b.travelmiso.com Open in urlscan Pro
203.76.174.123 Public Scan

Software

sffe /

Resource Hash

919fb9fa52c5f27bb44af11974680460765fd798bea364165a97b06d6e6d585d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 303 of 1000 / last-modified: 1623449396"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21414
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:27 GMT

GET
H/1.1 200
OK Cookie set counter Show response
nichools.com/ Frame BFF8 2 KB
1 KB 56ms
56ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/counter?i=jvz1bqas4afbza0812345&a=bbd85efe9baabbdcc648c8a3d31dcc1e9&cb=2453391623656847612
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 6fdf5b5e23cc495f5ff25f0361b6ea48ac1c5ec223ac7016c6b58f543ad339bd

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=4fd8cac29d8b161d0b505a36693b48775fba7f52; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: _oaJ59EWKO7lSGSeYnCvBdNEnYrkKSLkmhLdYuHlrSxqRU0mrKu3Ew==

GET
H/1.1 200
OK Cookie set stat Show response
nichools.com/ Frame A592 9 KB
9 KB 77ms
58ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/stat?i=jvz1bqas4afbza0812345&a=a3b2f53d5eac3e79fcc75d15b2c749db7&cb=1837211623656847624
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=742c2383476a2af2f64776807eca5b58f1ca4d79; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: hfxtUcXcEgxN1QENIAj3grousllru4dP-vmA9cqnNBw9IxNpwvIuXg==

GET
H/1.1 200
OK Cookie set count Show response
nichools.com/ Frame 8929 9 KB
9 KB 84ms
55ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/count?i=jvz1bqas4afbza0812345&a=ea88bc08b9d4ddfb0ebc29ddbc4139ad3&cb=7066291623656847630
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=93a0000f3249aa6923f5be44ba6f0170b1276309; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: xOfonmmaV33cdNfuRwhbs5mRuZ6A6_qFfzpE5uQpvaEwezk4s7Jvdw==

GET
H/1.1 200
OK Cookie set sync Show response
nichools.com/ Frame 443A 9 KB
9 KB 78ms
55ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/sync?i=jvz1bqas4afbza0812345&a=ad0f2611a810207bc4fa9cdf665058215&cb=4569821623656847642
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=81430b0d86224c07fdf5a49a43422d8ff68b4778; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: VYJBGMNPbJzGfNp_bClHKpohCF_vt7RAcMEN1J8NW9_Ht0kJfW1m_g==

GET
H/1.1 200
OK Cookie set user Show response
nichools.com/ Frame A368 2 KB
1 KB 66ms
53ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/user?i=jvz1bqas4afbza0812345&a=fdd68d248266fd4eefa4158297b65a017&cb=1266771623656847653
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 14e3be446af6289000e9ddc253ffc17a5b2b88b21b41c9f14cf81e96a3f53f0b

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=63d4893f1da52d483d1d2ebbc49b2fc6ec13c735; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: avTBw8Le7B8XsSlLy54AVTbOdlOT1FZd6VoNPR8MIO6n29T_wqOKjA==

GET
H/1.1 200
OK Cookie set stat Show response
nichools.com/ Frame F6EF 9 KB
9 KB 88ms
61ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/stat?i=jvz1bqas4afbza0812345&a=8d2134f2a2402bac961e8ee1376d93fe3&cb=3588901623656847665
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=094e58b8da5cae3c75fad794b571a8d955d5d1a1; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: nuRJHcjcc46BMVmdspj-sSeyMKBLuCkMk28mUy-DCSTeool9QNmYfA==

GET
H/1.1 200
OK Cookie set counter Show response
nichools.com/ Frame A50F 9 KB
9 KB 109ms
93ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/counter?i=jvz1bqas4afbza0812345&a=8654fe66f7b66c89a1586bae710b09625&cb=9687641623656847676
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=a350879c479f8fef61aebc98d641e9aef4090724; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: 3CaRCvv7uhlsQDb6BGzybqdYvoTLqO6ewo91D67ZrqQoE0uf1gx-qw==

GET
H/1.1 200
OK Cookie set send Show response
nichools.com/ Frame E690 9 KB
9 KB 59ms
51ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/send?i=jvz1bqas4afbza0812345&a=ddb7b1af716ec2432bd0a9cacdaf26fd1&cb=0186611623656847684
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=061ea4f49e340a0350e50845c1d263e8ed87624a; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: n5i3lIUAgIIASgbfCGsMLSDE3YeXuVQcWTuBZ5PWms806G8IRj54ew==

GET
H/1.1 200
OK Cookie set usync Show response
nichools.com/ Frame 0DA5 2 KB
1 KB 95ms
62ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/usync?i=jvz1bqas4afbza0812345&a=f806503c39db99c77ecab4df904769a71&cb=0646011623656847690
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 93f5880025864af0d44be81b7bf4be49fe8e55e5a9dd48a6e29a0985f7648874

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=67f8b4de0145382ac2d323d9cc954420ea7afa0d; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: 1R9fMguuYxBkU5vg4WT57RHjULF1SA_fOLeGq2UkAbWQzuuRnSMRjg==

GET
H/1.1 200
OK Cookie set stat Show response
nichools.com/ Frame A697 9 KB
9 KB 94ms
61ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/stat?i=jvz1bqas4afbza0812345&a=596b8591b62c52eddce41f9071f339927&cb=0531211623656847693
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=21b3790bf00b994dfdacd47289b74c3022a55d0c; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: bT1nxFT92r5j7iTO8s-5Uiwyj1DxPacVtaHOXPZ84pvqITSRYC_1DA==

GET
H/1.1 200
OK Cookie set async_usersync Show response
nichools.com/ Frame 1020 9 KB
9 KB 83ms
52ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/async_usersync?i=jvz1bqas4afbza0812345&a=8ccc4324aeaf4c4badcaf9dfe34affae7&cb=4822651623656847695
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=d8f50bf804c7c323a181ecebff1abed277f40747; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: ereLA9mLgZ7VfyrJv_y6BSbMWV9iKiPgvgqYjNV7X2Nu59nwO2fxBQ==

GET
H/1.1 200
OK Cookie set async_usersync Show response
nichools.com/ Frame 683F 9 KB
9 KB 101ms
53ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/async_usersync?i=jvz1bqas4afbza0812345&a=423f3e0439b6dbaaf9800062c361b91f7&cb=2401601623656847703
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=1d9dfccd7a8d0dfac11bc84d7c16eb7901fd5ab6; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: fJOSk2nNDR0s3460m0F7N-eALl3x0I0PTo5hv9yplJP4-UgMRJRxJw==

GET
H/1.1 200
OK Cookie set usync Show response
nichools.com/ Frame 920E 9 KB
9 KB 87ms
53ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/usync?i=jvz1bqas4afbza0812345&a=f19319e02c21f9e140ece01a13716d7d7&cb=1494231623656847714
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=9ffbcea660f76ce395160cf27db89a786adc3ee0; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: AJcz3JDNFFmzY-yhiBc4llpLgFSWPCti3SJc2ZHPfoKQ2bqScVjGeg==

GET
H/1.1 200
OK Cookie set stat Show response
nichools.com/ Frame CCE3 9 KB
9 KB 110ms
53ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/stat?i=jvz1bqas4afbza0812345&a=bfae10c7e8ea157c27c8d4ae1f282c131&cb=2719581623656847722
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=jvz1bqas4afbza0812345&cb=6119781623656847414
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 4bbec97f2ab0a78ae34ae43e18c2d879ce6407bc6bdf75e82a256f69ea062aa9

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:27 GMT
Set-Cookie: SSID=380a8c66e7f4147e3ec428294b356b398aec19f7; Path=/; Expires=Wed, 16 Jun 2021 07:47:27 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: WTukBjxJErGDXr2yoIqRNpi2Rvxg7GlWYUt9Er9eFUsyEUc4vkiB9Q==

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ Frame 48CB 61 KB
21 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e4810e88e50f93b12c1e24b897d264382cbcf6e2ba29054f68b19bc4dc4e104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:27 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "902 / 510 of 1000 / last-modified: 1623449339"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin: *
Content-Length: 21293
X-XSS-Protection: 0
Expires: Mon, 14 Jun 2021 07:47:27 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0513 19 B
715 B 110ms
35ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:27 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.49:80
AN-X-Request-Uuid: 9bf15d8c-340f-47ae-98f9-30e2023e295e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 0513 5 B
448 B 208ms
112ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&cHJpY2VUeXBlPW5ldCZtaWQ9ODQ4NjU5JnRyYW5zYWN0aW9uSWQ9MmNhZDE4YTQtMmQ1Yi00MmYyLWFhYjctZjA1YTFhZTk4OThj&pt=net&stid=f0eca43b-6384-4a63-b342-6417c9a757c7&gdpr=0&gdpr_consent=undefined&fd=1&url=travelmiso.com

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:28 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 0513 0
188 B 83ms
16ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.27.0&cb=55843767376
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://b.travelmiso.com
date: Mon, 14 Jun 2021 07:47:27 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0513 19 B
716 B 112ms
39ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:27 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.237:80
AN-X-Request-Uuid: d26ea9f0-40ec-4d5e-9e43-4bd37e7f1f93
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 0513 94 B
758 B 129ms
56ms XHR
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.27.0
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: faa96680dfdc633dbfbbb107e7184f9e8bd73d64b3c36139a8e869e28f9f927a

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: http://b.travelmiso.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 0513 5 B
448 B 195ms
107ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:28 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0513 19 B
716 B 126ms
60ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:28 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.251:80
AN-X-Request-Uuid: b026cccf-cb2c-4d89-869a-24df8c5c136f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 0513 5 B
449 B 149ms
63ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:28 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

GET
H2 200 hb Show response
ice.360yield.com/ Frame 0513 2 KB
2 KB 157ms
92ms XHR
application/json 52.57.46.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%22208f13e2f1077a%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22viralize.com%22%2C%22sid%22%3A%222633%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221859b40f01e9f75%22%2C%22pid%22%3A%2222340124%22%2C%22tid%22%3A%222cad18a4-2d5b-42f2-aab7-f05a1ae9898c%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.46.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-46-37.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: cb600e8baba38dea9494f413afc5bd82957eaf97b78f348941c4b43dbb907344

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://b.travelmiso.com
date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 1536
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 200
OK pxl.jpg
nichools.com/ 597 B
1 KB 57ms
56ms Image
image/jpeg 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nichools.com/pxl.jpg?i=jvz1bqas4afbza0812345&s=783&p=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&rstk=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&h=1334451623656847953
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:27 GMT
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Miss from cloudfront
Content-Type: image/jpeg; charset=UTF-8
Connection: keep-alive
Content-Length: 597
X-Amz-Cf-Id: D66TQQ9Yam8yyWEQ8qwlJ-ST-ViNDr5LqNUXfpDXegkTM3NQcNe-3g==

GET
H/1.1 200
OK global.js Show response
cdn.innity.net/ 1 KB
741 B 64ms
44ms Script
application/javascript 104.111.224.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.innity.net/global.js
Requested by: Host: as.innity.com
URL: http://as.innity.com/synd/?cb=1623656847502&ver=1&pub=9188905e74c28e489b44e954ec0b9bca&zone=87316&output=js&flash=0&url=b.travelmiso.com&width=300&height=250&vpw=1600&vph=1200&auction=6619717-1056544
Protocol: HTTP/1.1
Server: 104.111.224.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-224-62.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f3517c5a69a80ca8b695cd91cf0b503c3ea5cca71305a3018b5d953cff331983

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Jun 2019 10:05:06 GMT
Server: Apache
ETag: "423-58c2310229880-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 369
Expires: Tue, 15 Jun 2021 07:47:28 GMT

GET
H3-29 200 pubads_impl_2021060901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame F955 326 KB
114 KB 86ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 08:43:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116890
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:28 GMT

GET
H2 204 /
ads.viralize.tv/track/ Frame 0513 0
39 B 21ms
20ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A10%2C%22category%22%3A%22player_session%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%22%2C%22player_session_id%22%3A%220%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22activation%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:27 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H/1.1 200
OK async.js Show response
cdn.adtrue.com/rtb/ Frame BFF8 7 KB
3 KB 34ms
22ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.adtrue.com/rtb/async.js
Requested by: Host: nichools.com
URL: http://nichools.com/counter?i=jvz1bqas4afbza0812345&a=bbd85efe9baabbdcc648c8a3d31dcc1e9&cb=2453391623656847612
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Mon, 16 Nov 2020 01:20:45 GMT
Server: cloudflare
Age: 4501793
ETag: W/"5fb1d3ed-1c9f"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31104000
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f363f8f24e25-FRA
cf-request-id: 0aab16727a00004e254b0cb000000001
Expires: Mon, 18 Apr 2022 05:17:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame A592
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

76ms
48ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/stat?i=jvz1bqas4afbza0812345&a=a3b2f53d5eac3e79fcc75d15b2c749db7&cb=1837211623656847624
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QpkmoF2dzTe9z2OTwh2Z2Wm1pbcwyCvjtXZgsHfII%2BPP%2Bn1sYf4DR%2BteAeijKYZY60n7xSeQFPIE7rW%2BDlkkc%2F2OpyKmonlPmBBxaivkyj3pGPcz8jux%2BPyHkRqH4gy972QGtgnj"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab16737a0000dfff07ba4000000001
cf-ray: 65f1f3658981dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HvPGqq%2BvHjd38oKKOsNSgsiD84LoLyEc3ugbxrAtdk2OiMSQ26UYyijggMzzRGFydn4JljTXTKTbKtcERrOaYgM8ED4Gitel4hLw4oo9HfeVY2QrnaRqgWvHhKnN%2FiO6gPu9AmKl"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f36439954aa4-FRA
cf-request-id: 0aab1672a400004aa41206b000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 8929
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

74ms
49ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/count?i=jvz1bqas4afbza0812345&a=ea88bc08b9d4ddfb0ebc29ddbc4139ad3&cb=7066291623656847630
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ufQ4E6CYPCl%2Fwo%2FdAp7PuH93n4%2FHeTdyMt0V2G6ZoswtRXOxtrhs5TqU3JxHRxsVDn9QMjCkgoRZYNPckOMxUErYfWrD7JwZz8U6ns9TzlU9CX4W0ikwNaqiL1ukaSwZG1xdruMA"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab16737a0000dfffec93a000000001
cf-ray: 65f1f3658983dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XxrNzh1YTr16Yo%2BoNGQR8oiNFa4J2irDzQXdCVyU0R4%2Bx6yGX6lyo%2ByhNJLDPicIWlFAsqqscScUVwUvYdhJdZH1Zo3c%2Bcgz60%2ByxujpEUiuLUzHZ%2Bt6PnBgQJIjcwd%2BXfmdMTzD"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f3644e74c2c2-FRA
cf-request-id: 0aab1672ae0000c2c254872000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 443A
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

