cc134f5|||1|0|0|Hh-6VTMaeTyoMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I4ErQHerjrL65MiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|m5D2R0CaQPB42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz10a3Jwkl4uAuOMOqtrwYj_99yHnrX3-Yq41wUtXy3s232WndsyQtExvdq5tkQ8Tp-aJ5PzzvWo-FOZ5nJE5k3ngOHYsb569ZdmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyUT9ubrsFdb5A7z_uuw_WOM1||01|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:59 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 047A 35 B
466 B 21ms
20ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@41071221,4596910359772951704,0|0|0|0|0|0|0|0|0||0|1|2464|ecae66a8e5434f94a8a7bbe510d822a8-1-2464_5338d01e59094b27a3db2f49aa3cb3ac|||1|0|0|ELNm5fmr0bqoMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I5p8UgZWRbMY5MiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|Rac_1Yf_kd542u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTvMejHOdxhNU9zZjyqtz6ozH4m33C6wV6W3ouUMgVeqI2YrOd1yOCopOxDvrEfFBGicnpwgINImTU1vRRh-jKvNNUggE0_YkFmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyeoitXcusxSgA7z_uuw_WOM1||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:59 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 61A3 35 B
466 B 20ms
20ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@42668740,308965595917652735,0|0|0|0|0|0|0|0|0||0|1|2464|30cad28330724fa39053d94e775ae21b-1-2464_b236c21e0fb4473c8bbbac8f677bfc6f|||1|0|0|vUTpv6FqX1yoMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I5Y9dQJKOsa3JMiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|UboeEUUWZ8B42u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknTxQfLXoDWXfv1euo7mBLg5_Ih_9onTnKlhd-mQT0X9GaZrvfOM9I3E6VuXf9kFnS5GicGAJ9fmRsqtXApkEPB6GTZOZuzmhWxmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfDBcvVKbR2MA7z_uuw_WOM1||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:59 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 17F0 35 B
457 B 21ms
21ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@37319546,4479615452492100653,0|0|0|0|0|0|0|0|0||0|1|2464|089f4219b8a143018fd02afb630cf5cf-1-2464_c4cfdb161d324528a0d03e0af5cb2640|||1|0|0|7r-b-rq9Fe6oMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I6jA867a2tQDJMiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|JrIsYnOFaJ942u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz1RcEAhpSr81T2cuj3ZpoifWlv-U0VLenhZbYlBTiNT-6uFwuax6ujvkrnQrIWsbmM6uc85TbACpfeBxJFhnv5kq_5cc2wgkBJmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyfrHhprnKquDA7z_uuw_WOM1||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:59 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame BC8A 35 B
466 B 21ms
21ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@44025169,8766020274371288443,0|0|0|0|0|0|0|0|0||0|1|2464|d75de369ac454898bad3eae41c16e53c-1-2464_9a4858edff9c4f438f1db32d46c497f4|||1|0|0|BqAhgKjK8OyoMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I7fsGr0XB4EaJMiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|dlI7jPdZmP142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2YmTAckCaknToqs-kab8x1Z49sKFH88Iso7DuOl7L7qEIzdL0z2b7g_goOzn5CwcdjdjhozzwJrogzS93cDUI6taI3fDp8O7ChsTnwbpdKodmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyTwuoksXVO3DA7z_uuw_WOM1||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:59 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame DE47 35 B
466 B 21ms
20ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@42105127,6257017838799501522,0|0|0|0|0|0|0|0|0||0|1|2464|6eac772e6b1b4561b0e41612acd15df2-1-2464_30763121ebf04af7bd318376fb4b9120|||1|0|0|Bd76lDl6rKioMC9hkrxj6Yx08YdLfAZPjIqc1sBy0I6-Gt7wO6Fdk5MiW4pRmhaMjIqc1sBy0I5o4kOyoBiwbg2|VJrxeDkysT142u1ywTJ-2uhRnNqnSBShhhDPFR4uCDKJ0pEkGy5YU5DzZ4xMx-m2huuso-CINz3lkrzn4reXiEPvK1F9wo1E67ubxWiqsr44Lv8IRZDsMjoXddBNQ99zc7Ob1Yb6O6HklbpbhGQAk-4PWCxBWUyh1h_bivVkdqNmkjsLTrdEDjr0QP3LlZu4hd-pxQOfVRJqCvFFn-BWyT2OuTp6Hi7nA7z_uuw_WOM1||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:46:59 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame CA8A 35 B
466 B 22ms
22ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6833267819561969969@@46051965,6997482077317407980,100|2000|0|0|0|0|0|0|0||78|1|31|cfe71342e3c17b000bfb44b6f740d92112d9067c_1|||1|0|0|SUzBXLpLfnW48M5tcwHHbYx08YdLfAZPjIqc1sBy0I4uyJLKMeR3NskllzAqADQrA7z_uuw_WOM1|||01|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://runwaff.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://runwaff.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 quantumdex Show response
sync.quantumdex.io/usersync/ Frame A10D 4 KB
1 KB 152ms
143ms Document
text/html 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 328d795287f5346532425e23a806fddd55b3577298ce378d72caa0527b50c321

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/quantumdex
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uid=8e448190-e44a-4260-8910-b5a329572100
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
content-type: text/html
set-cookie: uid=8e448190-e44a-4260-8910-b5a329572100; expires=Mon, 14 Jun 2021 02:47:00 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
cf-request-id: 0a43042e7e00000eb382b57000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TyVwJJfyfNa2vMEjh9uyvHp826WP6PlAWmk7r3lO0bML0thM9T8CpbGanYe%2FnDzSQz6hkBakB%2FpRR2fn1R2edHkKq2akHNAaKQu%2FvykS4QFnpp1qR9hMSJ0EoBgHmDnwoYvgsm2uxg2gUJU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 654b6fc3fd440eb3-FRA
content-encoding: br

GET
H2 200 / Show response
spl.zeotap.com/ Frame ADEC 8 KB
2 KB 41ms
40ms Document
text/html 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24f3a2bc8ff9e147350f2872e763f27547d623c5fd82100eed032aeeb2411354

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ww3.read7deadlysins.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ww3.read7deadlysins.com/

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://ww3.read7deadlysins.com
set-cookie: zc=f3ba2e77-97da-45f5-7357-a273a81b0e6f; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure zsc=t%CE%8FW%A4I%29%BBZ%09E%B1%AE%F5t%F3G%00%5DE%A8DxV+%03Ea%3B%D0%0B%2Ci4%1F%5D%C00%B1GPjm9%B2%EC%1Eu%B6%FE%122++%D6Y%B8%C0E4%5B%21z%15%AB%13%FA%84I%D3b%E6p%12%26%AC%C1P%11%10%D20%98%D9M%F4x%3F%CFGO%EF%97%A5%C45%21%8Day9%B1%3A%08%1Bz%BF%1A%06%F5tG%19R%3F%7D%9F%FB%01a%3D%C8%DC%5C%7F%AD%8C~3%5E7%11%15%04%1D%9E%D7%84%BA%E9%3C%FF%F1%0F%9Cxz%2B%AE%EEp%85%84%C2z%13Z%C6%B2%0Bd%FF%EA%D4I%C1%9B%E0; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0a43042e8500004d89b026f000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 654b6fc409ff4d89-FRA
content-encoding: br

GET
H2

200

um
sync.e-planning.net/
Redirect Chain

https://sync.1rx.io/usersync2/eplanning
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=437159879
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=437159879
https://sync.1rx.io/usersync/tradedesk/8cccad4d-f8ca-40c3-becb-9f6f4529677f
https://sync.targeting.unrulymedia.com/csync/RX-a80475b1-c3f5-4708-bdf9-74fca0e72ea2-003?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-a80475b1-c3f5-4708-bdf9-74fca0e72ea2-003%26dc%3D1079...
https://sync.e-planning.net/um?uid=RX-a80475b1-c3f5-4708-bdf9-74fca0e72ea2-003&dc=1079cc634ca638f8&iss=1

42 B
103 B

16ms
14ms

Image
image/gif

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?uid=RX-a80475b1-c3f5-4708-bdf9-74fca0e72ea2-003&dc=1079cc634ca638f8&iss=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
server: openresty
content-type: image/gif