74ms
51ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/sync?i=jvz1bqas4afbza0812345&a=ad0f2611a810207bc4fa9cdf665058215&cb=4569821623656847642
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hkeEjBudpQdYPQh6A8sl%2F1ay8nTM%2Fq2SD1jQgxjbUv1KLyc4PPsdc0X0VY9nhNY%2BUrsElgb1KeNjbRVib%2BKy15fHiQN9ztAW1h630392xsU8e9IrqyCRX5De5Cz%2B95l52cjUo7ma"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab16737b0000dfffe9137000000001
cf-ray: 65f1f3658986dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Fd%2FSWdYfJrfA05%2FFvxLnfSyNVF36dDGTHTFczS%2BtSC1JIpS5b5xjhDafI2neCbcNW5fJLssf7vSFPkO9xL7f1PuTK00YsUA4kU5pkBElCi%2F4XGA7dJpBjhmjybNuyjFjQd%2B%2FlRV3"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f3644e112b22-FRA
cf-request-id: 0aab1672aa00002b22d30c3000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H/1.1

200
OK

fpi.js Show response
ap.lijit.com/www/delivery/ Frame A368
Redirect Chain

http://ap.lijit.com/www/delivery/fpi.js?z=739868&width=300&height=250
https://ap.lijit.com/www/delivery/fpi.js?z=739868&width=300&height=250

5 KB
3 KB

30ms
30ms

Script
text/javascript

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/www/delivery/fpi.js?z=739868&width=300&height=250
Requested by: Host: nichools.com
URL: http://nichools.com/user?i=jvz1bqas4afbza0812345&a=fdd68d248266fd4eefa4158297b65a017&cb=1266771623656847653
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/"60468d89-1540"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap7ams1
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Location: https://ap.lijit.com/www/delivery/fpi.js?z=739868&width=300&height=250
Content-length: 0

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame E690
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

63ms
39ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/send?i=jvz1bqas4afbza0812345&a=ddb7b1af716ec2432bd0a9cacdaf26fd1&cb=0186611623656847684
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NR1HNiMzRTVeAB5Fq8BsL%2BHhtPGGByEoo32fAhsK2Lb3Fv6KMoI8qd1U8Pbt%2Brz8lPqo%2BDmvXIxjOeK%2BMbc4wpF%2F1R8GLUBQ03i0tCmm7ggN%2FibUfOpmrG2d4HZfwmzugeF7Lyz8"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab16737b0000dfff24892000000001
cf-ray: 65f1f3658988dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HfO4GuzOQMih%2BCfDIQ50VUYVeBGhnLNT1AJD54yD1bQRhAbm8tBueBdSp3LCvYM1JHKlyxFYz60OOz503DIkD6raWvfCj%2FDiToQVQTyeSjLQTJ%2BmAZdwu7%2Fk88HdrcAI2MjNACBX"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f36459e54aa4-FRA
cf-request-id: 0aab1672bb00004aa43b25e000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame F6EF
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

67ms
49ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/stat?i=jvz1bqas4afbza0812345&a=8d2134f2a2402bac961e8ee1376d93fe3&cb=3588901623656847665
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8kq8mb2QMrzt%2BIb7xm9jhN9BcDtZMM1EgvCimpYGEXCo80aKkSPPKFHKQBD9iproUc9f7kAdJlOrwqfxddLFnPkyayOkFVLmLu7IkvACB%2BQ%2B5HWDXRhoXThIXKsfiCD6pc%2F8uZjP"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab16737b0000dfffb990a000000001
cf-ray: 65f1f365898adfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=MWvw%2FWidA5I9t4%2FU5l6Q4r%2FIV1Rqn0OkFFpAvAzRT5jlj2gIFJxwbQ15P88eaQsXuD0kCkiYvxa9r95KCwn37eRutbdxKq8KxdhWsn%2F9etPFQo8NUILJKzCkdvsnSWWoNjwHSrIi"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f3647a2d4aa4-FRA
cf-request-id: 0aab1672cc00004aa48193a000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H2 200 / Show response
ads.viralize.tv/t-bid-opportunity/ Frame 0513 0
95 B 38ms
22ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-opportunity/?t=badn&zid=AAC96m8Xp3g7AdmK&sid=01ebcce4c3c2c9daba62d346954ed281&u=http%3A%2F%2Fb.travelmiso.com%2F&item=NTQ3NE-xSgeqTR3C.7.wp7sc1&item=NTQwNcKLJ9uLoc34.2.wp2sc1&item=NTQzMPMG9nThE5DE.5.wp5sc1&item=NTQ3NE-xSgeqTR3C.6.wp6sc1&item=NTM4Nc2_r0EEHzOM.1.wp1sc1&item=NTQwNcKLJ9uLoc34.4.wp4sc1&item=NTQ3NE-xSgeqTR3C.8.wp8sc1&item=NTQwNcKLJ9uLoc34.3.wp3sc1&item=NTM2N8GP0Llpb-_y.0.wp0sc1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame A697
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

39ms
38ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/stat?i=jvz1bqas4afbza0812345&a=596b8591b62c52eddce41f9071f339927&cb=0531211623656847693
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3sCBLry4kmLSMZ8b%2BU6nTkKEeITtTfpvxlF%2FyTb%2F1bmxFEoc75FXsT82jkF1S9X%2FRVlDm0X3Do52A3Rp%2B3S9xB3SDcOXUaptnCCFv7P00l%2BbwefmCxpItdyclepAZtrthmm4kw0%2B"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab16738f0000dfffd7a9f000000001
cf-ray: 65f1f365b9c4dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FbYyrVbTkbPiHxMvirC4VV5NklJcYrIAAMhFbf82bnA7YRVqybA9JvAsg%2Frqkcd4BVDm8poJpDFn%2BeJbYROUIV0IUFJsHLkB1AqdUfRZw%2BFPyjudUaRHBmkTnc7tAKcP0i0pW07a"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f364bb0a4aa4-FRA
cf-request-id: 0aab1672fb00004aa45e193000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H/1.1 200
OK / Show response
ads.projectagoraservices.com/ Frame 0DA5 10 KB
4 KB 168ms
154ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.projectagoraservices.com/?id=10641&uref=https%3A%2F%2Ftravelmiso.com
Requested by: Host: nichools.com
URL: http://nichools.com/usync?i=jvz1bqas4afbza0812345&a=f806503c39db99c77ecab4df904769a71&cb=0646011623656847690
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8256fb3e9d3f254f5264de4b5c9120d0886687485ea0511afcee4493f941ccae

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 3541
Expires: Mon, 14 Jun 2021 07:47:28 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame A50F
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

58ms
57ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/counter?i=jvz1bqas4afbza0812345&a=8654fe66f7b66c89a1586bae710b09625&cb=9687641623656847676
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=cFLNz5rYxkJR31XEVoM2l%2FpwG9HLXh0ia%2B7y6t%2FsL%2FqokFRIkCGD5VfzZNi1ZVf6yI%2F8S5%2Bcy%2FQttJUsPuzVVG21bYZ%2BE%2BksyBi1YE8nwY7vamfmjhe4iY5f3Nugs4vud0%2BOmBT3"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab16738f0000dfffb8855000000001
cf-ray: 65f1f365b9c8dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=B6ylnM6s8nlyPA5Fr8hwkctlZc7yEIC5vjkjg9So46D4GnyFtG%2FYm3ESWKX47ndGwYtl6P22iYGLsNaOhM3yIzz8r4Py8p52Jwb6%2F08YvLZbPVYtqB01Y6JBvNX6h80uwR5L%2Bq%2Bd"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f364cf312b22-FRA
cf-request-id: 0aab16730300002b22cb828000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 1020
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

84ms
84ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/async_usersync?i=jvz1bqas4afbza0812345&a=8ccc4324aeaf4c4badcaf9dfe34affae7&cb=4822651623656847695
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ooBXGIeeR8mf%2Bz8I8hyiFr7TYJ09P7uq7t846V3tCRgg2%2FJazq04N1%2F7RONky7QfyBpwYcevo68kKB42k7pg%2BTKngvZ7E1xMbbeZOhfguPIncX6CdFefjNVo1xYglvizOwhrNxlD"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1673970000dfffb8856000000001
cf-ray: 65f1f365b9d7dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=cCUy1qJOu%2BX%2FInWxej68PHk%2FBFOoZ9yO2RDwlsvjcqUVxFas23DQnU1VnE4ROVN7Y0fIU4uoSTwHNrPKYbdBNY2MQO42IwTCkObO5R4kO1FGDJPg6KcRW1YjEfsXRNpIVvyirWro"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f364ef682b22-FRA
cf-request-id: 0aab16731400002b22982b2000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 48CB 318 KB
112 KB 33ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:28 GMT

GET
H/1.1 200
OK apnx_prebid.js Show response
www.travelmiso.com/js/ Frame 1B4A 176 KB
56 KB 366ms
324ms Script
application/javascript 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.travelmiso.com/js/apnx_prebid.js
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/bt/300x250.html
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: bff83be7565cfae98489d532757ca6117d69ae27dc45695ab34dc1653b3108ec

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Jun 2021 02:41:34 GMT
Server: Microsoft-IIS/10.0
ETag: "0c3f6f5d85cd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 57229

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 683F
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

43ms
42ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/async_usersync?i=jvz1bqas4afbza0812345&a=423f3e0439b6dbaaf9800062c361b91f7&cb=2401601623656847703
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=yfIMQp0k4As5%2Fpvj3GQ34ShedoOXXI56ctQkjkW9wxOygTRqn7kKEBiVI5BZriOHLsZXScEs2PokNZO9FJzyKZmLXjVeBCgnW5PcN3W4%2BvOcOLzxU3lktvFVfIhXn%2F98GGmwkPNM"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1673a60000dfffb5270000000001
cf-ray: 65f1f365da14dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BdsRvxxDqgC7qOHnCzc0Kb496Jkv66MXuIetqpZDRM981FqyxHClvlMHN58XBrZhUoSg4fQCdIKRWM3ccW2aLTncbEDGvT0XqtRdUkB%2F9M%2FGF%2Bqq%2BUoVALviKePxrfYPJgP6Dz%2Bu"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f365382a2b22-FRA
cf-request-id: 0aab16734500002b229d1a7000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 920E
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

59ms
59ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/usync?i=jvz1bqas4afbza0812345&a=f19319e02c21f9e140ece01a13716d7d7&cb=1494231623656847714
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=k7MWMjPINICaHSR6dYjg4N1NnoKYax4DUCsxlRbC46lGbbkhkILMDeec3fvn6BGgM7PhQNkLwv9mJjtcWCXIF3UjFnSjBpk2QyZRxJl%2Bm%2BeqE27d7VGiF0XGstyNgPblbu0MkN1p"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1673a70000dfffad92d000000001
cf-ray: 65f1f365da1cdfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=nrmVBwVJpLwzRnJ0ww7RyoZciov10WG6WlNrJG9PCmmrwRzuHvP%2BACGNlmsDxlClf39Ran44FRod5PjVjYIPCAriMBzlL7ksigD9Rjn7YeRHxcUZa1EaabK4ha5Q%2BWUoJIjxT3%2FT"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f3654c824aa4-FRA
cf-request-id: 0aab16734f00004aa46128f000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame CCE3
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

44ms
33ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/stat?i=jvz1bqas4afbza0812345&a=bfae10c7e8ea157c27c8d4ae1f282c131&cb=2719581623656847722
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6027
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KRmH4zIiFWsB%2BEX%2FKVp%2BNRo0wHTEQgsOGq0mcM1fbUVkVm2MFzXNe2D5ui4Chgk2i01xHepu7c%2FGxE7wsotNRNpmK%2BLbbYN6TGIcUt%2FGAMEslZu2rs8FOzwUIHetAZvgTz4Qoeyw"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1673cd0000dfff15b42000000001
cf-ray: 65f1f3661ab9dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=DWnVzLZmz%2BMyA4VHeHJhx34X6RnvW4ObzD1cp6FFpx0erC%2FkTgPet8g%2BU%2Bua0Hbm5YsnC7PCYDi9wMH4ArMbdquEXk2cCbZw4M1yOEKU29TWxa6wS9xWC4aNRcbwDkvnQfsGNjDa"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f365586c2b22-FRA
cf-request-id: 0aab16735700002b22a7918000000001
Expires: Mon, 14 Jun 2021 08:47:28 GMT

GET
H/1.1 200
OK innity.js Show response
media.innity.net/lib/ 4 KB
1 KB 62ms
43ms Script
application/javascript 104.111.224.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://media.innity.net/lib/innity.js
Requested by: Host: cdn.innity.net
URL: http://cdn.innity.net/global.js
Protocol: HTTP/1.1
Server: 104.111.224.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-224-62.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cea68197ad58b6802f8a1735646931eda8e76702b12d90f7df88d537f62b987a

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Nov 2017 06:07:08 GMT
Server: Apache
ETag: "116f-55cf9cc509b00-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1073
Expires: Tue, 15 Jun 2021 07:47:28 GMT

GET
H/1.1 200
OK proxy_245521.js Show response
media.innity.net/adnetwork/house/pub_244/ 2 KB
1 KB 62ms
44ms Script
application/javascript 104.111.224.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://media.innity.net/adnetwork/house/pub_244/proxy_245521.js?ord=[timestamp]
Requested by: Host: cdn.innity.net
URL: http://cdn.innity.net/global.js
Protocol: HTTP/1.1
Server: 104.111.224.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-224-62.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6af8e0191b4bccefb0bb3f6501ec4a76d17eb080dd45be2f70a1d469815f0ac2

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 May 2020 09:14:08 GMT
Server: Apache
ETag: "960-5a56fe2cbe0d1-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 987
Expires: Mon, 14 Jun 2021 08:17:28 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 6019 61 KB
21 KB 50ms
11ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/exm/300x250.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e4810e88e50f93b12c1e24b897d264382cbcf6e2ba29054f68b19bc4dc4e104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 228 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21293
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:28 GMT