Redirect headers

location: https://sync.e-planning.net/um?uid=RX-a80475b1-c3f5-4708-bdf9-74fca0e72ea2-003&dc=1079cc634ca638f8&iss=1
date: Tue, 25 May 2021 02:47:00 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXa80475b1c3f54708bdf974fca0e72ea2003
content-type: text/html

GET
H2

200

um
u-ams02.e-planning.net/
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3c01f1a5a54da346%26fi%3D7ee17fe7d3e03b5c%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3c01f1a5a54da346%26fi%3D7ee17fe7d3e03b5c%26uid%3D%24UID&sovrn_retry=true
https://u-ams02.e-planning.net/um?dc=3c01f1a5a54da346&fi=7ee17fe7d3e03b5c&uid=edf1204a70d52facc537c065

42 B
104 B

75ms
21ms

Image
image/gif

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=3c01f1a5a54da346&fi=7ee17fe7d3e03b5c&uid=edf1204a70d52facc537c065
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
server: openresty
content-type: image/gif

Redirect headers

Date: Tue, 25 May 2021 02:47:00 GMT
Server: nginx
Location: https://u-ams02.e-planning.net/um?dc=3c01f1a5a54da346&fi=7ee17fe7d3e03b5c&uid=edf1204a70d52facc537c065
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame ADEC 0
0 13ms
13ms Image
text/html 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-60...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6...
https://mwzeom.zeotap.com/mw?google_gid=CAESEJiO0rIiyQm6ccmsPnn3XFA&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21ba...

95 B
177 B

33ms
33ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEJiO0rIiyQm6ccmsPnn3XFA&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc47a824d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042ecc00004d89c1ab2000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEJiO0rIiyQm6ccmsPnn3XFA&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=69f0256b-050d-452b-9f6b-bab7bc0fb8e0&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02...

95 B
178 B

25ms
24ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=69f0256b-050d-452b-9f6b-bab7bc0fb8e0&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc47a8e4d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042ecc00004d89e5822000000001

Redirect headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://mwzeom.zeotap.com/mw?cid=69f0256b-050d-452b-9f6b-bab7bc0fb8e0&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
alt-svc: clear
content-length: 0

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame ADEC 0
330 B 26ms
20ms Image
text/plain 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4...
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4...
https://mwzeom.zeotap.com/mw?cid=0715225b-f102-4bd2-bd07-b6d7c612b821&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02...

95 B
178 B

27ms
26ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=0715225b-f102-4bd2-bd07-b6d7c612b821&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc4bad14d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042eef00004d89c819e000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=0715225b-f102-4bd2-bd07-b6d7c612b821&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame ADEC 0
162 B 35ms
15ms Image
text/plain 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 varnish
server: nginx
x-timer: S1621910821.540727,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11567-HHN

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame ADEC 0
361 B 276ms
89ms Image
text/html 2607:ae80:5::48
FREEWHEEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2607:ae80:5::48 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Cache-Control: no-store
Expires: 0
Content-Type: text/html
Content-Length: 0
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame ADEC 0
166 B 54ms
18ms Image
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=136...
https://mwzeom.zeotap.com/mw?cid=994a22a0-e7f1-4d6f-b3bc-ce6355ee4578&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
196 B

23ms
22ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=994a22a0-e7f1-4d6f-b3bc-ce6355ee4578&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc55b844d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042f5b00004d89f031e000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=994a22a0-e7f1-4d6f-b3bc-ce6355ee4578&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=f3ba2e77-97da-45f5-7357-a273a81b0e6f&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=f3ba2e77-97da-45f5-7357-a273a81b0e6f&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=25885009265536702870648397769354532895&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-...

95 B
178 B

20ms
20ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=25885009265536702870648397769354532895&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc4bad64d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042ef200004d89b9847000000001

Redirect headers

DCS: dcs-prod-irl1-2-v007-022b91722.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: S4dbJKXiQl4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=25885009265536702870648397769354532895&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 /
loadeu.exelator.com/load/ Frame ADEC 0
324 B 15ms
6ms Image
text/plain 18.198.126.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=f3ba2e77-97da-45f5-7357-a273a81b0e6f&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021052504-93320-0.647778001621910820-9f83b0667b24748c938bb8a921ca5b79&zdid=533&env=mWeb

95 B
281 B

27ms
26ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021052504-93320-0.647778001621910820-9f83b0667b24748c938bb8a921ca5b79&zdid=533&env=mWeb
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc54b674d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042f4b00004d89b0278000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021052504-93320-0.647778001621910820-9f83b0667b24748c938bb8a921ca5b79&zdid=533&env=mWeb
Date: Tue, 25 May 2021 02:47:00 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=6966053928932604049&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-...

95 B
228 B

28ms
27ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=6966053928932604049&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc4bad24d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042ef000004d891197f000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=6966053928932604049&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Date: Tue, 25 May 2021 02:47:00 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 receive
pixel.tapad.com/idsync/ex/ Frame ADEC 95 B
425 B 19ms
18ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=f3ba2e77-97da-45f5-7357-a273a81b0e6f

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.36.v20210114) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f3ba2e77-97da-45f5-7357-a273a81b0e6f&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f3ba2e77-97da-45f5-7357-a273a81b0e6f&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=w1xv0HPsv8AiJ/2pHFC4ze&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f...

95 B
178 B

35ms
33ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=w1xv0HPsv8AiJ/2pHFC4ze&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc52b3c4d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042f3c00004d891f30a000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
last-modified: Tue, 25 May 2021 02:47:00 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=w1xv0HPsv8AiJ/2pHFC4ze&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame ADEC 36 B
378 B 72ms
22ms Image
image/gif 89.163.159.108
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=f3ba2e77-97da-45f5-7357-a273a81b0e6f&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 89.163.159.108 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: nginx
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 36
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=f3ba2e77-97da-45f5-7357-a273a81b0e6f?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=f3ba2e77-97da-45f5-7357-a273a81b0e6f?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
https://mwzeom.zeotap.com/mw?pid=facca241c63ca8199331b99307eb2022&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d0...

95 B
178 B

33ms
33ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?pid=facca241c63ca8199331b99307eb2022&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc53b414d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042f3f00004d8929ae5000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://mwzeom.zeotap.com/mw?pid=facca241c63ca8199331b99307eb2022&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
cache-control: no-cache
x-server: 10.45.4.122
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-QMjvUwtE2or1Y9OOVIkdjFHjex5XoOgAOA--~A&zpartnerid=570&env=mWeb

95 B
179 B

23ms
22ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-QMjvUwtE2or1Y9OOVIkdjFHjex5XoOgAOA--~A&zpartnerid=570&env=mWeb
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc56b9b4d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042f6400004d891f30d000000001

Redirect headers

date: Tue, 25 May 2021 02:47:00 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-QMjvUwtE2or1Y9OOVIkdjFHjex5XoOgAOA--~A&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=rJhCN5a4qAlB8J4AqLHFGcb0V8K%2FMlHW%2BS41iYitP1U%3D

95 B
178 B

26ms
25ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=rJhCN5a4qAlB8J4AqLHFGcb0V8K%2FMlHW%2BS41iYitP1U%3D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc4fb064d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042f1d00004d890a1f8000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=rJhCN5a4qAlB8J4AqLHFGcb0V8K%2FMlHW%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame ADEC 43 B
324 B 55ms
17ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=f3ba2e77-97da-45f5-7357-a273a81b0e6f&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame ADEC 0
337 B 107ms
32ms Image
text/plain 52.30.251.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.251.90 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1621910820
x-served-by: beacon-n017-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame ADEC 95 B
360 B 53ms
17ms Image
image/png 168.119.149.178
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=f3ba2e77-97da-45f5-7357-a273a81b0e6f&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.149.178 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.178.149.119.168.clients.your-server.de
Software: nginx/1.10.3 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YKxlJAABO7EdGAAC&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-262...

95 B
189 B

30ms
29ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YKxlJAABO7EdGAAC&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&_test=YKxlJAABO7EdGAAC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc5fc2a4d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042fb700004d89ed356000000001

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1621910821.770727,VS0,VE0
x-served-by: cache-hhn4058-HHN
x-cache: HIT
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YKxlJAABO7EdGAAC&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&_test=YKxlJAABO7EdGAAC
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=18e560ac-6524-4700-b1cb-263fe7e44071&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baa...