GET
H/1.1 200
OK impress Show response
exchange.adtrue.com/delivery/ Frame 0382 3 KB
4 KB 358ms
332ms Script
application/javascript 35.166.70.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://exchange.adtrue.com/delivery/impress?pzoneid=19020&ref=http%3A%2F%2Fb.travelmiso.com%2F&cb=1149131768&timeZone=2&adWidth=300&adHeight=250&loc=http://b.travelmiso.com/
Requested by: Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1
Protocol: HTTP/1.1
Server: 35.166.70.150 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-166-70-150.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 1abdb4a1fe88248fa42351074468df9f907fdfc01befe1a5253c5fa8f921af17

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
Server: nginx
Connection: keep-alive
X-ADTRUE-INSTANCE: java1
Content-Length: 3330
Content-Type: application/javascript

GET
H2 204 /
ads.viralize.tv/track/ Frame 0513 0
39 B 28ms
21ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTQzMPMG9nThE5DE~wp5sc1%22%2C%22bid_opportunity_id%22%3A%22NTQzMPMG9nThE5DE~wp5sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTQ3NE-xSgeqTR3C~wp7sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3NE-xSgeqTR3C~wp7sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTQ3NE-xSgeqTR3C~wp6sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3NE-xSgeqTR3C~wp6sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTM4Nc2_r0EEHzOM~wp1sc1%22%2C%22bid_opportunity_id%22%3A%22NTM4Nc2_r0EEHzOM~wp1sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTQ3NE-xSgeqTR3C~wp8sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3NE-xSgeqTR3C~wp8sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTQwNcKLJ9uLoc34~wp3sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNcKLJ9uLoc34~wp3sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTM2N8GP0Llpb-_y~wp0sc1%22%2C%22bid_opportunity_id%22%3A%22NTM2N8GP0Llpb-_y~wp0sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H2 204 /
ads.viralize.tv/track/ Frame 0513 0
39 B 24ms
21ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTQwNcKLJ9uLoc34~wp4sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNcKLJ9uLoc34~wp4sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTQwNcKLJ9uLoc34~wp2sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNcKLJ9uLoc34~wp2sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 2559 61 KB
21 KB 36ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/str/300x250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e1a9fa84f454175a61ddd8369e590829499c033015438f8788b2e40b02864c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 672 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21293
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:28 GMT

GET
H/1.1 200
OK sync Show response
ap.lijit.com/ Frame A368 87 KB
20 KB 32ms
31ms Script
text/javascript 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/sync
Requested by: Host: ap.lijit.com
URL: http://ap.lijit.com/www/delivery/fpi.js?z=739868&width=300&height=250
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Mar 2021 20:48:41 GMT
Server: nginx
ETag: W/"60468da9-15bdc"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=86400, must-revalidate
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap7ams1
Expires: Tue, 15 Jun 2021 07:47:28 GMT

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ Frame F955 107 B
853 B 46ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame F955 107 B
570 B 36ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame F955 57 KB
14 KB 416ms
415ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4002662522689375&correlator=1775099254612937&output=ldjh&impl=fifs&eid=31061223%2C31061413%2C31061003%2C31061150%2C31061411%2C44744015&vrg=2021060901&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=21671350435%2C300x250-travelmiso.com&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cookie_enabled=1&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1623656848&dt=1623656848737&dlt=1623656847597&idt=1113&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=40&adys=11&adks=2590938559&ucis=wvrdkxc1aypk&ifi=1&ifk=2519292393&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&ref=http%3A%2F%2Fb.travelmiso.com%2F&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x-1&ga_vid=1286676149.1623656849&ga_sid=1623656849&ga_hid=1901252157&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f43e4d7c65ba9a14d0ba6d6ada4e4eadc1a8392126efd0198d43bb7406a5880b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14061
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
9efa5be7da42c733677296c9883f0246.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A488 6 KB
0 77ms
13ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9efa5be7da42c733677296c9883f0246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9efa5be7da42c733677296c9883f0246.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:28 GMT
expires: Tue, 14 Jun 2022 07:47:28 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pav2_3.25.min.js Show response
projectagora.net/libs/ Frame 0DA5 22 KB
5 KB 65ms
41ms Script
application/javascript 2606:4700:3035::6815:2f1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/pav2_3.25.min.js
Requested by: Host: ads.projectagoraservices.com
URL: http://ads.projectagoraservices.com/?id=10641&uref=https%3A%2F%2Ftravelmiso.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2f1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2889eb05f073f7d5b57871d886412e1330441ccac21d149403e94ebf869fa813

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5982
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 2K73VPDJC2M5EPP1
x-amz-id-2: CAXezVOloR5BM7k6KcBaygn90D5HIA2WkbxqFeDoQB9fNX1vTwRmisOeTbHB80NM+rWixnWhezo=
last-modified: Wed, 05 May 2021 10:07:24 GMT
server: cloudflare
etag: W/"5ad9313a3f5ac0b5de3249cbac8ff4c1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8yleLkvZxq8UN3phmGSHDldpuQxs8xuGOtljgnGZXt61mV6KvL7dKUP6WUPMv38O%2FSLHpPiNPQhbbFH1jKqvmKo7WtO0Oi496qYaJmspGwqt9%2Bu2dKuBIyAllX%2BXHy5%2FsTyJdHw8Z9ZcXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0aab16759300004ac3af0f8000000001
cf-ray: 65f1f368ecab4ac3-FRA

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 48CB 107 B
853 B 37ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 48CB 107 B
122 B 33ms
16ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48CB 74 KB
27 KB 469ms
469ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1534008751268692&correlator=3046876579147406&output=ldjh&impl=fifs&eid=31060784%2C31061039%2C31061289%2C31061361%2C31061143%2C31060840&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=211003152%2Com_ron_dis_300x250_d_catchall_pp0.1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=4&cust_params=domain%3Dtravelmiso.com%26site_id%3D35808%26publisher_id%3D2633&cookie_enabled=1&cdm=b.travelmiso.com&bc=23&abxe=1&dt=1623656848787&dlt=1623656847819&idt=943&ea=0&frm=23&biw=1600&bih=1200&oid=3&adxs=1260&adys=25&adks=724430845&ucis=grentr3wqj5q&ifi=1&ifk=2165813388&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=http%3A%2F%2Fb.travelmiso.com%2F&loc=about%3Ablank&top=b.travelmiso.com&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=0x0&ga_vid=1322591342.1623656849&ga_sid=1623656849&ga_hid=529152942&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

161bb6b012206910f01d38422c688069b018839eebc4bc29321a7e33b3293e55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27434
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 48CB 0
0 49ms
14ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6019 318 KB
112 KB 35ms
34ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:28 GMT

GET
H2 200 / Show response
ads.viralize.tv/t-bid-opportunity/ Frame 0513 0
83 B 23ms
22ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-opportunity/?t=badn&zid=AAC96m8Xp3g7AdmK&sid=01ebcce4c3c2c9daba62d346954ed281&u=http%3A%2F%2Fb.travelmiso.com%2F&item=NTU1NS23zt7cdAyJ.9.wp9sc1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK adcfg Show response
ap.lijit.com/ Frame A368 159 B
550 B 27ms
27ms Script
application/x-javascript 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/adcfg?zoneid=739868&tid=512defec4679471483b81ab98bbe5ff515db0105&mode=1&dmn=b.travelmiso.com
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3fa5ba1b7e91b662dc17d84d8e89469904d216256cef03b1b40d418b73927afb

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 146

GET
H/1.1 200
OK prebid.js Show response
cdn.adtrue.com/pb/ Frame 0382 252 KB
80 KB 21ms
20ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.adtrue.com/pb/prebid.js
Requested by: Host: exchange.adtrue.com
URL: http://exchange.adtrue.com/delivery/impress?pzoneid=19020&ref=http%3A%2F%2Fb.travelmiso.com%2F&cb=1149131768&timeZone=2&adWidth=300&adHeight=250&loc=http://b.travelmiso.com/
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8935e379e4ffba3e9bc383bdce200b1a6f2a81023182b6a9b5b43f0161b9bcf

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Wed, 14 Apr 2021 09:06:46 GMT
Server: cloudflare
Age: 4739123
ETag: W/"6076b0a6-3f06e"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31104000
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f36bcb954e25-FRA
cf-request-id: 0aab16775a00004e25a8205000000001
Expires: Fri, 15 Apr 2022 11:22:06 GMT

GET
H/1.1 200
OK ga.js Show response
cdn-adtrue.com/track/ Frame 0382 751 B
1 KB 38ms
15ms Script
application/x-javascript 2606:4700:3038::6815:eb9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn-adtrue.com/track/ga.js
Requested by: Host: exchange.adtrue.com
URL: http://exchange.adtrue.com/delivery/impress?pzoneid=19020&ref=http%3A%2F%2Fb.travelmiso.com%2F&cb=1149131768&timeZone=2&adWidth=300&adHeight=250&loc=http://b.travelmiso.com/
Protocol: HTTP/1.1
Server: 2606:4700:3038::6815:eb9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31019413fee993018ee66cb39c98ebf7b37365b9e7b439fdfccc33eaa81429b5

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 6407658
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab16777800004e4a9da88000000001
Last-Modified: Thu, 01 Apr 2021 03:35:26 GMT
Server: cloudflare
ETag: W/"60653f7e-2ef"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8j%2F3eYiz6TYF76mjdzkA22LybYIALK8uibKIkN%2FATYKOmWjJdOc23fVkQbCm9WDn5gjNriQJPmGVtLMb0D1EY48xXKnX%2BbLBFbpVFcv7Ier0SN3DkJs3wKhmmtfOEJvYn83woutAIB0%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/x-javascript
Cache-Control: max-age=31104000
CF-RAY: 65f1f36bfb374e4a-FRA
Expires: Sun, 27 Mar 2022 03:53:11 GMT

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2559 318 KB
112 KB 34ms
34ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:29 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1B4A 142 B
1 KB 60ms
60ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.travelmiso.com
URL: http://www.travelmiso.com/js/apnx_prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

8544e44da2531ae5e273e690c83b2b0245c1ecab304cf6727ae28895e61bab14

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:29 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.150:80
AN-X-Request-Uuid: e5c9b729-e94f-4d54-8878-6ef972af9f6d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 142
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK Cookie set inndef_300x250.asp Show response
www.travelmiso.com/acta/friends/ Frame 03F2 297 B
611 B 173ms
172ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.travelmiso.com/acta/friends/inndef_300x250.asp
Requested by: Host: media.innity.net
URL: http://media.innity.net/adnetwork/house/pub_244/proxy_245521.js?ord=[timestamp]
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 048cf513bacc8e80a09e750693111f4296adfbdf081133ddb77e16d2ef090c5e

Request headers

Host: www.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQCSSCCAC=PDMDPFDDPOOLNPFLDIGELOAE; path=/
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 343

GET
H/1.1 200
OK analytics.js Show response
cdn.innity.net/ 173 B
523 B 30ms
29ms Script
application/javascript 104.111.224.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.innity.net/analytics.js
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 104.111.224.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-224-62.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d86f773cc0628268e605173f2d589ee2ec9ecfd150e454514240eb2bfcb1fb82

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Dec 2015 07:32:50 GMT
Server: Apache
ETag: "ad-5267218ef0c80-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 152
Expires: Tue, 15 Jun 2021 07:47:29 GMT

GET
H/1.1 200
OK 300x250-btf.html Show response
b.travelmiso.com/ads/bt/ Frame 9F02 2 KB
1 KB 178ms
175ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/bt/300x250-btf.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 5935015fdcf1c112ffd02ad2701afabc23fa8a6da7ffa7b002c23763fb11231f

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Wed, 09 Jun 2021 02:43:18 GMT
Accept-Ranges: bytes
ETag: "f214134d95cd71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 945

GET
H/1.1 200
OK 300x250.html Show response
b.travelmiso.com/ads/vls/ Frame B966 714 B
774 B 173ms
170ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/vls/300x250.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 9826d8886c55a9908b1a96d55219f80e6d0dfae88d8808801f8935306d50df0f

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:23 GMT
Accept-Ranges: bytes
ETag: "96a35eec2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 502

GET
H/1.1 200
OK 300x250-btf.html Show response
b.travelmiso.com/ads/yl/ Frame 036B 239 B
576 B 170ms
167ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/yl/300x250-btf.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: f6a2681d9d055bdf0d0056f9a12d3829ce787e9a5133bffac7dfd863773cf383

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:29 GMT
Accept-Ranges: bytes
ETag: "b11b82ef2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 304

GET
H/1.1 200
OK 300x250.html Show response
b.travelmiso.com/ads/yl/ Frame 7BBE 239 B
574 B 185ms
183ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/yl/300x250.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: d7d089a8cc7955beab308c948fbd6f45815c5a07b43ccf202158d7cd5eb71434

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:29 GMT
Accept-Ranges: bytes
ETag: "364cf02b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 304

GET
H/1.1 200
OK 300x250.html Show response
b.travelmiso.com/ads/gam/ Frame C527 297 B
615 B 171ms
169ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/gam/300x250.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 048cf513bacc8e80a09e750693111f4296adfbdf081133ddb77e16d2ef090c5e

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:02 GMT
Accept-Ranges: bytes
ETag: "f3b67fdf2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 343

GET
H/1.1 200
OK 300x250.html Show response
b.travelmiso.com/ads/ucf/ Frame 5BD4 331 B
647 B 176ms
176ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/ucf/300x250.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 89184887f32e63b35d3873160a69e7cb720f6361f266a78065e8dcbd129362dd

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:21 GMT
Accept-Ranges: bytes
ETag: "93118eb2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 376

GET
H/1.1 200
OK 300x250-2.html Show response
b.travelmiso.com/ads/ucf/ Frame B5A2 373 B
675 B 339ms
168ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/ucf/300x250-2.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 513ac9644a583953b23a95939cc9301e2fb85785911525cb1425808932477b70

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:21 GMT
Accept-Ranges: bytes
ETag: "92dfb3ea2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 403

GET
H/1.1 200
OK 300x250.html Show response
b.travelmiso.com/ads/adop/ Frame 1EF1 237 B
587 B 338ms
168ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/adop/300x250.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 5281ef7042a89f444e234a6a1e035ed3040c117455836c3d77c935e34b9f2299

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:39:37 GMT
Accept-Ranges: bytes
ETag: "7ef0c3d02b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 315

GET
H/1.1 200
OK 300x250.html Show response
b.travelmiso.com/ads/adsp/ Frame D78A 482 B
696 B 336ms
169ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/adsp/300x250.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4945638accd88df6cd8e07ac5f99ad76180ba39c432944201f76f1ffb2308362