95 B
179 B

23ms
23ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=18e560ac-6524-4700-b1cb-263fe7e44071&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc55b754d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a43042f5200004d8907921000000001

Redirect headers

Date: Tue, 25 May 2021 02:47:00 GMT
Server: MT3 3736 915c305 master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=18e560ac-6524-4700-b1cb-263fe7e44071&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Tue, 25 May 2021 02:46:56 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame ADEC
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d724...

0
336 B

30ms
30ms

Image
text/plain

52.30.251.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.251.90 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:01 GMT
cache-control: private, no-cache, no-store
x-request-time: D=29 t=1621910821
x-served-by: beacon-n019-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
date: Tue, 25 May 2021 02:47:00 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a003-ash-prod.krxd.net

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame ADEC
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f3ba2e77-97da-45f5-7357-a273a81b0e6f&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-735...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f3ba2e77-97da-45f5-7357-a273a81b0e6f&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-735...

43 B
433 B

32ms
31ms

Image
image/gif

52.95.124.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f3ba2e77-97da-45f5-7357-a273a81b0e6f&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f3ba2e77-97da-45f5-7357-a273a81b0e6f&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame ADEC
Redirect Chain

https://tags.bluekai.com/site/87734?id=f3ba2e77-97da-45f5-7357-a273a81b0e6f&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
178 B

21ms
21ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 654b6fc67cab4d89-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a4304300800004d8907928000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Tue, 25 May 2021 02:47:00 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 7d7f
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 zeo
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/ Frame ADEC 0
38 B 101ms
31ms Image
text/plain 34.249.223.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df3ba2e77-97da-45f5-7357-a273a81b0e6f%26reqId%3D4a21baac-d03c-4f02-6011-2627d72422c1%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.223.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
content-length: 0

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame ADEC 557 B
461 B 40ms
38ms Script
text/plain 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03c7f1df8333627781093224d1deaf2e8aa544cc2decbcdb5e21e763b9a9e8f3

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 654b6fc57ba74d89-FRA
date: Tue, 25 May 2021 02:47:00 GMT
via: 1.1 google
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *
cf-request-id: 0a43042f6c00004d89cc07b000000001

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://ups.analytics.yahoo.com/ups/58424/occ?verify=true
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-bsV.hEBE2uFoPpKKg3V5IfGVwgDZO0A5xt0Ab.0-~A

43 B
347 B

144ms
144ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-bsV.hEBE2uFoPpKKg3V5IfGVwgDZO0A5xt0Ab.0-~A
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Ly1AABuVNZ4kBAU%2BNpPEfmAGkGFutW9kekjF0sYUjhK7YeLJWdXN3w1SGcFsfpC4c%2FhGZUPy9RWNVUC%2FDSwoTjzzFZ0lgArulV2qrr2uAI5Ed2%2BsX72unXY%2BRqYWrdS0LgN%2FKgKA728bI4I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc54e800eb3-FRA
content-length: 43
cf-request-id: 0a43042f5000000eb369925000000001

Redirect headers

Date: Tue, 25 May 2021 02:47:00 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-bsV.hEBE2uFoPpKKg3V5IfGVwgDZO0A5xt0Ab.0-~A
Connection: keep-alive
Content-Length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://pixel.advertising.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP7abd4dc7-bd03-11eb-a78d-021cb66ba9e4
https://sync.quantumdex.io/setuid?bidder=verizon-video&uid=UP7abd4dc7-bd03-11eb-a78d-021cb66ba9e4

43 B
347 B

125ms
125ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-video&uid=UP7abd4dc7-bd03-11eb-a78d-021cb66ba9e4
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gnhybysXgs83%2FrK97oe443X7cKFPFG3ifqyCTPcL7vtGZ4ciXfJRLlS1bw3YuezjjjzXrdqhHl0qYZ2WGvMTH7wNfbYiIs%2FjehC2N%2Fq5pCs%2B4%2BAqVeizaXayA%2F129WjUILy%2FB2tyqmDr6G4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc56e9d0eb3-FRA
content-length: 43
cf-request-id: 0a43042f6400000eb3a6ba6000000001

Redirect headers

Date: Tue, 25 May 2021 02:47:00 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://sync.quantumdex.io/setuid?bidder=verizon-video&uid=UP7abd4dc7-bd03-11eb-a78d-021cb66ba9e4
Connection: keep-alive
Content-Length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
https://sync.quantumdex.io/setuid?bidder=between&uid=686ae0d2-76de-5291-800d-ac33e0a1c917

43 B
483 B

123ms
122ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=between&uid=686ae0d2-76de-5291-800d-ac33e0a1c917
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TdV8ygP%2BFa2jPj8x6j4XEosAXxT5B%2BahVmAQvKqSuOrUsdfGFhZmtLMFjYFIbLi%2FuXF7VeXlwaQFmP6sj6n7Po9l4ty7%2F4FVSe7z3HbeIhjV2kDhYXQ9xKAl%2BPZiZv2Z6HyzZ0utyznXWes%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc57eb40eb3-FRA
content-length: 43
cf-request-id: 0a43042f7000000eb35798f000000001

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=between&uid=686ae0d2-76de-5291-800d-ac33e0a1c917
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://prebid.a-mo.net/cchain/0?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Damx-rtb%26uid%3D
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1...
https://prebid.a-mo.net/cchain/0?A=e842c4be-8e4c-48df-89fe-ff654616f38f&bidder=appnexus&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=47704007168200876
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlc...
https://prebid.a-mo.net/cchain/1?A=e842c4be-8e4c-48df-89fe-ff654616f38f&bidder=sovrn&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0=&uid=edf1204a70d52facc537c065
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW...
https://prebid.a-mo.net/cchain/2?A=e842c4be-8e4c-48df-89fe-ff654616f38f&bidder=index_rtb&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=YKxlJKt8N801-S2oyddwCgAA%...
https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F3%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dpubmatic%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZ...
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F3%3FA%3De842c4be-8e4c-48df-89fe-ff654616f38f%26bidder%3Dpubmatic%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW5...
https://prebid.a-mo.net/cchain/3?A=e842c4be-8e4c-48df-89fe-ff654616f38f&bidder=pubmatic&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=
https://sync.quantumdex.io/setuid?bidder=amx-rtb&uid=e842c4be-8e4c-48df-89fe-ff654616f38f

43 B
341 B

130ms
129ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=amx-rtb&uid=e842c4be-8e4c-48df-89fe-ff654616f38f
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:01 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OMseF6hVbqwD5ajHjnm19MWWMo5005tXigYbtvIScBHy%2Fe51yQ0Ey42hKuN3GBfdMWUluOtTGx%2Bho9b6ClJhvfUTxB2jSHJ1U51I9FctlJc3gc%2BeINEQXBRjStHB4sc3A%2By1yi52YwgnQcg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc8b9610eb3-FRA
content-length: 43
cf-request-id: 0a4304317800000eb341b94000000001

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=amx-rtb&uid=e842c4be-8e4c-48df-89fe-ff654616f38f
date: Tue, 25 May 2021 02:47:00 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=416&&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dadvangelists%26uid%3D%7BPARTNER_VISITOR_ID%7D
https://sync.quantumdex.io/setuid?bidder=advangelists&uid=av-1e10aa6b-50a2-481f-ae36-f75921277c6d

43 B
363 B

152ms
151ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=advangelists&uid=av-1e10aa6b-50a2-481f-ae36-f75921277c6d
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:01 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pfYxjTsnOPtiGRp7oL83KozNnLQ9qyBVJZaCc96o%2BkMxSzRBtfqqMHOPqopyiDuuCXfeJK9NBAqlGYO2EoeWHRySoEyA0of1I7bkD8WeytViPfPBL6%2BkZqhf6C2Rw0mJ11Gj8En8AAkVzLo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc6efe10eb3-FRA
content-length: 43
cf-request-id: 0a4304305000000eb33e091000000001

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=advangelists&uid=av-1e10aa6b-50a2-481f-ae36-f75921277c6d
date: Tue, 25 May 2021 02:47:00 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://ms.quantumdex.io/user/sync/quantumdex
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=8039a214-457c-4404-a1bd-28c724364cb2

43 B
365 B

124ms
124ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=8039a214-457c-4404-a1bd-28c724364cb2
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2FCIxZDxdOtURaEkGvHRODdd%2Bf%2F9R36G%2FFxs2%2BLN5DjG0gEdJxxC3FyNKEhnzXydTZF%2Bedc5JUuHHx8qkWVuKd4OiTEeE%2Bo%2FaqlGGG1q6voLHMURs8NzTL%2BJSISV%2BOBb16YYopxLri0kedjE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc66f6e0eb3-FRA
content-length: 43
cf-request-id: 0a4304300100000eb36992b000000001

Redirect headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WvG7uE4nQPSvTZ28jajQT3ZQ%2BfNaPzBKF5%2FCkbp8qmud3wYOhjdisrBn418hVJZx9044rFCiZvNhB15lkycdzDTWrEAOleSeNSZdpDqL95defzze8kyXFxhYRiDOwVHDEkoUBvHm43qA"}],"group":"cf-nel","max_age":604800}
location: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=8039a214-457c-4404-a1bd-28c724364cb2
cf-ray: 654b6fc50e440eb3-FRA
content-length: 0
cf-request-id: 0a43042f2100000eb38f2ca000000001

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=47704007168200876

43 B
351 B

142ms
141ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=47704007168200876
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Q%2Ft%2FB5VCL3Uu6gAfYAOQNOwPJb7aYAw3Ijo4ZU9B6ggE7e1N49OtBYMCLGIYoy%2Fb%2BioSo5gfA4hAVPIPPKsLmqR4cAkBHIC%2BIjZzF2DV7UUtGQpSdG4hmxBDKIN59%2B0wPL7nmsy%2FN%2Ffdv%2Fs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc54e760eb3-FRA
content-length: 43
cf-request-id: 0a43042f4b00000eb3953ef000000001

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.46:80
AN-X-Request-Uuid: 537b202d-d776-4367-b0cb-496c98e7642f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=47704007168200876
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=edf1204a70d52facc537c065

43 B
357 B

128ms
127ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=edf1204a70d52facc537c065
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sdPoL9%2BucA63BSl3rsfGGwrM%2FefrfA3mbZSNDFMwn%2FOO57unqr9c1NkuUMDgtcT3k%2FMNNhuM21OTu%2FRjJP%2BpjjRTAH2vtM0oXybXUToNIW0vG9MotISo79aNS6KZoKO1JkJa9RDEumTKWxU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc52e620eb3-FRA
content-length: 43
cf-request-id: 0a43042f3d00000eb33791e000000001

Redirect headers

Date: Tue, 25 May 2021 02:47:00 GMT
Server: nginx
Location: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=edf1204a70d52facc537c065
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame A10D 0
478 B 72ms
15ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Danswermedia%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=47704007168200876

43 B
345 B

138ms
137ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=answermedia&uid=47704007168200876
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LrqtVQJUPu3iWpUHSlD3LxGYxXr97X%2F6%2BEj7fy8AVUQxdQnqVRRcUofd%2BwU1eus1Ust3jiUdWjeeuwkzEZ6tpy%2BU0Fe7KKGY0UMk%2F1ajzp3plT2k8BfvGWR755X1SAjX6y1ye2VCzpqizho%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc54e780eb3-FRA
content-length: 43
cf-request-id: 0a43042f4b00000eb34a93c000000001

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.231:80
AN-X-Request-Uuid: 88df1a3b-3c4a-4d84-9dad-63857c1846ae
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=answermedia&uid=47704007168200876
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame A10D
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danx152media%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Danx152media%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=anx152media&uid=47704007168200876

43 B
348 B

142ms
141ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=anx152media&uid=47704007168200876
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XFZfn6d8jvBSuQZw9LrWHQrpV6fXR9vcTFXb1FO1W07p%2BoWxbdISi5JYSC0axnbQIjNWbeek%2B8P3YbgMUVKOVyAFIX%2FDukDoxSqmXfyYlga49mDwPzqTFcG2RR4MKN%2F28rCY%2BX%2By9vi1xXc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc54e770eb3-FRA
content-length: 43
cf-request-id: 0a43042f4b00000eb382b5d000000001

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
X-Proxy-Origin: 185.220.70.236; 185.220.70.236; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.60:80
AN-X-Request-Uuid: f03539b8-34ec-47ac-87db-bcc1ec2fd115
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=anx152media&uid=47704007168200876
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 9B52 0
0 344ms
109ms Document
text/plain 208.100.17.178
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0010b00002GYEhcAAH&us_privacy={us_privacy}&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.178 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software: 33XP001 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0010b00002GYEhcAAH&us_privacy={us_privacy}&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

x-33x-status: 2000208
server: 33XP001
date: Tue, 25 May 2021 02:47:00 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 8D4B 2 KB
818 B 22ms
19ms Document
text/html 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 4BA1 8 KB
3 KB 59ms
13ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

last-modified: Wed, 21 Oct 2020 18:57:29 GMT
etag: "1300708-1f78-5b232eb4914bb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2654
content-type: text/html; charset=UTF-8
cache-control: max-age=36699
expires: Tue, 25 May 2021 12:58:39 GMT
date: Tue, 25 May 2021 02:47:00 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame E2A3
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1

2 KB
3 KB

16ms
15ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 4d19ff0a638baf21b3637d9fae7f04c7f6602d0c1fed79fbf01c246e46609cb2

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YKxlJKt8N801-S2oyddwCgAA; CMPS=3223
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 241|230|39|45|81|47|111|206
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1824
Expires: Tue, 25 May 2021 02:47:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Connection: keep-alive
Set-Cookie: CMID=YKxlJKt8N801-S2oyddwCgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 25 May 2022 02:47:00 GMT CMPS=3223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 23 Aug 2021 02:47:00 GMT CMPRO=1103;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 23 Aug 2021 02:47:00 GMT CMRUM3=ce60ac652405a0&e660ac65242760&6f60ac652405a0&2760ac65240b40&f160ac652405a0&5160ac652405a0&2d60ac652405a0&2f60ac652405a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 25 May 2022 02:47:00 GMT CMST=YKxlJGCsZSQA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 26 May 2021 02:47:00 GMT

Redirect headers

Server: Apache
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Tue, 25 May 2021 02:47:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Connection: keep-alive
Set-Cookie: CMID=YKxlJKt8N801-S2oyddwCgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 25 May 2022 02:47:00 GMT CMPS=3223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 23 Aug 2021 02:47:00 GMT

GET
H/1.1 200
OK Cookie set uc.html Show response
sync.go.sonobi.com/ Frame 2C0F 43 B
551 B 66ms
14ms Document
text/html 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

Date: Tue, 25 May 2021 02:47:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
X-Xss-Protection: 0
Content-Encoding: gzip
Server: sonobi-go
Set-Cookie: HAPLB5S=s579|YKxlJ; path=/; domain=.go.sonobi.com

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame ED7F 38 KB
14 KB 14ms
14ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=64909
expires: Tue, 25 May 2021 20:48:49 GMT
date: Tue, 25 May 2021 02:47:00 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame E2A3
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKxlJKt8N801_S2oyddwCgAABE8AAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKxlJKt8N801_S2oyddwCgAABE8AAAAB&dcc=t

43 B
433 B

100ms
100ms

Image
image/gif

72.21.206.140
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKxlJKt8N801_S2oyddwCgAABE8AAAAB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.21.206.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:01 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKxlJKt8N801_S2oyddwCgAABE8AAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame E2A3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YKxlJKt8N801_S2oyddwCgAABE8AAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEM6KejS1dAxBW2ztfZPLxAM&google_cver=1

43 B
315 B

13ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEM6KejS1dAxBW2ztfZPLxAM&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 25 May 2021 02:47:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEM6KejS1dAxBW2ztfZPLxAM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame E2A3 70 B
264 B 37ms
34ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=70&cm_user_id=YKxlJKt8N801-S2oyddwCgAA&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame E2A3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YKxlJKt8N801-S2oyddwCgAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPzDAoRLdOHc_9HfZS2Mkik&google_cver=1&gdpr=1

43 B
1 KB

12ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPzDAoRLdOHc_9HfZS2Mkik&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 25 May 2021 02:47:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPzDAoRLdOHc_9HfZS2Mkik&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E2A3
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=785YVO_LCwP0n19RuMYUB72cCwX0mAgD7JhfT3LH