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 15 Feb 2021 14:39:57 GMT
Accept-Ranges: bytes
ETag: "667a976ea83d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:28 GMT
Content-Length: 425

GET
H2 200 / Show response
ads.viralize.tv/player/ 3 KB
2 KB 30ms
30ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/player/?zid=AADSIf6-RvqhS2yK&sid=01ebcce4c3c2f72898a9f96e66b7e271&activation=&experiment=ops.v&u=http%3A%2F%2Fb.travelmiso.com%2F&ahd=1&player_session=%7B%22page_id%22%3A%22017a097d588379bfa7dacae8f752a8d0%22%2C%22screen%22%3A%7B%22width%22%3A1600%2C%22height%22%3A1200%7D%2C%22page%22%3A%7B%22width%22%3A1834%2C%22height%22%3A1200%7D%2C%22viewport%22%3A%7B%22width%22%3A1600%2C%22height%22%3A1200%7D%2C%22player_size%22%3A%7B%22width%22%3A160%2C%22height%22%3A600%7D%2C%22player_position%22%3A%7B%22top%22%3A519%2C%22left%22%3A923%7D%7D&r=http%3A%2F%2Fshoppinglifestyle.biz%2F&sc=1&gdpr=1&cmp=unavailable&dd=b.travelmiso.com
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AADSIf6-RvqhS2yK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e4d32b8a7b0880e3528076883d84565715374a040c2a0f8e30bc11bfe65649b8

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK raven.min.js Show response
cdn.ravenjs.com/3.17.0/ Frame 86D9 25 KB
10 KB 14ms
13ms Script
application/javascript 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AADSIf6-RvqhS2yK
Protocol: HTTP/1.1
Server: 2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Fastly /
Resource Hash: 570e90ae53be52eef8849a7f762b304f2506e2d3ab6146bc8dff279111666d74

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Jul 2017 16:58:06 GMT
Server: Fastly
Age: 23744
ETag: "51d6eff0ea5151f41fa0e2f3310fc7c7"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 9634

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.1/ Frame 86D9 95 KB
34 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.12.1/jquery.min.js

Requested by

Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AADSIf6-RvqhS2yK

Protocol

HTTP/1.1

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2359d383bf2d4ab65ebf7923bdf74ce40e4093f6e58251b395a64034b3c39772

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 12 Jun 2021 06:25:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 177716
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 34056
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 12 Jun 2022 06:25:33 GMT

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ Frame 86D9 72 B
144 B 16ms
15ms Script
text/javascript 151.101.1.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=default,es2015,es2016,es2017,es2018,es2019,es5,es6,es7&flags=gated

Requested by

Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AADSIf6-RvqhS2yK

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 507002
detected-user-agent: Chrome Mobile/89.0.4389
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Tue, 08 Jun 2021 10:31:30 GMT
date: Mon, 14 Jun 2021 07:47:29 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/89.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 viralize_player_banner.min.07f50ce3.js Show response
static.viralize.tv/ Frame 86D9 358 KB
112 KB 11ms
10ms Script
application/javascript 2a02:26f0:6c00::210:ba1b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js?e=ops
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AADSIf6-RvqhS2yK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: eb21cbe16828a9be59196144f96632b8a853f173ce31a8300062ed638ffcb7dc

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-guploader-uploadid: ABg5-UyecSkYGEzUgs8-L7WQA489XMZNxd59tvJ2cj6_NZXhxUpdldqiRple_IrhfClXviKnAiG8EKZq3Blcm12sDFyPJvdjEw
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 113586
last-modified: Fri, 11 Jun 2021 12:45:24 GMT
server: UploadServer
etag: "07f50ce37d768478c57a3d75508bf39e"
vary: Accept-Encoding
x-goog-hash: crc32c=j4vTvw==, md5=B/UM4312hHjFej11UIvzng==
x-goog-generation: 1623415524664497
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-goog-stored-content-length: 366310
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 14 Jul 2021 07:47:29 GMT

GET
H2 200 / Show response
ads.viralize.tv/player/ 3 KB
2 KB 33ms
31ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/player/?zid=AAC96NRlexLe0QQQ&sid=01ebcce4c3c2ea8c58b46cce1d6fbb61&activation=&experiment=ops.v&u=http%3A%2F%2Fb.travelmiso.com%2F&ahd=1&player_session=%7B%22page_id%22%3A%22017a097d588379bfa7dacae8f752a8d0%22%2C%22screen%22%3A%7B%22width%22%3A1600%2C%22height%22%3A1200%7D%2C%22page%22%3A%7B%22width%22%3A1834%2C%22height%22%3A1200%7D%2C%22viewport%22%3A%7B%22width%22%3A1600%2C%22height%22%3A1200%7D%2C%22player_size%22%3A%7B%22width%22%3A300%2C%22height%22%3A600%7D%2C%22player_position%22%3A%7B%22top%22%3A519%2C%22left%22%3A1227%7D%7D&r=http%3A%2F%2Fshoppinglifestyle.biz%2F&sc=1&gdpr=1&cmp=unavailable&dd=b.travelmiso.com
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC96NRlexLe0QQQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: 5fc8f6e4260469d2775a17e0e29126302d26ef4324de6d8fec8454f19233fdd0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK raven.min.js Show response
cdn.ravenjs.com/3.17.0/ Frame 52DC 25 KB
10 KB 13ms
12ms Script
application/javascript 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC96NRlexLe0QQQ
Protocol: HTTP/1.1
Server: 2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Fastly /
Resource Hash: 570e90ae53be52eef8849a7f762b304f2506e2d3ab6146bc8dff279111666d74

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Jul 2017 16:58:06 GMT
Server: Fastly
Age: 23744
ETag: "51d6eff0ea5151f41fa0e2f3310fc7c7"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 9634

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.1/ Frame 52DC 95 KB
34 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.12.1/jquery.min.js

Requested by

Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC96NRlexLe0QQQ

Protocol

HTTP/1.1

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2359d383bf2d4ab65ebf7923bdf74ce40e4093f6e58251b395a64034b3c39772

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 12 Jun 2021 06:25:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 177716
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 34056
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 12 Jun 2022 06:25:33 GMT

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ Frame 52DC 72 B
116 B 16ms
16ms Script
text/javascript 151.101.1.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=default,es2015,es2016,es2017,es2018,es2019,es5,es6,es7&flags=gated

Requested by

Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC96NRlexLe0QQQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 507002
detected-user-agent: Chrome Mobile/89.0.4389
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Tue, 08 Jun 2021 10:31:30 GMT
date: Mon, 14 Jun 2021 07:47:29 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/89.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 viralize_player_banner.min.07f50ce3.js Show response
static.viralize.tv/ Frame 52DC 358 KB
112 KB 7ms
7ms Script
application/javascript 2a02:26f0:6c00::210:ba1b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js?e=ops
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC96NRlexLe0QQQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: eb21cbe16828a9be59196144f96632b8a853f173ce31a8300062ed638ffcb7dc

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-guploader-uploadid: ABg5-UyecSkYGEzUgs8-L7WQA489XMZNxd59tvJ2cj6_NZXhxUpdldqiRple_IrhfClXviKnAiG8EKZq3Blcm12sDFyPJvdjEw
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 113586
last-modified: Fri, 11 Jun 2021 12:45:24 GMT
server: UploadServer
etag: "07f50ce37d768478c57a3d75508bf39e"
vary: Accept-Encoding
x-goog-hash: crc32c=j4vTvw==, md5=B/UM4312hHjFej11UIvzng==
x-goog-generation: 1623415524664497
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-goog-stored-content-length: 366310
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 14 Jul 2021 07:47:29 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 123 KB
38 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNM9D92

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b465ec375d516b26e38cddacb7afec70ccb3b4c77ca17b082618599bc2723ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38705
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 14 Jun 2021 07:47:29 GMT

GET
H/1.1 200
OK / Show response
as.innity.com/synd/ 461 B
1 KB 364ms
348ms Script
text/javascript 119.81.192.141
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: http://as.innity.com/synd/?cb=1623656849376&ver=1&pub=9188905e74c28e489b44e954ec0b9bca&zone=87319&output=js&flash=0&url=b.travelmiso.com&width=*&height=*&vpw=1600&vph=1200&auction=6619717-1056544
Requested by: Host: cdn.innity.net
URL: https://cdn.innity.net/admanager.js
Protocol: HTTP/1.1
Server: 119.81.192.141 Singapore, Singapore, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8d.c0.5177.ip4.static.sl-reverse.com
Software: Apache /
Resource Hash: 003ef653f4d00bcc48708007c00636b760c002f3ee2da5211960ceaf737c5484

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Jun 2021 07:47:29 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type: text/javascript; charset=utf-8
Content-Length: 296
Expires: Sat, 03 Sep 1983 02:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012105281634000/ Frame FA25 191 KB
55 KB 37ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105281634000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2026d59b88bda76d9a260d98a486e61cdf8f5dc92474fe4a256e03f5e50cc87

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 173309
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55221
x-xss-protection: 0
server: sffe
date: Sat, 12 Jun 2021 07:39:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8af8bfef65693cad"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 07:39:00 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012105281634000/v0/ Frame FA25 12 KB
5 KB 46ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105281634000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfa2c1817acc9845143087b8f08cfbf450334d63f8b69ea16ec5bf8222cc9ae8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 153297
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4567
x-xss-protection: 0
server: sffe
date: Sat, 12 Jun 2021 13:12:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ca56b057322a8584"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 13:12:32 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012105281634000/v0/ Frame FA25 87 KB
27 KB 46ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105281634000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac39fd2de34b92759571eae7493ba485a9c437b55a9b17e4ae0c2af108658e30

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 153297
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27321
x-xss-protection: 0
server: sffe
date: Sat, 12 Jun 2021 13:12:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3f2374642481d921"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 13:12:32 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012105281634000/v0/ Frame FA25 4 KB
2 KB 49ms
24ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105281634000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2995615474b2ef92946ae6000ca992f89c7ff861082cacb1aa2176e81b1514e2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 159390
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1522
x-xss-protection: 0
server: sffe
date: Sat, 12 Jun 2021 11:30:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "514585efdf5d56f0"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 11:30:59 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012105281634000/v0/ Frame FA25 41 KB
13 KB 50ms
25ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105281634000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84430d6abc2891ae6d6d74e51804bb5edfb8406efad225ad57d89801a1cd7d2a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 177770
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13144
x-xss-protection: 0
server: sffe
date: Sat, 12 Jun 2021 06:24:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "db4e8fd655d0c88e"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 06:24:39 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FA25 4 KB
690 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 07:23:50 GMT
server: ESF
date: Mon, 14 Jun 2021 07:47:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Jun 2021 07:47:29 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FA25 4 KB
713 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 07:24:05 GMT
server: ESF
date: Mon, 14 Jun 2021 07:47:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Jun 2021 07:47:29 GMT

GET
DATA 200
OK truncated
/ Frame FA25 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 46713f269f1fcb4a3a41668e69667f5a26e277471859aca5c6137acdceb24fb7

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 9249207743414056882
s0.2mdn.net/simgad/ Frame FA25 159 KB
159 KB 36ms
14ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/9249207743414056882

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff8ae9aba80ff52778a1eee179a2c2a74fb79c82328f25cc5ea8e1cf7772c1f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 08:58:41 GMT
x-content-type-options: nosniff
age: 168528
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162483
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 13:07:10 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 08:58:41 GMT

GET
H2 200 17200115544100271457
s0.2mdn.net/simgad/ Frame FA25 16 KB
16 KB 26ms
9ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/17200115544100271457

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d24b2ef764862fb3d4eb1e1e820087b54a08d7362fcf2b7708656c40b9d50e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 15:20:36 GMT
x-content-type-options: nosniff
age: 145613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15907
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 13:07:13 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 15:20:36 GMT