43 B
1012 B

29ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=785YVO_LCwP0n19RuMYUB72cCwX0mAgD7JhfT3LH
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 25 May 2021 02:47:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=785YVO_LCwP0n19RuMYUB72cCwX0mAgD7JhfT3LH
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame E2A3
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=Tb75WkEH1LLn5W5&gdpr=1

43 B
987 B

14ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=Tb75WkEH1LLn5W5&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 25 May 2021 02:47:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 25 May 2021 02:47:00 GMT
Server: PingMatch/v2.0.30-649-g03fe1b8#rel-ec2-master i-04527eea692282deb@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=Tb75WkEH1LLn5W5&gdpr=1
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 match
c1.adform.net/serving/cookie/ Frame E2A3 0
331 B 81ms
25ms Image
text/plain 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=29&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 May 2021 02:47:00 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 204
No Content sync
ups.analytics.yahoo.com/ups/55940/ Frame E2A3 0
234 B 11ms
9ms Image
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YKxlJKt8N801_S2oyddwCgAABE8AAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.128 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 May 2021 02:47:00 GMT
Server: ATS/7.1.2.128
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 setuid
sync.quantumdex.io/ Frame E2A3 43 B
364 B 129ms
128ms Image
image/gif 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=ix&uid=YKxlJKt8N801_S2oyddwCgAABE8AAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=n3vDDaGRw4wGDz1O216RR0gcekktiCjie71jZWBee%2BC57FY8JyqeHedV7Ve5kGViP0yrMuZo0atM2qs1T21UYexz2hfxq08XplY%2BHKC2tGe%2FTnN4q4mw%2FnN6psnRJRS2v6nGCkZBxVNYCns%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 654b6fc57eb00eb3-FRA
content-length: 43
cf-request-id: 0a43042f6e00000eb397a6c000000001

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame ED7F 0
39 B 15ms
15ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=95849828&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:46:59 GMT
content-length: 0

GET
H2 204 cmp
spl.zeotap.com/ Frame ADEC 0
0 22ms
21ms Document
text/plain 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f3ba2e77-97da-45f5-7357-a273a81b0e6f&reqId=4a21baac-d03c-4f02-6011-2627d72422c1&zdid=1361&cmp=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: zc=f3ba2e77-97da-45f5-7357-a273a81b0e6f; zsc=t%CE%8FW%A4I%29%BBZ%09E%B1%AE%F5t%F3G%00%5DE%A8DxV+%03Ea%3B%D0%0B%2Ci4%1F%5D%C00%B1GPjm9%B2%EC%1Eu%B6%FE%122++%D6Y%B8%C0E4%5B%21z%15%AB%13%FA%84I%D3b%E6p%12%26%AC%C1P%11%10%D20%98%D9M%F4x%3F%CFGO%EF%97%A5%C45%21%8Day9%B1%3A%08%1Bz%BF%1A%06%F5tG%19R%3F%7D%9F%FB%01a%3D%C8%DC%5C%7F%AD%8C~3%5E7%11%15%04%1D%9E%D7%84%BA%E9%3C%FF%F1%0F%9Cxz%2B%AE%EEp%85%84%C2z%13Z%C6%B2%0Bd%FF%EA%D4I%C1%9B%E0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date: Tue, 25 May 2021 02:47:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0a43042f9a00004d89fe9b6000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 654b6fc5cc004d89-FRA

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
153 B 48ms
16ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=108&profileId=185&av=33&wv=4.38.0&cb=14213812085
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ww3.read7deadlysins.com
date: Tue, 25 May 2021 02:47:17 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
185 B 23ms
23ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ww3.read7deadlysins.com
date: Tue, 25 May 2021 02:47:17 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
490 B 119ms
119ms XHR
text/plain 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 25 May 2021 02:47:17 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://ww3.read7deadlysins.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mkrQuwi8xIWMjDY%2Bzs7uffGldf9ljodXp8jIZaXyGfZNflQs1tHPtnRt9bxzsSBspKGazneJZlyu8iX%2FzpNHYN0Nh9nXFPPjX9ssC0Mwuhg1tsyicGNMnxzvI4Il4UKvT7KVPsWU%2BhAKJ6Uprg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 654b702e4e3e0eb3-FRA
cf-request-id: 0a430470e900000eb371a24000000001

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
259 B 120ms
120ms XHR
text/plain 136.144.59.88
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.59.88 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ww3.read7deadlysins.com
date: Tue, 25 May 2021 02:47:16 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 25
vary: origin

GET
H2

200

ROS Show response
ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/
Redirect Chain

https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x...
https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?ct=1&rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3...

622 B
1 KB

21ms
20ms

XHR
application/json

46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c995/1/ww3.read7deadlysins.com/ROS?ct=1&rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=https%3A%2F%2Fww3.read7deadlysins.com%2F&r=pbjs&pbv=4.38.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fww3.read7deadlysins.com%2F&gdpr=1&gdprcs=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 71dacf49a06f7b28d3fc9207b9617d3c8e35c65c2b298a5ef389ecf2217b3f30

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:17 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://ww3.read7deadlysins.com
expires: Tue, 25 May 2021 02:47:17 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 622
x-sid: AMS-747

Redirect headers

date: Tue, 25 May 2021 02:47:17 GMT
server: openresty
access-control-allow-origin: https://ww3.read7deadlysins.com
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2c995/1/ww3.read7deadlysins.com/ROS?ct=1&rnd=0.7588025728276067&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=https%3A%2F%2Fww3.read7deadlysins.com%2F&r=pbjs&pbv=4.38.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fww3.read7deadlysins.com%2F&gdpr=1&gdprcs=
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-747

POST
H2 204 events
bidder.criteo.com/csm/ 0
153 B 16ms
15ms Ping
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/csm/events
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://ww3.read7deadlysins.com
date: Tue, 25 May 2021 02:47:17 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 vi-logo.svg
assets.vlitag.com/media/icon/ 11 KB
3 KB 15ms
15ms Image
image/svg+xml 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/media/icon/vi-logo.svg

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ww3.read7deadlysins.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:47:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 935111
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a430471640000c277a7b43000000001
x-robots-tag: noindex, nofollow
last-modified: Fri, 01 Nov 2019 05:04:49 GMT
server: cloudflare
etag: W/"5dbbbcf1-2c34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wiPBNHeNQuPH%2FeCYl8fAfYgzu58jWwxZO2hFeNyjAhQMlQ2UM0Ydw9RAqjfE7bnt58WcY34yqXF%2BHvRHuudc%2BV7t40xKlpU2KyoAxoRrQCjrErE%2B7Nv52ObJQcVh4XbrcR%2BHO6coYlgnwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 654b702f0f7ec277-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: id5-sync.com
URL: https://id5-sync.com/c/12/108/4/6.gif?puid=7fd506e9-a0e8-4138-b08b-b54c72f2e560&gdpr=1&gdpr_consent=

Domain: quantcount.com
URL: https://quantcount.com/log/error?msg=%5Bobject%20Object%5D

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ww3.read7deadlysins.com/	1970-01-19 18:31:58	Name: read_7_deadly_sins_manga_session Value: eyJpdiI6Ik0veWVJbnNuaHoxMS81N0VveWVvWGc9PSIsInZhbHVlIjoiTldWVURRQWI5amtmODJtbDRicmFtbnF1THJ6eXFKNitLYmRjT3RUOFY3eVNDellSa1F3bUovTXJXR2ZjNEJSY1EzRXNaYjJqN1A1U3dTUllrL2xiUVRoVHVPSkQybDZERHFWSmlwVER4ZkpRcnppNVJGc25NaHFJYWg4bkVMZlEiLCJtYWMiOiI3NmJmNTdkMmViYzkzMTk4MzQ5YzkzNWU0NmI5ZTM4ODU0YjFlYjhjY2UzZjU5MmRmMWU2ODA0NTZhY2ZkNmQyIn0%3D
			ww3.read7deadlysins.com/	1970-01-19 18:31:58	Name: XSRF-TOKEN Value: eyJpdiI6IldCL2RuUnE5TWZMckdRMVhnRzV4MUE9PSIsInZhbHVlIjoiVG91Ny9iQUQyS0FCV1VqR2Nua0MraVZXUGh3ZFZRa010S2IzWHFtbENNQzVOSlJXSzR4VzdSMDVrUzhxalVOU29RNVJNL3F4anVsZXdwZjc5SHNpVWMwTXAveGhiV2VGcmsrUEZaSDdBUzlTQ3hDaTJJNDZiU0Z6bmV4Njg5bWYiLCJtYWMiOiI0NzlkODI1OThkODQwNWZlOTc5ZGU1MWU5NzQ1OWQ2MDY4ZWI0NDBmMThlY2U3ZjI4YWM2ZmU0YmNhZTMwZGYxIn0%3D

40 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://runwaff.com/t.js?i=u1dvjpo9e55sy80hm5&cb=6641971621910813142(Line 30) Message: %c [object HTMLImageElement]
console-api	warning	URL: https://ads.rubiconproject.com/ad/17210.js(Line 1) Message: Invalid schain: Schain node 1 does not have the minimum number of properties. asi, sid, and hp are required
console-api	warning	URL: https://ads.rubiconproject.com/ad/17210.js(Line 1) Message: Invalid schain: Schain node 1 does not have the minimum number of properties. asi, sid, and hp are required
console-api	log	URL: https://secure.quantserve.com/quant.js(Line 2) Message: ERROR Tue May 25 2021 04:46:53 GMT+0200 (Central European Summer Time) [object Object]
console-api	error	URL: https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js(Line 439) Message: TypeError: Cannot read property 'getItem' of null
console-api	warning	URL: https://assets.vlitag.com/prebid/default/prebid-v4.38.0.js(Line 1) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	log	URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js(Line 1) Message: TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://tag.vlitag.com/v1/1621740372/87216b358402869b1c0e66facfc9ae3c.js(Line 1) Message: TypeError: Cannot read property 'getItem' of null
console-api	log	(Line 1) Message: 0
console-api	debug	URL: https://jsc.adskeeper.co.uk/b/i/bidgear.readnaruto.com.842741.js(Line 1) Message: [object HTMLImageElement]
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267
console-api	log	(Line 1) Message: 267