GET
H2 200 ad
googleads.g.doubleclick.net/dbm/ Frame FA25 42 B
656 B 57ms
25ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMK2zp2VmRQtwcXTTv8N9FcxhtU-QkINPxB75uHGftv0H5ZGd2p3gifX9PTGYlxT0dz-gOCzszAEhY-va6M9nC3a5S6OnQdRjGodDWfeaYADZ0aC9k0QMeS5DrZD0dusyWK4YGdE9Go-QsLb0BTMNTxRSOAw&dbm_d=AKAmf-A5XZcApbk9hFR8_tXSDr1DEzSfZssXyjYn7XwzlDVzN2DScpeaPlLou23MPQivz2ywB73VivXdSXeYZOKmdhJGXJ9-9kyeyQXjZ9sTEjPbJ4UDXHkfhbq7ZO4U26rRwGJApTWHTG_sL-bGm0KbFgZYhUdSoYXuDpOy1ev2jMnJxnOS3t0PRKefm7d9B7HobOHk5-7PpwR2SGSbDDEJ2aiUZgrnQzLk3ZS8nS2mY0fWZs93vMBegPgE_rLWyeZenubmgj9S9vCfu6m10hRo63CeY5XzWf8RD7M50njd4O31iKlFfmPwYYfU3hI99h-FvaIfCvQrQJ9hY-iVR8Jgpjur8ttqnl0rV_F3LS1aIc6gEUdwgfLqFquJMmUBnLnDU3mC-J9IOrTdqGS0V8fyAaZgXbRlazT1JCc7ONdJ2dK3EHTBHiX4cilrgFI2ZQ4OkrU_cXqlwimWSdyJy_6DTgDRPU_xdPKCyJxwx2J68iMRjcvkv27e-hWL6SEcA-Cctd4sjdaG7UH2JwrNAtcmBzlj1GOxffoWBTSKyEFNdB0sXPRTrG5sK3zy4e6VVgp9Z4asW3Smqr-Ge-0YuNeavKimQe9mUswaAMgzBVWQmcyGalPbZN4H0zXu3cT-Uj9sz2EkMY_gnH6FgArUDbEECcMrdLE_Y7gKPf5b1aSY0By6kONzf_3vfpaePICaYmD1SB-Zte-5yXx_XulKz6zjSb-Pidj4H-rajYfksOrDnyw5RJvJGdZW83sW8JGPvYmAGK71NKGo02ZKUobTCIhgd_P2VZcn9x9fdz4Xsh6x2RNbe3JoxIonBoOu-LwTsHSwXIHhaLxfuQxEzM_Ujyr45Ehnppz6IuO0XxRzPeYQ1Zu0ruTejzEq7pN45yLPRoGhFg_W3vhyaw9RADQjPtvELQNNBKWoNKq0YJpB_acVD-yxBASkF8i_Elbd_oJ4j2D4mdehA35kxNhLksX9KyZ-qTlILYZ5_by1hMiBuc5CbIlcwNtcDasE-8ryGtKKBSibLQ5qn0xK4vVsjVdQcSdVnZjd7zu9WIQ90yhlt0l4_E6bhmd6Uv71SaPJHFm7Dyxlgu1fDI9TsJtM8uN3E5EQTec1N5fWUiPRLpSH2Qlk-tSA808KISBtHNnV6Y3KklEW3ldmfMB0vQ8wnFlzvqf6dcSzLvrjjIqGfPo6DujzzP-i8jneM_H3hRuXnfadlXeSuqlakiw6lvEid193WrGFQlvCSxwj9K23ATfeUQ-4d3RmQd2PTzOz1wj7YZG5aK6SOS6CX8SfOAKfppU_A11EN_hfOn6_xfMV4NfZ6HIIfSelKzdbPoQTXIg8nviAonTUe6H6uxKBv6DVIZFEvz5TzDRURNrnX_OYIwZ2ljPx3MCsw5IgxNTvvjnwK552-m2kbveJXWYCRJzW_xMToZXkoF0BtSVvZoKnWUP8W9jIVa7vpiGQNMEZlKpW4ZQhbZT-87znWa5bMWjX1Wyd_KvXhd47_iEFZK--F0r0Rw0T4xPouSCL8uEfmpCLfM_no0TlJEPLupqJuoBU-Jb-WgTOQvdiRRS2_LSPGpqFA4_-Z5ZEQzR-lMfq7hIcvBc7VOoZHsSh4PHqvi3ypg3_b4-RKC_jra7DRJmUVr-NRdfTBBFTjSxmHwQPE73FbLvfl_BWw0Oecrc7fggcxGr_e9Oj-uNVEzm1Bdmni54Wj-LR9GmRwzz68DZBZL_rjullWyAghENJ4kr4svxve7EX5reeZrz3RAi0f2x17gQYwRXYYJsAu0Xot58pJc6m40KGjv80ShUphL38xZ8VYs2yZO6flV19Kdf2Cge-kHze3xy1WlE4r2M_YV1TRA5m8UoDzWxj_BNDRFReJcNoxnhgSQS_TwKUqvCfzDikBKfiR3H6-dEPr2B9jTu1P6Hm17Q3o7y8LRtloZlV93g2RJoptPC2WR8pvBtouJdjx1nXTK3HlRcIyWNXmc0Mh4tNPV52zMvY_9p50eiO-tQQ1xhA2ZCLaVaiWlR8ndJACPpqlRAN3nIy6kv8T9EEqLJArOQCqt_2_gN5WA-97vZ_BNwtZrgBDWvwxNLgvIzo5qfjaFGhaFfNW5nqW1cKaMQyx-6qd6CCLuAV1OrGSP_PYaUcQkV7JcHHZzRtE5xJ_wVDhhTSOZE-bhNNZPXn3aG25sTlYH2fBgPyCeGwwgogSAdDExKi33QdH6cj70FVSTKgREbLyFfD_4NTTUj5NQsOCdsrx78AU9xp5iugCfA8bBTyVFjnLmWSzjW0c212jjz9Kisiy75AAILMc1yfOOqWyPiOodsguIsR8Cb0g51YNHxJCMslIN6w6T9F3BJCKxtna5y1U2upwO3Fm3a-uGOQVPZOUBLBbtptQhS2_HQ19TK1kqB1SeEPhi_1qbXXAeTIbxA2cBrqvLhte6VlziL1XgHrTHyF1_CClYejRw2a_E2xP7dNFW2au5J-SwWUip4l8WW9GHwLJPMgxuTM9XzEPKNU3OeYBc3YPE8RTaXlKEu8NziqvR_dX2V2O_JIoBB_8tDEN7CMeLuoScpWpzOv582uzm205Mdjc6Q2l10YaGZCAmgrZ8sQRORojj3B7EXdy8KAwOvpqOBO0tXfpkk4XYKtBXK5dzpkGVLHduLiG5GWtx6Foxz-QlV1KFNvpp4fMFTMjMriA6c3UeGyFFvLheKyCp2ij04lNB4EKWK43TpVHGDFIE_v8DqprmUScMACVbNe2qzrTVZV_ChATAt2T7EDj_SEqdmSSS6PWUZNbi3TEIbt2jpk8Vj1WrIKM53_EVc8xAsGSTyx-JSBxS2H5EbWOVdLU0m7d7xo-U3rZb7F6ETIPlB0Me1t70LF5VmUU_hxtXMr6rmEifKTeSzqY1kR3OZwLHpxSQr2JVYW_NIRFDIFasDYDCrVu7weinVvReDkb-s07FDwMyhtq7Ho7l9gmuK5YqTxZPDw8jBItAq8ac5zPqk2nBDKA9BStm8SjHo0BEbD77a8ltKsYulUkkff5rE8LvNC-7Ld3qDJW8lmte71KVsGgUUKFgGFy4TSJkX66vYCZHPmmndQHOrdmUWE49G0zT8IZTil1wBkD4xWiPmitC0iXGYRDmDTBLeVyuZB1BHUS-U-cEc&cid=CAASFeRo91SOpFZvRmuuur0w42uMvimSlQ

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FA25 0
0 38ms
36ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBwmmkAnHYIL9L8bF-gaJ75GIBfOFws5it_6FrawN8C4QASDW5sVYYPuBgICICqABxduAggPIAQapAn7GHqepULQ-qAMByAMKqgTfAU_QP9qPX3BC_vTuHamNwrK9Csm4M82uApTYoOy9Lu4XgosqdVnIMiGhxCP53pCjw_x8EVsg4v5cauCV0Rvua7ZqctDb2NZiOhlB4oDFLRoyHjlSkck71nYUScQ91FZdXxCVAX0thCeWK_dlKZ0f2Fmph0pDf50GyXsIkkkn9tKQJLVMV1_DghMQhR-Y4glJ2ljoWo6UNr0ItSTnW0FtF23yRvjQUUPu9v2KmI7MGbaaalPLBX6qAJEXyrJz3VuWOF6LQvA8w52CcwfQiRqhZypwUgb6u6Cw50CfQL2fiUjABMiPh9W6A-AEA4gF2_rApS6SBQYIAxABGAGSBQYIGxADGAGSBQoIIhADGAFIiox4kgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAejpP99qAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RvYBwHyBwoQ8u0rGP-Ki58B0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi04NzU0MDQwMjA2OTQxODA2gAoDyAsBsBOko-QLyBOp1r8J2BMKiBQC2BQB0BUBgBcBshcaChgIABIUcHViLTIxMjg3NTcxNjc4MTI2NjM&sigh=y6ySLtyeFnY&cid=CAQSPgCNIrLM0DCygtDntXR_gbmWdPz3gzoTChzIixhIidMjdY1bD4kuTwJJ8cCZhX288W8q_86lQBPIFMmQrBkN&template_id=509&vt=10
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 204
No Content l
www.google.com/ads/measurement/ Frame FA25 0
0 29ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.google.com/ads/measurement/l?ebcid=ALh7CaTd5CVKIHUQk5Osx2SMW08Cec_ut8aMk4NrhfqK6eOUp_F8Vb1BnKQIxkZukZQ0NYLrNqGSJJbV5l1dpc0-lISJOj5f1A
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FA25 2 KB
3 KB 38ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:08:16 GMT
x-content-type-options: nosniff
server: cafe
age: 2353
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 15 Jun 2021 07:08:16 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FA25 295 B
779 B 37ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Jun 2021 09:59:33 GMT
x-content-type-options: nosniff
server: cafe
age: 78476
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 14 Jun 2021 09:59:33 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F955 10 KB
8 KB 44ms
19ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39400feef1b3f169ff0f204bffe6013d85488f5cad09d2c77b6c189d96c5dfad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7879
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6019 107 B
165 B 17ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6019 107 B
165 B 17ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6019 15 KB
9 KB 368ms
366ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1341104093862856&correlator=4140336665189956&output=ldjh&impl=fif&eid=31061161%2C31061224%2C31061290%2C31061142%2C21065724%2C31060840%2C44743203&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=42150330%2Ctravelmiso%2Ctravelmiso_300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&eri=2&cookie=ID%3D50616fdbca155aa8-226ea32460c800e7%3AT%3D1623656848%3AS%3DALNI_MZXAGngWBp2-1gcCz0gvAYYtSwh5Q&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1594654799&dt=1623656849567&dlt=1623656847991&idt=1502&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=619&adys=11&adks=3271745543&ucis=ktocs1w2i12o&ifi=1&ifk=1677781294&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fexm%2F300x250.html&ref=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x0&ga_vid=1302356462.1623656850&ga_sid=1623656850&ga_hid=138322028&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096c92a0666067dd2298e91f616f31105603df4b97b0e5329b1cb19b98487527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8988
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6019 0
0 43ms
13ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame 0DA5 360 KB
103 KB 32ms
31ms Script
application/javascript 2606:4700:3035::6815:2f1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/pav2_3.25.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2f1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6028
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0gvKm08vyUFhOsNqJpd23AG4L9kE0g%2Bkxl%2BoI3RW%2Fd4IGuHAE6e5uMVtox7cVTCQ9qEW9yeQ6F%2BXngSswQUzjkSioIvye1OkTV7nIBhmhPAxb9s%2FR5RWM66a9esUwMGy9X51KlWDlYz%2FNg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0aab1678a800004ac3a4364000000001
cf-ray: 65f1f36dda724ac3-FRA

GET
H2 200 container.html Show response
9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C995 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:28 GMT
expires: Tue, 14 Jun 2022 07:47:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
ads.viralize.tv/t-bid-done/ Frame 0513 0
83 B 25ms
25ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-done/?t=badn&item=NTU1NS23zt7cdAyJ&sc=wp9sc1&u=http%3A%2F%2Fb.travelmiso.com%2F&zid=AAC96m8Xp3g7AdmK&sid=01ebcce4c3c2c9daba62d346954ed281&l=gpt&as=google&ct=&cpm=0.1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 48CB 73 KB
28 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:29 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 48CB 10 KB
8 KB 34ms
19ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6f69c847297789d3b49e33222b86d227eff9535d82ac8aea0d53578c2f73157

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7906
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F955 17 KB
6 KB 28ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:29 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame FA25 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://b.travelmiso.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 07:18:32 GMT
x-content-type-options: nosniff
age: 174537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 07:18:32 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame FA25 16 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://b.travelmiso.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 05:30:17 GMT
x-content-type-options: nosniff
age: 181032
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 05:30:17 GMT

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ Frame 1FFD 61 KB
21 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e4810e88e50f93b12c1e24b897d264382cbcf6e2ba29054f68b19bc4dc4e104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "902 / 51 of 1000 / last-modified: 1623449339"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin: *
Content-Length: 21293
X-XSS-Protection: 0
Expires: Mon, 14 Jun 2021 07:47:29 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 52DC 5 B
448 B 67ms
66ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&cHJpY2VUeXBlPW5ldCZtaWQ9ODQ4NjYyJnRyYW5zYWN0aW9uSWQ9Y2FkZmU4ODItMTFhNi00YTI0LWEwNzgtMTcyNGVlYThjMzY4&pt=net&stid=004a7200-da65-49bf-92e4-c4bfba22b4bf&gdpr=0&gdpr_consent=undefined&fd=1&url=travelmiso.com

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 52DC 94 B
756 B 74ms
74ms XHR
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.27.0
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: f95f755c2acdc67ffc0f9c023958e499667d16945c14e8761e67710f53e42e89

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: http://b.travelmiso.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 97

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 52DC 5 B
448 B 66ms
66ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

GET
H2 200 hb Show response
ice.360yield.com/ Frame 52DC 2 KB
2 KB 92ms
91ms XHR
application/json 52.57.46.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%22202eccc25a4f568%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22viralize.com%22%2C%22sid%22%3A%222633%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%228273ca82be886b%22%2C%22pid%22%3A%2222340140%22%2C%22tid%22%3A%22cadfe882-11a6-4a24-a078-1724eea8c368%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.46.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-46-37.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 43bf5988d81c70ef9db806354e446194888e31a3959daa670e48324a37604ec3

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://b.travelmiso.com
date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 1534
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 52DC 5 B
448 B 68ms
68ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 52DC 19 B
870 B 44ms
43ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:29 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.69:80
AN-X-Request-Uuid: 54892a2e-f708-4576-b0de-3a924991cd74
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 52DC 0
188 B 17ms
17ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.27.0&cb=50462990542
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://b.travelmiso.com
date: Mon, 14 Jun 2021 07:47:28 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 52DC 19 B
871 B 28ms
28ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:29 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.249:80
AN-X-Request-Uuid: 9d7eca0d-92c5-4dba-aa2d-f25dba9622af
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 52DC 19 B
871 B 73ms
73ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:29 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.232:80
AN-X-Request-Uuid: 129ecabc-2bc1-450a-b54a-c9c221596e63
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ Frame A515 61 KB
21 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e4810e88e50f93b12c1e24b897d264382cbcf6e2ba29054f68b19bc4dc4e104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "902 / 686 of 1000 / last-modified: 1623449339"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin: *
Content-Length: 21293
X-XSS-Protection: 0
Expires: Mon, 14 Jun 2021 07:47:29 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 86D9 5 B
448 B 78ms
78ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&cHJpY2VUeXBlPW5ldCZtaWQ9ODQ4NjcwJnRyYW5zYWN0aW9uSWQ9YTUzN2RjYmMtNjhhNi00YWNjLWE5Y2EtYTkzMDNhZjUwODQz&pt=net&stid=48c58e7e-7d50-4c63-b986-dc1086e3cb6d&gdpr=0&gdpr_consent=undefined&fd=1&url=travelmiso.com

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 86D9 0
188 B 17ms
15ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.27.0&cb=42193413156
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://b.travelmiso.com
date: Mon, 14 Jun 2021 07:47:29 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 86D9 5 B
448 B 75ms
74ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 86D9 19 B
870 B 47ms
47ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:29 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.81:80
AN-X-Request-Uuid: 56472502-ff71-4d13-88a6-f1e96d1609c4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 86D9 93 B
758 B 92ms
71ms XHR
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.27.0
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 11f151f63f6c33bc305cf49bfacad897511341f59d7a55f478d599ce89f6788b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: http://b.travelmiso.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 86D9 19 B
871 B 33ms
31ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:29 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.137:80
AN-X-Request-Uuid: 964142d0-0380-40cd-b56c-c705c94cbd38
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 86D9 19 B
871 B 323ms
304ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:30 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.243:80
AN-X-Request-Uuid: 8742bd27-6985-4030-80e7-0ea250c6acbc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 86D9 5 B
448 B 71ms
69ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