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad4m.at
ad4mat.net
ads.betweendigital.com
ads.creative-serving.com
ads.projectagoraservices.com
ads.pubmatic.com
ads.rubiconproject.com
ads.themoneytizer.com
ads.us.e-planning.net
ads.yahoo.com
adservice.google.com
adservice.google.de
adtrack.adleadevent.com
adx.adform.net
ajax.cloudflare.com
ajax.googleapis.com
ams1-ib.adnxs.com
ap.lijit.com
api.rlcdn.com
as-sec.casalemedia.com
as.ad4m.at
assets.vlitag.com
bcp.crwdcntrl.net
beacon-ams3.rubiconproject.com
beacon.krxd.net
bidder.criteo.com
bn01.er.bemail.it
c.adskeeper.co.uk
c.bebi.com
c.tmyzer.com
c1.adform.net
cdn.adskeeper.co.uk
cdn.jsdelivr.net
ced-ns.sascdn.com
ced.sascdn.com
cm.adform.net
cm.adskeeper.co.uk
cm.g.doubleclick.net
cm.steepto.com
cms.analytics.yahoo.com
crcdn01.adnxs.com
d2zur9cc2gf1tx.cloudfront.net
data.mediaintelligence.de
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsp.nrich.ai
dsum-sec.casalemedia.com
eaba349be3b6f4320e8ae22a47a1221f.safeframe.googlesyndication.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g.themoneytizer.net
go.bebi.com
gum.criteo.com
hb.adpone.com
i.imgur.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
imp9.bidgear.com
js-sec.indexww.com
jsc.adskeeper.co.uk
loadeu.exelator.com
logs.vlitag.com
match.adsby.bidtheatre.com
match.adsrvr.org
media.vlitag.com
mediaintelligence.de
ms.quantumdex.io
mwzeom.zeotap.com
nep.advangelists.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
p.cpx.to
pixel.advertising.com
pixel.mathtag.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
platform.bidgear.com
pm.w55c.net
pool.admedo.com
pool.grid-data.bidswitch.net
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prebid.a-mo.net
prg.smartadserver.com
projectagora-483829-hdb.adomik.com
projectagora.net
quantcount.com
r1---sn-4g5e6ns7.googlevideo.com
redirector.googlevideo.com
rules.quantcount.com
runwaff.com
s-img.adskeeper.co.uk
s.amazon-adsystem.com
s.cpx.to
s1.adform.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
servicer.adskeeper.co.uk
services.vlitag.com
smarttag.rubiconproject.com
spl.zeotap.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
st.bebi.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.e-planning.net
sync.go.sonobi.com
sync.mathtag.com
sync.quantumdex.io
sync.richaudience.com
sync.smartadserver.com
sync.targeting.unrulymedia.com
sync.tidaltv.com
tag.leadplace.fr
tag.vlitag.com
tags.bluekai.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
trc.taboola.com
trck.bebi.com
u-ams02.e-planning.net
ums.acuityplatform.com
ups.analytics.yahoo.com
useast.quantumdex.io
usermatch.krxd.net
ww1097.smartadserver.com
ww2.read7deadlysins.com
ww3.read7deadlysins.com
www.google-analytics.com
www.googletagservices.com
www5.smartadserver.com
x.bidswitch.net
id5-sync.com
quantcount.com
104.111.230.142
104.19.132.80
104.19.138.80
104.22.72.85
13.225.74.55
136.144.59.88
142.250.186.130
145.239.193.145
145.239.193.51
151.1.205.165
151.101.112.193
151.101.114.49
151.139.241.23
154.59.122.79
159.65.196.12
168.119.149.178
178.162.133.149
178.250.0.165
18.156.0.31
18.158.226.176
18.198.126.47
18.203.106.177
184.24.15.122
185.184.8.30
185.29.133.208
185.33.220.241
185.33.221.11
185.33.221.87
185.64.189.110
185.64.189.115
185.86.137.132
185.86.137.32
185.86.139.95
188.42.196.115
199.187.193.140
199.232.137.44
2.16.186.113
2.18.232.130
2.18.233.180
2.18.233.201
2.18.234.21
208.100.17.178
212.82.100.182
213.19.147.44
213.19.162.31
213.19.162.41
23.45.99.241
2600:9000:218e:ce00:6:44e3:f8c0:93a1
2602:803:c003:200::57
2606:4700:10::ac43:db6
2606:4700:20::681a:bd1
2606:4700:20::681a:fee
2606:4700:20::ac43:4597
2606:4700:20::ac43:47f1
2606:4700:20::ac43:49e4
2606:4700:20::ac43:4a24
2606:4700:3032::ac43:9028
2606:4700:3032::ac43:aa7a
2606:4700:3038::6815:eb93
2606:4700:3038::6815:eb94
2606:4700::6810:a723
2607:ae80:5::48
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1288:80:800::7001
2a00:1450:4001:5c::6
2a00:1450:4001:808::2001
2a00:1450:4001:808::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::200a
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:400c:c07::9c
2a02:2638::1c
2a02:2638::3
2a02:26f0:6c00::210:ba0b
2a02:26f0:6c00::210:ba19
2a04:4e42:3::621
2a05:d018:24:b002:28a5:2c7e:9fea:57ab
3.120.52.200
3.123.96.39
3.124.165.65
3.126.30.34
3.126.63.176
34.120.133.55
34.249.223.226
34.98.67.61
35.170.124.134
35.172.143.213
35.201.81.244
35.210.53.219
35.227.248.159
35.244.174.68
37.157.2.234
37.157.2.239
37.157.6.235
37.157.6.251
46.105.198.150
46.105.199.182
46.249.52.248
5.178.65.246
51.68.39.188
51.89.9.254
52.222.161.210
52.30.251.90
52.95.124.170
54.171.173.220
54.194.137.128
54.195.253.131
54.217.252.120
54.246.143.132
54.38.64.100
69.173.144.138
69.173.144.165
72.21.206.140
72.251.249.9
76.223.111.131
85.114.159.118
89.163.159.108
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
009fb348ce253623b74850f01c29d3a031914aa7b7c893b42d5330352d5f6d58
021d67b4bdc29f3ac8f0b5187e24048857dd7380870f1b91dc4ca8ddeaac5607
024f626f35070371552b25e463542d7f6795af16d211bd7f7eadbbacbb08d55b
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2
03c7f1df8333627781093224d1deaf2e8aa544cc2decbcdb5e21e763b9a9e8f3
03f37dbd082074567ec2f59602fe0aa634f72fcadded136ddd4f04cfb34e2592
06cc0df26c32fe3c458ffe56518d7b3cdddebb8ff9075baa3885ea39e970c6a3
0877f0efe6a70b39312d90f9245d76b4484efbc1aeb9f224dcee315b15571275
0891e066d82ad968922f0032fe99e239101e9cabd5740be8e9861d55e9303a6a
096a4bb9d7f8588a8520d57f103bdf0dae273af88fc0265371124c048bff7b05
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c6a634c293e31ba80145d58b0f31fdb06a74dc097fcbe1bff6164c3da2a0515
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1339716646a811656f6ce48830e22f025c3f4eef41e7ffbcee29a5ce29ca179b
15cf292fcb58339c782193bb837a91f730f40c195861fc40edb3214f8ec5baef
162eaee62eb9c97924a1b8a991f01364cc21b515c75de25810219c5396bd0bb0
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
1aee62390f1a46c39de05e245924b94e2155373257094c9e1e14b6b67e530100
1b1dc86d362bc28c09d795e03eeb0fe019fd32ce2679ba9541772e41b9c23530
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74
1bda294a9ad20ea8d7efe0f2b5b6757fb0b999cd46917aff508829a7a1d4985c
1c481e8b59108e14991c2024ec8cd74579464be5cd12617808356db9bcceb36c
1c668e2916d4f9aeacbb6f545a645f0882204e7e3928b3f62b5aff3de136c1c5
1c841693330e27e579ddb12599321982d6ab7ff4da41cb4e6a1287cc8b625599
1fd886d6575164e4f090fb066e1ac4667ee40d1ee7ba2b2283fb71ec6e4cc5cc
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
22e445740494ff0441323397bb6de4b62dcb23826c5b77638c644e4302560655
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8
24f3a2bc8ff9e147350f2872e763f27547d623c5fd82100eed032aeeb2411354
24fb697da0be2b16388fb4cebaac3f1bfd1ef924bff56e4a22cf52755eb7dc21
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
27cc24ac6c6cde86f5b99575f817426d7224464fe19e98c29dd83392e1272a07
2b1632b55badd808b7f8d26f2a6267c6941b99cb26165966072ce80a5dc00dc3
2c01eb02b169c34320241d002edf0d09f06802afc629f8430e7fb430606d67c8
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cce638cdab68bdb54c574dbaddd96eace5adb8f41c56ba795d656759ee491ea
2e29d014db9a69bc9ca7e8785266b23a428aaa17c24970d18dee4a3cfcef031a
2fbbb4bdb43c3853d5f640b58e98f3d99fce1f7a2f6a28ee32cea3573d81f152
31370f14534e5bb78d3da68b6cf0e72369feea1bd68aaeac1b61d07094aa1deb
31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c
328d795287f5346532425e23a806fddd55b3577298ce378d72caa0527b50c321
32adcd20942cc95376c96c686e5f4c65dba39275545f6c9c7b63b72a374d9cc0
3337d4a9320375da050ce2c25805112a72a42a3a8d30ef789a0c6a383a864df2
36ae5665d20b3043d7c330846a2712a01de07cc1a8819d08f306853249a3bb52
378f3adea9e843d94e73295fe3582335a2b6508104b4e19e1c01f0218a777025
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3abf42c9adebcb657bc5bc4a335638fbcb0964a2cc449531975c92019f04af98
3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ebc579d2a5ea97acdb56edfb0e2a98e4d41f4f3db179fc1847bd50251d2251e
3ed1ebf0d6f605635332d2dc7d98bd3cb3fff298bffb5765c1969ab93b3fbeb6
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3
42ff00d1b71deabe8b09e61bd4f9d6affe005776c7b7e1ab99dbad0dc7696913
45f774e2f81fa416611d03882502725c44c2d5d87978324544fa6ec5d7df7ccf
46220b9b3ca7fbfdd2450e6ee0039dcc9e10c6a7e9c7fcbc67eb4dba65bf5525
46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681
4705dbb884e63deff30ef847292ae6933b0adb5c2b89137fb3a2f04baa8a86f3
48006243aa1ece4f57a63dbe9c95e67f68b04c3caec2bbd87eebd63f7a7368b3
49c5062b357f17aa4cd7c3f8b6c052107cb0499e73fb7da71782f349c3055ca5
4bf2dd6e5853b05eedfbc67dd947ee92616bc771d35c04872573b592883d9823
4d19ff0a638baf21b3637d9fae7f04c7f6602d0c1fed79fbf01c246e46609cb2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57547478e96be0120a2ccf1d357b94f46e7186e73be8dbdce9189bb458479975