GET
H2 200 hb Show response
ice.360yield.com/ Frame 86D9 99 B
515 B 29ms
28ms XHR
application/json 52.57.46.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%22206254ad851adab%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22viralize.com%22%2C%22sid%22%3A%222633%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2218ead3e77211dbe%22%2C%22pid%22%3A%2222340172%22%2C%22tid%22%3A%22a537dcbc-68a6-4acc-a9ca-a9303af50843%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.46.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-46-37.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: ff11504e753d665520758bf799d44d4b5d038344717cd54a8158157085536c1a

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://b.travelmiso.com
date: Mon, 14 Jun 2021 07:47:29 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 99
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0382 19 B
867 B 30ms
30ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adtrue.com
URL: http://cdn.adtrue.com/pb/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:29 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.249:80
AN-X-Request-Uuid: a9d1d8bc-20c2-4cbd-8bad-9b0d3f675fa8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://nichools.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK addelivery Show response
ap.lijit.com/ Frame A368 261 B
859 B 40ms
40ms Script
application/x-javascript 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/addelivery?zoneid=739868&tid=a_739868_bc525577f911439e862ec68774802197&cb=undefined&mode=1&flv=0.0.0&ifr=true&od=b.travelmiso.com&time=07%3A47%3A29&fd=1&be=sf&loc=http%3A%2F%2Fb.travelmiso.com%2F&orig_loc=http%3A%2F%2Fb.travelmiso.com%2F&abf=true&dpz=false&cv=undefined&dop=0&ndw=1&spif=true&btid=a_739868_bc525577f911439e862ec68774802197
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: d1470fedb0b3f22d190caf0e733c4a2719fe4107d2ba78de127c683ff77e95f6

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 213

GET
H/1.1 200
OK /
optimize.innity.com/ 43 B
452 B 363ms
328ms Image
image/gif 119.81.3.35
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://optimize.innity.com/?pubid=244&zoneid=87316&cb=1623656849871
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 119.81.3.35 Singapore, Singapore, ASN36351 (SOFTLAYER, US),
Reverse DNS: 23.03.5177.ip4.static.sl-reverse.com
Software: Apache /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:30 GMT
Last-Modified: Mon, 14 Jun 2021 07:47:30 GMT
Server: Apache
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 03 Sep 1983 02:00:00 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 48CB 17 KB
6 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:29 GMT

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ Frame 2559 107 B
165 B 18ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2559 107 B
122 B 24ms
22ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2559 0
20 B 47ms
15ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=2510096599890606&lenfreqs=19%3A1&vrg=2021060801&nw_id=21710144538&nslots=1&eid=31061411%2C31060839&pub_url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fstr%2F300x250.html

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/str/300x250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2559 27 KB
11 KB 73ms
66ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2510096599890606&correlator=421145905799779&output=ldjh&impl=fif&eid=31061411%2C31060839&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=21710144538%2CDR-GAM-DSK-Travelmiso.com-Directt-RS-STDB-300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=360x300%7C336x280%7C250x250%7C300x250&click=%25%25CLICK_URL_UNESC%25%25&eri=4&cookie=ID%3Db91b9b5f565a940c-22be692f60c800c1%3AT%3D1623656848%3AS%3DALNI_MaCeK9VJ9WHo6uzkqFT5jU9FrT_Mg&cdm=b.travelmiso.com&bc=23&abxe=1&dt=1623656849911&dlt=1623656848081&idt=1815&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=923&adys=11&adks=2386355533&ucis=gejdp25457rd&ifi=1&ifk=1079569232&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=travelmiso.com&loc=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fstr%2F300x250.html&top=b.travelmiso.com&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x0&ga_vid=1111219581.1623656850&ga_sid=1623656850&ga_hid=817168861&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98d407420c0646ba318a99206b195f48ba941b49b39d99d7b4c8b369e354d573

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10903
x-xss-protection: 0
google-lineitem-id: 5501047361
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138326433214
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
d37a3d611da7e5645e51e40f900e5b66.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2559 0
0 43ms
13ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d37a3d611da7e5645e51e40f900e5b66.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 204 /
ads.viralize.tv/track/ Frame 0513 0
39 B 22ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_done%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTU1NS23zt7cdAyJ~wp9sc1%3A0%22%2C%22bid_done_id%22%3A%220%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_selected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H2 204 /
ads.viralize.tv/track/ Frame 52DC 0
39 B 24ms
21ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A10%2C%22category%22%3A%22player_session%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%22%2C%22player_session_id%22%3A%220%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22activation%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H2 200 / Show response
ads.viralize.tv/t-bid-opportunity/ Frame 52DC 0
83 B 25ms
21ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-opportunity/?t=badn&zid=AAC96NRlexLe0QQQ&sid=01ebcce4c3c2ea8c58b46cce1d6fbb61&u=http%3A%2F%2Fb.travelmiso.com%2F&item=NTQwMhF5fDYzZBha.4.wp4sc1&item=NTM4NOazVeU25U7P.1.wp1sc1&item=NTQwMhF5fDYzZBha.2.wp2sc1&item=NTM2NmA42SzuJNnK.0.wp0sc1&item=NTQwMhF5fDYzZBha.3.wp3sc1&item=NTQ3NXhJL5pivmX_.6.wp6sc1&item=NTQyORfzaWDo5H6H.5.wp5sc1&item=NTQ3NXhJL5pivmX_.8.wp8sc1&item=NTQ3NXhJL5pivmX_.7.wp7sc1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 204 /
ads.viralize.tv/track/ Frame 86D9 0
39 B 22ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A10%2C%22category%22%3A%22player_session%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%22%2C%22player_session_id%22%3A%220%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22activation%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H/1.1 200
OK passback.js Show response
cdn.adtrue.com/rtb/ Frame AB28 753 B
912 B 25ms
24ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.adtrue.com/rtb/passback.js
Requested by: Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Wed, 28 Oct 2020 03:26:52 GMT
Server: cloudflare
Age: 4625158
ETag: W/"5f98e4fc-2f1"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31104000
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f370ffe14e25-FRA
cf-request-id: 0aab167a9d00004e25b710c000000001
Expires: Sat, 16 Apr 2022 19:01:32 GMT

GET
H2

200

trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/
Redirect Chain

https://track.adform.net/serving/scripts/trackpoint/async/
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

80 KB
28 KB

139ms
50ms

Script
application/x-javascript

37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5addb050e7fe474684bcb62d5bc8717ab681735dce2d2539631a08d570cf81a5

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
last-modified: Mon, 17 May 2021 07:34:37 GMT
server: nginx
etag: W/"60a21c8d-13e2b"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

Redirect headers

location: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
date: Mon, 14 Jun 2021 07:47:30 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 / Show response
ads.viralize.tv/t-bid-opportunity/ Frame 86D9 0
83 B 22ms
22ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-opportunity/?t=badn&zid=AADSIf6-RvqhS2yK&sid=01ebcce4c3c2f72898a9f96e66b7e271&u=http%3A%2F%2Fb.travelmiso.com%2F&item=NTQwNyJ6ooeDAV4x.2.wp2sc1&item=NTQzM4NJLhxQu4hM.5.wp5sc1&item=NTQwNyJ6ooeDAV4x.4.wp4sc1&item=NTQ3N2kIqZELw1g2.6.wp6sc1&item=NTM3OGqLtz5uBKJP.1.wp1sc1&item=NTQ3N2kIqZELw1g2.8.wp8sc1&item=NTQ3N2kIqZELw1g2.7.wp7sc1&item=NTQwNyJ6ooeDAV4x.3.wp3sc1&item=NTM2MOQMamNKeb6g.0.wp0sc1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H3-29 200 container.html Show response
8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F846 6 KB
3 KB 20ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:29 GMT
expires: Tue, 14 Jun 2022 07:47:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6019 73 KB
28 KB 27ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0DA5 19 B
867 B 26ms
25ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:30 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.147:80
AN-X-Request-Uuid: 12f5ed11-347a-4ff7-8b1d-04bfb18c6d20
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://nichools.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 0DA5 5 B
445 B 90ms
90ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTEwMzA1NjQmdHJhbnNhY3Rpb25JZD1iODhlZmZlZS1mODI3LTRlOTQtODg0MS0yODU5ZmJhZjhlYzA%3D&pt=gross&stid=cc969ac8-9de7-4271-ac00-9a1a340a0b68&gdpr=0&gdpr_consent=undefined&fd=1

Requested by

Host: projectagora.net
URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://nichools.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

GET
H/1.1 200
OK / Show response
as.innity.com/synd/ 461 B
1 KB 180ms
180ms Script
text/javascript 119.81.192.141
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: http://as.innity.com/synd/?cb=1623656850159&ver=1&pub=9188905e74c28e489b44e954ec0b9bca&zone=89377&output=js&flash=0&url=b.travelmiso.com&width=*&height=*&vpw=1600&vph=1200&auction=6619717-1056544
Requested by: Host: cdn.innity.net
URL: https://cdn.innity.net/admanager.js
Protocol: HTTP/1.1
Server: 119.81.192.141 Singapore, Singapore, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8d.c0.5177.ip4.static.sl-reverse.com
Software: Apache /
Resource Hash: bc3f5bd37566f24846d301e072a8d8fc26d59cefa46680dd16d66e9d67498278

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Jun 2021 07:47:30 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type: text/javascript; charset=utf-8
Content-Length: 296
Expires: Sat, 03 Sep 1983 02:00:00 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4D7F 0
0 37ms
35ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst1f8zLIV616Sx3-TYgtfWxD-Xu_4YV_q36Rd5YZ0OI5PINk5-82l0wxPRDtZErioc6ArNqDxETNHqV5R6Oe0aTuBgON0OC8Yxc4-Xj28BbuUlH2-NqVqg-CEpa46BeixMvY9op1BqUrLMn98okEfyl3-hR7WOdh4Vd7XrMnwfS1VCppVP443tYei77EbLZY3z2OG-yb6Y4yfjx52T-cpofRaYjvbOF3m_uUFdi7JbQmtbZGWFi5uXAblMkIVFBVT_wZ1sy1v_F2JnG6Oq57L8Orxeb73ojXgMBhUmcPTGYz2JAC8a_IhLYV1aGNSjQjo65Ld2Q4NDgq0R_AtcFiFUyemghzZw&sig=Cg0ArKJSzIua_j7QkXrDEAE&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame 4D7F 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fc32732b1520df908e4ce5063434010c35725a930e0cc9df0be61c66a87cf32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7010
x-xss-protection: 0
server: cafe
etag: 16168581138844513892
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:38 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 4D7F 2 KB
1 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:48 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4D7F 122 KB
37 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H/1.1 204
No Content l
www.google.com/ads/measurement/ Frame 4D7F 0
0 27ms
20ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.google.com/ads/measurement/l?ebcid=ALh7CaRcL5ML78vFzmgbG_eqa3Zc9kHoZpdqLTlLTWfHPfOH8F2fzzN2jajKQRm1EOsVz_KrEa3V
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: HTTP/1.1
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 11514821805413349462
tpc.googlesyndication.com/simgad/ Frame 4D7F 8 KB
8 KB 9ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11514821805413349462

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65a9452c1fb9633ef8025adfe2806f2cfa8bc2d98800cdeda25903eac59040c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 09:30:44 GMT
x-content-type-options: nosniff
age: 166606
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8202
x-xss-protection: 0
last-modified: Thu, 08 Oct 2020 14:16:26 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 09:30:44 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2559 73 KB
28 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame FA25
Redirect Chain

http://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

61ms
39ms

Image
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Date: Mon, 14 Jun 2021 07:47:30 GMT
X-Content-Type-Options: nosniff
Server: safe
Content-Type: text/html; charset=UTF-8
Location: https://googleads.g.doubleclick.net/pagead/drt/si
Cache-Control: private
Content-Length: 246
X-XSS-Protection: 0

GET
H/1.1 200
OK ad-exchange.js Show response
gamma.cachefly.net/js/ Frame 03F2 8 KB
3 KB 40ms
19ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: http://gamma.cachefly.net/js/ad-exchange.js
Requested by: Host: www.travelmiso.com
URL: http://www.travelmiso.com/acta/friends/inndef_300x250.asp
Protocol: HTTP/1.1
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 8bc47888d38c629485975fa1e1f57bf5166fd24880bebf2fdaa4ccd190313f47

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Encoding: gzip
X-CF3: M
CF4ttl: 604800.000
X-CF1: 16114:fB.cdg1:co:1615366953:cacheB.cdg1-01:H
Gamma-CDN: srv_178
Connection: keep-alive
Content-Length: 2563
x-cf-tsc: 1620771469
X-CF2: H
Last-Modified: Wed, 10 Mar 2021 07:30:07 GMT
Server: CFS 0215
X-CFF: B
ETag: W/"6048757f-1eed"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
CF4Age: 0
Accept-Ranges: bytes
Expires: Tue, 15 Jun 2021 07:47:30 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 036B 62 KB
21 KB 32ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/yl/300x250-btf.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

919fb9fa52c5f27bb44af11974680460765fd798bea364165a97b06d6e6d585d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 359 of 1000 / last-modified: 1623449396"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21414
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H/1.1 200
OK ad-exchange.js Show response
gamma.cachefly.net/js/ Frame C527 8 KB
3 KB 38ms
19ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: http://gamma.cachefly.net/js/ad-exchange.js
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/300x250.html
Protocol: HTTP/1.1
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 8bc47888d38c629485975fa1e1f57bf5166fd24880bebf2fdaa4ccd190313f47

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Encoding: gzip
X-CF3: M
CF4ttl: 604800.000
X-CF1: 16114:fB.cdg1:co:1615366953:cacheB.cdg1-01:H
Gamma-CDN: srv_178
Connection: keep-alive
Content-Length: 2563
x-cf-tsc: 1620771469
X-CF2: H
Last-Modified: Wed, 10 Mar 2021 07:30:07 GMT
Server: CFS 0215
X-CFF: B
ETag: W/"6048757f-1eed"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
CF4Age: 0
Accept-Ranges: bytes
Expires: Tue, 15 Jun 2021 07:47:30 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame B966 62 KB
21 KB 33ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/vls/300x250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