58694600a9bb19ab424e8752ab649f1365563963d2541becd627f15045a107aa
58a617d2c88d378bfd267e2817e2228e82ef0c3f28d8ac3458b18af77335c39e
58b9321705fe7310f2ad6c57d3e1765bf6f2d9de859cd4d4d6ddf160b6e94444
598487ff2c5dece3c38a8e51802ba4d4f4a0108424350e35b214cd7f96806b64
5dd3744b3c4c4ca24f5ca3c270fe5275aeefdde79446288a9554095ad6182af5
5fe762235dff5c6c1bf33b317522129432b5c54df727c3614f1bb15fba5c1a34
611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235
625c0bb576663c4629d847cbe31dd9d09be82d2b9615906dd508c7b76764824c
6330d93c38185b92516fd8bdb7220ff136b6817c2ef101ed7d822e122066240b
63cad4cbdabc1e154d114197e473ac80a92a2c323172625d3998f3fd266674fd
645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e
64b5cfb02beff3a924affa15dcac21c407ccb8d723cb6a5d93aad4f94cdfb73a
65b274370861ac64aa4e81014de0d4f96a29c1d9a85fdb58f85a2f0f7c39f040
65bf6dbed881d8b4aa47ea477227f1860721a053dd6e3541718b377d66fe4f54
693834d499a766ee74d733e5045d73b669a47b0ddf4dc2d4122ceab6b54ffc59
6aef7c004e8d9551468e7ba3afa304f8fef2e0a71c6ef432542b90081a9bb051
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d3b4355053f8b1c2214f5012ce3f0002cf4f41a51d1ca2c6ec33115d299e258
6de239521ea70aada90cfdb8dc62a42b2c2477815074638fc07c2608e127e310
6e98283c4e77cee6422b67aac372a613ca467ffda2f21e78beca71dc029c6140
6ed07947c2ba39356b45c1cb6b84d7a6cd8f1172b0cb7af6e31e838196a994a5
70667ce810a4ab76df588aac5f88cfe24f1c68131d621b5700282cde9832c850
71529d12a50c366935078936f9533606bff2f00e195f62a78772cca16b7ca247
71dacf49a06f7b28d3fc9207b9617d3c8e35c65c2b298a5ef389ecf2217b3f30
735b8fdce3b66a8586292e5de365f81fea148b6b6278fb8510ee1dc78b2d3fb1
73da2c879d92fddbe81e0098dfa2b520bb88a8b6a1afcbcccf7880f73bce7543
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554
77e7ad71599b73f06bcaea11c25e128d50c80f6e7fb0cc10f317779fc285d954
7b7f3cb4de673102f820d0d243ac154df53327583b2ad221052d4ee43e13a15b
7c41c866d6902c5da08e83a63238b985c84e23a5f7d5f25b31db319a1e6f7399
7cd25cfdaa711da7ba54081aaf6d9962b606b5f3269b446c1096f7cb7a065026
7e176e51c1dff07522d527754e78745b4fe73db4b875ab85be5ec57e2e35346c
806cc912d72e22caa84fdd0472a0ee11804e9a58ad489486456a8a0551194d91
81cdf17c5ddd6df64df5b5e234c1df9c45fe41bff40b76be995ab20f2e90f45b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87b1d7a33866a970cbbc66c39914f260e7801a03f86333a70d336d40df42b40a
881c28f0bb190ad240873ff5e6bc92cfc7614a9cde673076db7286558af0c2b5
8b6874e0a5e81da65b57af189d73b5a99af003eb69a872486307de02a87f7a26
8b6f1b48cd5175f987c8d9c15233cde35ad4a06473c89b4f46076b6fc3259e6b
8c8543047af01eee8aec752d049f35aff3abc468628af82f9585117411786d8c
8d410bd217dee28743b3f64f21171897ff4845ade84e599da28e9b9032410add
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e3dca3d0c3e2c69a8e0ccf035e9f65b77bf76c0903de79f2d6a2b491fba860a
8e3e3d82bd605e9b6484ef5ad816eba871aa1fb5a45033eb8b7f82ae39d07ac6
8fb101fbfb40f627db5860971a51fd80a9384f0630af3db4eefd351ef04d2c35
93be849efc0b6a35432d618f56468227ba1de73fc1f3015bd2d92be5d60676e5
982731bc42625712b84f0c2654e198b88aa69f4420a51117704cc367e7fb8ef9
982d34951038f20a2cfd09cb3fb85a55ccecd7016b73a10f5bac83cdc5d55fee
992adf6b1778a71c66f0bc5d32bd71f686c2cfe115efbf8d542e31f1c4015cc8
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
9bf6ebdad81726c7784e2faf29949ffcc2c580333168135ecdef285bcbfb97ef
9c5aecf6f8d125f8f91b47761d6fda3ff801ba9dd37249f51663529183d36ea4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3b93a74fd2b2900ce800a3b460688417f21675f8fe051de5c990b09b04598a1
a3c8a18c3c4b380011fd8cb5d3d6f4e36d49b5246ccaf5a430c47b1ffd258504
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a733719e0ba21dbd1a691a459642d9037d594d70b0026b25836b6f75b290e5f0
a7905df4e9a84235722017128197cf1b52ccb73b37b2d19538b8ef24ce94d2bc
a969a9b32705092663a8c9019ac9835cf93fff0d525457961e309bf04dba1424
a9f86a4e608a80930a78a18fb9050b9579abe18f44eb33c164dc2b8501219b8f
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa993ce3b07f709c900cd3b97ccd65280928b06c29e9f65d9bac43f2e01e9a9b
acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a
ad05740966a78657cf685251d6aea88a1e8f9df8355707c82bd727d62133011f
ae75e773195405f63c83cc92dd3d04119d88076d0c9ca53b0fda0568fde7868a
ae897c28ca343c708e3e307d8be45c7bd369366bde0e73da16a71afdfb304aef
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff
b0f62a19b3816ea7dc2f9990b599ab78f203bb6006af805e5315d003e5fafc3b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b22d47b10499a007a320b85dec6d283c121c1b98f0ba7c03b2406bbd0dcd5d8f
b24778ddf954b52d774d1620e1f7a371a0366c6b431cb979c11e0bf4fc6caa5d
b2abeb5f73b2d92b7ede59d05e0c2e234fbc940cae3aa4d59e38fcb2166e591d
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
b780c05b9b8e1f7acff640ef794ca777ffa43e5d4354a84eebf3dd98975f8675
b896afc83022a9cba3d395cdb8f1c09f49df5869b96d9c41af7bfdca6286d005
ba2ac09da587446c736dca48ca41b1511361c37ce63084ffaa68cdb4a7834ade
ba8615525c16c0ef0fa1eb7fcdaeaec9b4bef309a4ea1a4a1183db04c3ae99e4
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
bdde27ec97ac7add8bf64ec101d653f8613c13ed50e518d3d5411b47c631e5d5
bf0f983511eade4b610daee0289a97c478db68f9016867811b3260bd542af316
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c19059678c29578778de4b6e42914180649090c8850e191ee65b04254e894ba2
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2ecfb9ea3fbede2b9da9158bc8438f985060f0cb00dc2dba1a020fd0c4dc446
c48813f0c6414a6394ce88a14169c9e476c9225fce09d3702a7135d13694d162
c4fb149a043758e7e05dd49e904e01e2f4c2479824151bc4cbde84a0495d6fcc
c6c26e9fd32854aee98de2acc25e0430247818615f0e19c75a83cc02ab76388a
c7cb1cb576f66cbfe244baa9a42c3696470e2b27ce186876ce00cc13488a3dd2
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd237451c1129b755eb037be222af2716f91fe45e0938e7711ef9aa9614ed0ac
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d318e574ed5914198dc092c29a7fa761b25b0e2c59e07f40c59b9cbd5a7fd265
d55dc8ecba4b4fa450ced592faecf78dd1cd8e65d84d5ba88a688257d5a7e452
d8a382bb17386d2d82cc7bff0b08cbc40466c977c277e039adfa7de9b9511957
d98c62f55417af0d5b31d77653c0cbe88585490ac72c5a39b173b4c95f0706f0
d9b2a4f1389c687abccf8e956ac54443f2fe55154ab0515ecdde430290831d16
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
db3b3f0af5aae1c62702fbfad96b95d9c82f73b0da35c4f8144f1ea0d930162d
dbeb241324f4c3e889518c86ec74c1f6f634fff0c6f23f8c5af28273b8f31112
dc52d66244d18abd87212e8c77bb671ddf1b1b2d17afc3a49084fb260fe29794
dffe8b72f780d37daf3df7bb0ef19173dc233a32e180b4fd5bc4e76cc66f0b66
e07482f88e80537b35953010a2d347873dd366963ac227e727c53ec46d6fd63c
e08c294c8231ec572510659df34092e05d02680dc3c4738bf2cf33c398d41df8
e341bb94a8fd7ddf5bd346fbed337cbc9b00c29f10a9fe70b9f31f876ffdbd29
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e606b88f22681ff4345da88cc69427508b872d962152d6b6150d46513583740c
e6292fd056e7b8352b28cf7d4a34e9af8e8eb88baee294fd625d917122332a6a
e6b97f70eb5e035264d86122b1589d3402806e41c33989aecbd767acf396c7fb
e84ec2df928c8fcdc9baf15e86516bbe2c4da19182377d8be95d099fd391dcac
e8d9c362c89ab0d3819b7fd4d5b342ef470cf7d999bf4bc91b2e1c6127db1f8a
e91cf159afa5b1cedc6e7aba65efca84da8645a378ca9f9c0ca07180508fa4da
eab1c2d0f737bc7c297139b39cd025892a87b8b191abc0f3408b2b048279f178
eae285748696647e5f55068eb05a214172c9e19ac96fcb2700e73507fba62060
ebcac200adeb2ac33b8b32b09ffe49e56b3fe4a3d77b56e87eecf8913779931f
ec30e31958aabcb6e98e8ec717b902c14ac2b17690576bd1d2c630f8331c06c1
ed1e079e618d298f180c5e2a4dc76bd0143f1c918e475ee52b76f6e142a492fb
ee766ef9d627e46aeb0b895935f8ca49b0cf197e5f0b62ca2f1deb8fc2511fd0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f14d49c61900359e36033037f41b3551af293a3ae24076af4511e92217e841a7
f462844cbf81aa595070b5a5174eaaccbed9d1e63db15a2e14b12cafd169bf1c
f6248573434a6b4f50dbfe3166d5892c7e62ee1296a2328d50006fe88510cecf
f70fee72f4b08b7a97e7740fc8bbc725f9877ce869b60a8e2f233327b52fb020
f77e74580c9873367c81bd227811123288f2f15581f5d49bf86e00e7f5abd8b6
f8aba6d0b4682bdc43ce9ff06c9c0174b1edb730dc1f2b1d00892df73cefe5ec
fbaeb6cbd55dc848df7113819da2ee6a48dc8cfe1265ebcf555a92b72eb39daf
ff70ab95a87550a4664510fec0cc8660bdbe067f6500b1e29e5c7da3958ce5b2

ww3.read7deadlysins.com Open in urlscan Pro 2606:4700:3038::6815:eb94 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

462 Requests

99 %HTTPS

30 %IPv6

90 Domains

154 Subdomains

96 IPs

11 Countries

5536 kBTransfer

14660 kBSize

2 Cookies

44 Outgoing links

Page URL History

Redirected requests

462 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ww3.read7deadlysins.com Open in urlscan Pro
2606:4700:3038::6815:eb94 Public Scan

Screenshot
Live screenshot

Full Image

462
Requests

99 %
HTTPS

30 %
IPv6

90
Domains

154
Subdomains

96
IPs

11
Countries

5536 kB
Transfer

14660 kB
Size

2
Cookies

462 HTTP transactions
0 data transactions