919fb9fa52c5f27bb44af11974680460765fd798bea364165a97b06d6e6d585d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 343 of 1000 / last-modified: 1623449396"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21414
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H/1.1 200
OK apnx_prebid.js Show response
www.travelmiso.com/js/ Frame 9F02 176 KB
56 KB 173ms
172ms Script
application/javascript 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.travelmiso.com/js/apnx_prebid.js
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/bt/300x250-btf.html
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: bff83be7565cfae98489d532757ca6117d69ae27dc45695ab34dc1653b3108ec

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Jun 2021 02:41:34 GMT
Server: Microsoft-IIS/10.0
ETag: "0c3f6f5d85cd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 57229

GET
H/1.1

200
OK

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame 5BD4
Redirect Chain

http://ads.aralego.com/sdk
http://cdn.aralego.net/ucfad/sdk/us-east/sdk

39 KB
40 KB

20ms
20ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/ucf/300x250.html
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a87fd41597436af0e4160d453d7e8e2b4384edb15d2fdf2058de7c29b31e637

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:30 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 4327
Connection: keep-alive
Content-Length: 40120
cf-request-id: 0aab167d7400004a568f2f2000000001
Last-Modified: Fri, 28 May 2021 01:36:32 GMT
Server: cloudflare
ETag: "60b04920-9cb8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kk8VnbTUcJLeA5kY7sArStnTS7khyL9oc%2BTnHig2rGjCsuFuWf%2B2RSszaPYFheRLBKzs%2FUm4y54L9%2FIWUcV%2FSjtYooHtxlorqCvbwQND7ygF7QJS3K8udWmmu%2FwISgPMc1P%2FoOIsJh4%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/octet-stream
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
CF-RAY: 65f1f3758a0a4a56-FRA

Redirect headers

Location: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
Content-length: 0

GET
H3-29 200 9249207743414056882
s0.2mdn.net/simgad/ Frame FA25 159 KB
159 KB 24ms
9ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/9249207743414056882

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105281634000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff8ae9aba80ff52778a1eee179a2c2a74fb79c82328f25cc5ea8e1cf7772c1f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 08:58:41 GMT
x-content-type-options: nosniff
age: 168529
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162483
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 13:07:10 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 08:58:41 GMT

GET
H3-29 200 17200115544100271457
s0.2mdn.net/simgad/ Frame FA25 16 KB
16 KB 21ms
6ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/17200115544100271457

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105281634000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d24b2ef764862fb3d4eb1e1e820087b54a08d7362fcf2b7708656c40b9d50e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 15:20:36 GMT
x-content-type-options: nosniff
age: 145614
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15907
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 13:07:13 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 15:20:36 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FA25 2 KB
2 KB 9ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105281634000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:08:16 GMT
x-content-type-options: nosniff
server: cafe
age: 2354
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 15 Jun 2021 07:08:16 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FA25 295 B
319 B 7ms
6ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105281634000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Jun 2021 09:59:33 GMT
x-content-type-options: nosniff
server: cafe
age: 78477
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 14 Jun 2021 09:59:33 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 7BBE 62 KB
21 KB 41ms
38ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/yl/300x250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc1f4260b8ba9a8dac40ad8ae96b96856c85497b74b88e8dd2f81e0de8553415

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 746 of 1000 / last-modified: 1623449396"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21414
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H2 204 /
ads.viralize.tv/track/ Frame 52DC 0
39 B 30ms
29ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTQyORfzaWDo5H6H~wp5sc1%22%2C%22bid_opportunity_id%22%3A%22NTQyORfzaWDo5H6H~wp5sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTQ3NXhJL5pivmX_~wp8sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3NXhJL5pivmX_~wp8sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTQ3NXhJL5pivmX_~wp6sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3NXhJL5pivmX_~wp6sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTQwMhF5fDYzZBha~wp4sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwMhF5fDYzZBha~wp4sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTQwMhF5fDYzZBha~wp2sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwMhF5fDYzZBha~wp2sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTQwMhF5fDYzZBha~wp3sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwMhF5fDYzZBha~wp3sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTM4NOazVeU25U7P~wp1sc1%22%2C%22bid_opportunity_id%22%3A%22NTM4NOazVeU25U7P~wp1sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H2 204 /
ads.viralize.tv/track/ Frame 52DC 0
39 B 21ms
21ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTQ3NXhJL5pivmX_~wp7sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3NXhJL5pivmX_~wp7sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTM2NmA42SzuJNnK~wp0sc1%22%2C%22bid_opportunity_id%22%3A%22NTM2NmA42SzuJNnK~wp0sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 7388 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4325
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 44E7 783 B
1 KB 45ms
17ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e73d7845e7e20bc462c8b30486f635c38382e32b64310752e002bad6b268a4db

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YrxeyObXUvEtwHY1CyR6tg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:30 GMT
date: Mon, 14 Jun 2021 07:47:30 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-YrxeyObXUvEtwHY1CyR6tg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1FFD 318 KB
112 KB 48ms
40ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H/1.1 200
OK /
optimize.innity.com/ 43 B
452 B 177ms
172ms Image
image/gif 119.81.3.35
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://optimize.innity.com/?pubid=244&zoneid=87319&cb=1623656850315
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 119.81.3.35 Singapore, Singapore, ASN36351 (SOFTLAYER, US),
Reverse DNS: 23.03.5177.ip4.static.sl-reverse.com
Software: Apache /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:30 GMT
Last-Modified: Mon, 14 Jun 2021 07:47:30 GMT
Server: Apache
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 03 Sep 1983 02:00:00 GMT

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame A515 318 KB
112 KB 40ms
40ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H3-29 200 spam_signals_bundle_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/spam_signals/ Frame C995 6 KB
3 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/spam_signals/spam_signals_bundle_fy2019.js

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f5fef98536ca998c6c96da019f7c4db5bb28cd498b885375eadef7bf691bdbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2072
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2937
x-xss-protection: 0
server: cafe
etag: 16555246400765552577
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:12:58 GMT

GET
H3-29 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame C995 30 KB
12 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08bc5b2eb4be9bcfb0a533f41a80348f1d5620ee6aed2291b4ed5142cef8b0c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:26:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12041
x-xss-protection: 0
server: cafe
etag: 4128451431288009682
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:26:30 GMT

GET
H3-29 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame C995 22 KB
7 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 08:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84097
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 13 Jun 2022 08:25:53 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame C995 17 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite_fy2019.js

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fc32732b1520df908e4ce5063434010c35725a930e0cc9df0be61c66a87cf32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7010
x-xss-protection: 0
server: cafe
etag: 16168581138844513892
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:38 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame C995 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:48 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C995 122 KB
37 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame C995 13 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:12 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame C995 0
0 16ms
16ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ7fIsrrS_ymvnIbsC5SYzg3mWdmsHJ-y5yKFCHy_q_H_vorlAh6cvfAffXI59iAoJaYg_niRb15t23wJEtgAvwDiMd5Q
Requested by: Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK loader.js Show response
cdn.taboola.com/libtrc/travelmiso300x250gr-r19505065/ Frame 6040 72 KB
20 KB 267ms
221ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.taboola.com/libtrc/travelmiso300x250gr-r19505065/loader.js
Requested by: Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1
Protocol: HTTP/1.1
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f0ee7153e4635b6c56ebdd0e3eea1463aea8deab28c3a9d4f08cfc28efb6053

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: cGc3V8clZgYfenvUKZ4J3yNfonOly8uj
Content-Encoding: gzip
ETag: "f9604526f4bfe19bbc1c0ac371e2b084"
Age: 0
X-Cache: HIT
Connection: keep-alive
Content-Length: 19560
x-amz-id-2: kkrfMjpJvyE+Oh9JUoTg5xRINR35jWO6WU+Pg2Zk5DH8JajgrPDuMEF7q5oM7yyWynGyjq44MBw=
X-Served-By: cache-hhn11547-HHN
Last-Modified: Sun, 13 Jun 2021 09:46:16 GMT
Server: AmazonS3
X-Timer: S1623656850.415849,VS0,VE188
Date: Mon, 14 Jun 2021 07:47:30 GMT
Vary: Accept-Encoding
x-amz-request-id: CK89ANCD7NTCG1XM
Via: 1.1 varnish
Cache-Control: private,max-age=14401
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
abp: 96
X-Cache-Hits: 1

GET
H/1.1 204
No Content /
projectagora-483829-hdb.adomik.com/ Frame 0DA5 0
103 B 202ms
39ms Image
text/plain 52.18.44.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiY2M5NjlhYzgtOWRlNy00MjcxLWFjMDAtOWExYTM0MGEwYjY4IiwiaG9zdG5hbWUiOiJuaWNob29scy5jb20iLCJldmVudHNCeVBsYWNlbWVudENvZGUiOlt7InNpemVzIjpbXSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbeyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiQVBQTkVYVVMifSx7ImJpZGRlciI6IkFERk9STSJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fV19&id=cc969ac8-9de7-4271-ac00-9a1a340a0b68&part=0&on=0
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.44.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:30 GMT
Server: nginx

GET
H/1.1

200
OK

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame B5A2
Redirect Chain

http://ads.aralego.com/sdk
http://cdn.aralego.net/ucfad/sdk/us-east/sdk

39 KB
40 KB

26ms
17ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/ucf/300x250-2.html
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a87fd41597436af0e4160d453d7e8e2b4384edb15d2fdf2058de7c29b31e637

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:30 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 4327
Connection: keep-alive
Content-Length: 40120
cf-request-id: 0aab167d8f00004a569f085000000001
Last-Modified: Fri, 28 May 2021 01:36:32 GMT
Server: cloudflare
ETag: "60b04920-9cb8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Bv1%2BSETjcb6jqjmBu%2BELdreSGGU0cZV4B19hATnwbEMaA%2FMc%2FU8F5CREOo1LY%2F%2FyLYHVXJjKoygxSbkHGu1nGNf%2B9gxHeODo2sckQxvu6p2QjeluyP8jrJzhYqtK%2FzKOiB01IOf4nbw%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/octet-stream
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
CF-RAY: 65f1f375ba744a56-FRA

Redirect headers

Location: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
Content-length: 0

GET
H/1.1 200
OK adopJ.js Show response
compass.adop.cc/assets/js/adop/ Frame 1EF1 3 KB
2 KB 76ms
32ms Script
application/javascript 13.32.25.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://compass.adop.cc/assets/js/adop/adopJ.js?v=14
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: HTTP/1.1
Server: 13.32.25.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-25-2.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 251e9b67408005183aefc63f5b2cdf136bddb8eec9a8080cdc072c6ebc16044f

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:44:23 GMT
Content-Encoding: gzip
Age: 187
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1921
Last-Modified: Tue, 11 May 2021 09:31:17 GMT
Server: nginx
ETag: W/"609a4ee5-d6b"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Via: 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
Cache-Control: max-age=600
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Cf-Id: exjrAVzm2I5DntCBtVkCxBHFquiUdSflGvZQWiG2GBGBZ1o663LGog==
Expires: Mon, 14 Jun 2021 07:54:23 GMT

GET
H/1.1 200
OK Cookie set beacon Show response
gslbeacon.lijit.com/ Frame 97BE 5 KB
2 KB 126ms
38ms Document
text/html 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 371b8443d6e32f38fd5ffe9dcdca7b79e925eff402422f0692a5d89f364d014a

Request headers

Host: gslbeacon.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://nichools.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=2122916275e28e076559a386
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://nichools.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxdkDESwzAIBP%2BiOgUgBChf8%2FjviTxu2HIZZu%2FgGjq%2BGjbTpy35DHvQK8IPRnSeHVM7q4Chy1dnoXF475194z8pOFChkFHoVA5eYPrQwOjbaIh8i%2FeDIvJw9hsn8hx%2Bh39hf7V%2F3D8tAVUR;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:30 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:30 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=2122916275e28e076559a386;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap3ams1

GET
H/1.1 200
OK containertag Show response
ap.lijit.com/ Frame A368 47 KB
6 KB 32ms
31ms Script
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/containertag?containerId=18&zoneId=739868&v=2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 95e34a03ddc9ddc4072f9cec85ada3927af89fb9f8d65350654401bc66447de3

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: raptor
Vary: Accept-Encoding
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap7ams1
Content-Type: application/json
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK impression
vap7ams1.lijit.com/addelivery/ Frame A368 43 B
567 B 107ms
28ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vap7ams1.lijit.com/addelivery/impression?bannerid=0&campaignid=232&zoneid=739868&tid=a_739868_bc525577f911439e862ec68774802197
Requested by: Host: nichools.com
URL: http://nichools.com/user?i=jvz1bqas4afbza0812345&a=fdd68d248266fd4eefa4158297b65a017&cb=1266771623656847653
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:30 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 4894 12 KB
5 KB 12ms
11ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4325
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 35B1 783 B
532 B 37ms
18ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9a908dd3b5b0c26a5191554916d22ad65325a01304ec36e145fe3b9295a481a1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bm2L58pvfIrcvl17ByYkXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Mon, 14 Jun 2021 07:47:30 GMT
date: Mon, 14 Jun 2021 07:47:30 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-bm2L58pvfIrcvl17ByYkXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK passback Show response
exchange.adtrue.com/tag/ Frame AB28 296 B
588 B 184ms
176ms Script
application/javascript 35.166.70.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://exchange.adtrue.com/tag/passback?adtrue_pzoneid=19020&divid=968174944&ref=undefined
Requested by: Host: cdn.adtrue.com
URL: http://cdn.adtrue.com/rtb/passback.js
Protocol: HTTP/1.1
Server: 35.166.70.150 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-166-70-150.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 02a5518875d045157cd5d6d44e20f74dee4c80d0a1135a17fd942049b91c6685

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:30 GMT
Server: nginx
Connection: keep-alive
Content-Length: 296
Content-Type: application/javascript

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame D78A 61 KB
21 KB 47ms
41ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adsp/300x250.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

888a2d9e7b43da55dcdd8d06ad69bd5b5f550750537a9c64380776a246c9244e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 342 of 1000 / last-modified: 1623449396"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21294
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4D7F 0
0 137ms
102ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuUHAkeemO3y5H7HcUPq66xybnB6xlT74_0fdtyfGEq5N7ST1UME7f4EF9GvcEjzNespRnWf4wUoVM6EWH4YagS95jcdYUrU6Tycl2n8B9wVaKv3ndRMkrSUw9-vbHHGhfLnn64ZxWBbbaMf3K8Ef3FglS04DvsWbkTemawDKv0iutszJ65SvyeVKLVPOv9Ovp4bPDxTmRsotsMyecQNhhjT_Lm2WOa8pomlDR4VnDIK6eBqpB0gvCW_H6ciit3pI-gg7ptL16x-wHIon0ItBsa9M8qmdGMAAP-FUlM2awWwPYOWC9WY_0KjoYBzEDWTPDB2CII77HfelxtHhq0Tf5KJsvlBTV8Dw&sig=Cg0ArKJSzMp2tzuc-ty4EAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
DATA 200
OK truncated
/ Frame 4D7F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b0b4b1315054f307bd389dbef9bdc554334eaf768388d670899eb05d03cdde0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 /
ads.viralize.tv/track/ Frame 86D9 0
39 B 24ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTQzM4NJLhxQu4hM~wp5sc1%22%2C%22bid_opportunity_id%22%3A%22NTQzM4NJLhxQu4hM~wp5sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTQ3N2kIqZELw1g2~wp8sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3N2kIqZELw1g2~wp8sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTM2MOQMamNKeb6g~wp0sc1%22%2C%22bid_opportunity_id%22%3A%22NTM2MOQMamNKeb6g~wp0sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTQ3N2kIqZELw1g2~wp6sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3N2kIqZELw1g2~wp6sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTQwNyJ6ooeDAV4x~wp2sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNyJ6ooeDAV4x~wp2sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTQwNyJ6ooeDAV4x~wp4sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNyJ6ooeDAV4x~wp4sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTQwNyJ6ooeDAV4x~wp3sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNyJ6ooeDAV4x~wp3sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H2 204 /
ads.viralize.tv/track/ Frame 86D9 0
39 B 24ms
23ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTM3OGqLtz5uBKJP~wp1sc1%22%2C%22bid_opportunity_id%22%3A%22NTM3OGqLtz5uBKJP~wp1sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTQ3N2kIqZELw1g2~wp7sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3N2kIqZELw1g2~wp7sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H/1.1 200
OK / Show response
tag.gammaplatform.com/adx/request/ Frame 03F2 3 KB
3 KB 348ms
323ms Script
application/x-javascript 54.255.154.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2F&zt=&cb=412743/
Requested by: Host: gamma.cachefly.net
URL: http://gamma.cachefly.net/js/ad-exchange.js
Protocol: HTTP/1.1
Server: 54.255.154.87 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-154-87.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: e2ce2abbbf2b119f752b0af17d63e7476d9ff913ebf881c58dcd1b65866b1e26

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: application/x-javascript
server-time: 1.1(DD).1(B).1(W).1(CB).2
x-server: AdEx-App121
access-control-allow-credentials: true
x-robots-tag: noindex
transfer-encoding: chunked

GET
H/1.1 200
OK / Show response
tag.gammaplatform.com/adx/request/ Frame C527 3 KB
3 KB 374ms
358ms Script
application/x-javascript 54.255.154.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=876052/
Requested by: Host: gamma.cachefly.net
URL: http://gamma.cachefly.net/js/ad-exchange.js
Protocol: HTTP/1.1
Server: 54.255.154.87 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-154-87.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bc3e89c12c1a96f03ae450e7d37fe86ddbd3fbc5d60f60dc35c41e457a457d7f

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: application/x-javascript
server-time: 0.1(DD).1(B).1(W).1(CB).1
x-server: AdEx-App149
access-control-allow-credentials: true
x-robots-tag: noindex
transfer-encoding: chunked

GET
H3-29 200 pubads_impl_2021060901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 036B 326 KB
114 KB 42ms
33ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 08:43:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116890
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H3-29 200 pubads_impl_2021060901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 7BBE 326 KB
114 KB 34ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 08:43:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116890
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H/1.1

200
OK

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/
Redirect Chain

http://ads.aralego.com/sdk
http://cdn.aralego.net/ucfad/sdk/us-east/sdk

39 KB
40 KB

15ms
14ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a87fd41597436af0e4160d453d7e8e2b4384edb15d2fdf2058de7c29b31e637

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:31 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 4328
Connection: keep-alive
Content-Length: 40120
cf-request-id: 0aab16807100004a56b69ec000000001
Last-Modified: Fri, 28 May 2021 01:36:32 GMT
Server: cloudflare
ETag: "60b04920-9cb8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Ms2i1QVIoRE3o9WUpVKnlGhTyZnUpWhdgGijawzKUnwycHKUGIhHCvw7qfzfDqa3q8QMW8xP58Rg6ZraZj1QPJqzdFdQY7%2F%2B8UO0Ml6sVfut8BxKLjjxGhbaWCes2vPyOtJbLO3Lceo%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/octet-stream
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
CF-RAY: 65f1f37a4d924a56-FRA

Redirect headers

Location: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
Content-length: 0

GET
H/1.1 200
OK / Show response
as.innity.com/synd/ 807 B
1 KB 182ms
181ms Script
text/javascript 119.81.192.141
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: http://as.innity.com/synd/?cb=1623656850830&ver=1&pub=9188905e74c28e489b44e954ec0b9bca&zone=87315&output=js&flash=0&url=b.travelmiso.com&width=728&height=90&vpw=1600&vph=1200&auction=6619717-1056544
Requested by: Host: cdn.innity.net
URL: https://cdn.innity.net/admanager.js
Protocol: HTTP/1.1
Server: 119.81.192.141 Singapore, Singapore, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8d.c0.5177.ip4.static.sl-reverse.com
Software: Apache /
Resource Hash: fcedf6a84bc89ab6d1d7da6a01f7f131342ed6a1f05f7cecc6eea4a85dd1c951

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Jun 2021 07:47:30 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type: text/javascript; charset=utf-8
Content-Length: 454
Expires: Sat, 03 Sep 1983 02:00:00 GMT

GET
H3-29 200 pubads_impl_2021060901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame B966 326 KB
114 KB 39ms
38ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 08:43:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116890
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D8A6 624 B
297 B 16ms
15ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMLX3AIQvtXeAhiTyKacATAB&v=APEucNUbhzLCmD2SxeOMtEzL9erscQwnNuHamIw-FrmJWN1k2OFRvBiBOiAkxyN242UYgNUxt437RrPYOheAinpmfAJ5IZ0lPfdwwLSelUDUYiNn0W1bymJJjJ3Gr6STudQIgBrOeZwMuiDysAFg0VfA4uoYkaUwd4tJFPnff-ZqRl9b3WjPUtZLsE_NN0xePwwy8H38BkQ2

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMLX3AIQvtXeAhiTyKacATAB&v=APEucNUbhzLCmD2SxeOMtEzL9erscQwnNuHamIw-FrmJWN1k2OFRvBiBOiAkxyN242UYgNUxt437RrPYOheAinpmfAJ5IZ0lPfdwwLSelUDUYiNn0W1bymJJjJ3Gr6STudQIgBrOeZwMuiDysAFg0VfA4uoYkaUwd4tJFPnff-ZqRl9b3WjPUtZLsE_NN0xePwwy8H38BkQ2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkWrAMFjgaPY-5Wy0_C16B8n7Pl47SH-Jjtp9jo0joVkjSULWNSk0VeJUUrC3w; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Jun 2021 07:47:31 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F846 58 KB
23 KB 60ms
38ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BDC0oRWQCQOywspfm2pNwCDAubi7dnV9fDFQl3D-MGzuibRFPxJM26uze9CEvIt4_O24oIKw20AJoziEnQ5sA1It4wd21eYewE3MRxsBAyThwqnHz44-zColeXdK7SANfADRSWjn2dmfUX2OZ74v_CHWzPvA&dbm_d=AKAmf-AjGlyGgLdx6vygS-ny4_WZfioeXmuV7OI8LTxLLbuyiG-UkuYf6nuzWtFIO8O6iHIaq1GHHZR8d8tyXgHgZS-GsZGsWl_rq0pRvhyrrrPA25YEfpZtbgLI5y0VyH3ODgeNdPiqElhOyNISn2H2bomgxfNvjuOGP2WWi0rplkHXZtnfGMnBZ8U3OSG_VpkwFbBI2tk7lFMgoMzUL_mf_1rMHnZGMk5uHBoOVBmoSxIzKmYdvO6BQk3FdsccIcKdL2Z0nyNMLI7f7Ax3qwFkuN6CARPwiGIorOtfnHJjqeWq1rvHgXXLSR-wV1YzhlBAM-eH61ltZy_LKaA5WwxKOB99HJ0GaAVW30NhCbddns7lSuY7nU1ubp5qEqMa7AJTWnROf2H7XKM0oC6bK7gZBRzfcpR9O-iMKyGkcODqQ9osTTzTy_fXKQcS5OPPW-1ooBgLqY_fQZ27sTRiomrtCyykIrEOjkVi78ptgjeyOENSQdNEjhH4aBfWPjLfBSyokFq9rXv62NjOFVeY9xv3gMs-gf0uvLK6mkO9rWf0DTJUjVHuMARGF8mFQ9ANIM3Sn3pjLV-JsNP9IeV8JZYDqbD_eYe_XCh3n94mHUdAAd-GkjPirvjl1Pj9QAXyeUcD8WAP0isAPzQO6a3WvDfivqDgLdN8bTHIAOZPtausTezeT21Q4-n0WeeGUIieDQp2Btle35hAoVN2t7ijDqzn2jFHStE0MIyVaOm2KxQZ_rN8KUcVdDpOlQ6ay6MxiOVD1O772HSBtaE28S_6dbSD4oZoHJ3Z2zMa8THKDZ7HsMi8-jCdmn1UdZxOJika73EFpL0mCfVO2yS2vjjvURKTA7Y08kqghLSrYeUpzbUBevQNz6YpKbhrbT4wONJ9Iutdg6QW4JIz5f6iQIm-tdr_JsB3nUUOOv9y6zWyNrxdeP8wsbiMIRc95EL_OC9c-4xmMsm5Hdkc_YzX1J-ZTT19UNOLZHm1KqoSI2v6H1dD_Y3rCDiQk3rReuT5uDU4Vrg6C_blZ2uZVdbZCvAHNw7Ngk3i05amw4CvKGh4gHv-HgP902qsap3nCId61xfBIN5XGuLOlLYz7yYJbtYOPXO05Wn-yK9JLractmzKU_1LLOaKnayKB1kkEwpDRdT9yHXwfVvEc_busTEJ3JXcKIutF2NklWx1CknI0iewypvADLXCfxS4VZNubWGO_C-TO1sLpSzknrhCHGeoQccPgkQML5rtHWJq_k_McZH00CVsJeUcjuWNP3M-TnxRwx06dIQaVN_Gk8V-C2KfoCmiCLgj6O18ap-vdYN65rk7vsBYp5nmJE7cFAVqoc-jUsBurUpiNymC8VzLvkjl5faexBix0vkwgcffOwMGwevukjvcMqf68iZwW2gdHTOZSrQMeY8z4YsI1hibIW5P5eIJbUBOQW6o-09fm5t494iRp7n0UFORdhJ6Vq3WrMFWzkfsnhY0nKUdkLprbBsTz_Yczq-VPlp6BATy9fpA1OeGY6i2L6_BSNTivnrOrhpQeg1mtTMCHHSxvvAwqMc1-GJ7GdYEhbGZQOWqY25RPX0XX4AToiopVfUzvyulWpj37VGoFqonKf819z7VYgDOqp7ymDWX8RaGK6JgvzpOF57IEoP_YFrVTxL9plrR9u63qTcm04coW8kSprXKyUG1ktqPihu5EDOBukP1QIhNCLfXsNuX29fuCQ-hQY8ivGpdewZG7dFzPsDd90ILhHfRgBI099aQmA3n0klUtxa67ExceJM-jNr5soPzs7XFb6urRvMmYr1HDvRff7z-lcFgXAp-ga_BTMoLOwp2z_iGkEvLtp0IoPj0FiRwz5JvRVX3dU-yAovXnlIC190RK4a40xjdv9rQLw5n_QzWOuf3WbfrnaWoHY-u3AbYa1xHZFd24YjXhHqOyIOJd4FW1Zhsgvue7RLl63KcwzpfCz7Sq2Df3Cw_x6Juu15GAknvPs8ND7hwojF8T4bA-jw6Z0V_MUZTCCK6iKnpLu5qnZEyhsZ2LrlpkxgZ2xlVy7Ht5juVz9Lc54VaQyIu8uBslYD8Lvyv_rlQpCCisXnHS8aUHslsnavADrY2g3lGuP2JyesYQeDGicP6bELGy3EkbJpQnP1k7eXbkEmhqdBjYw77D4zxq-qva0cla7s1ZgfnWFrBFkdIRQb0vasiZ2hzSpPADsZnp1AFJh41kiaG4hSGniGy6Cww2yEU1-pcj7hRx1ZLx2TedGguU_dCv1bTxPi8KhTzI4WceRCj75w0-iMHwwLx9hCFQfrhGsiPQWhVPoHtqs7GmNYdL_ZtmYiqsoD5CdsYstyLHJu_MR6-bUm7eFcgoIe1kDMMw5IP-a3EHsJLHOXjAs9av_RzStlruUoSbmkdqayNc4ArDe8Z0kQhi3-ZhYvnV-qgA8m0iH5zQJXLbdR0DjmY_4h5Liamwc6uOK-cj3IWrRFs-_RvtQVGTb7sgdcjCsnmdpkqvTFuH2Gx1GNbOCWT-dAiCBF3q-YrLG16Q-t8dqurobcNoUx1dwx4MIbScRScXhMr9i5GmtsCJTAYqsUVr-UEkDzM_nxihnnUChwFq8gk7iamZV00BdzdejNeTZs8yZSAdLcq4xvH81NwhXaOsOQJwKTkVC-ti-FgI1KqqBEsOFcS9KCn8JkpcNL86inUhUnxZCN_xKUdUVQr7EZCRv3rcBmHNbFshNkdGIGJMXuU6A3gaVtaIt3zNQDh6ssZ7dbxX4uBZGcZrdhu_x-fRkp7pfiViJVOdY62G3SXhtQ9GvFJ_UemEf4OT6hqoLtsDPq3ileGEbDw8zayPVfgVnEl4VImwocyDdofk7SmpBGZ-j0W7tpNKcyZqzGyn0P57glJRpSUGVrCZZZKsB71yzoIVIgVzjcyIBr4AlpoGco7W4XCi_EboKqjhOJSRKpgsBA7zrqCUzT6qS9xnxi90qgDN_lQcdP-XB9cknjJCccGvpeX2g2HGXXKB3bV6TiUoobiMecbkNC9MMAvOM1MjYXJmiistLCFTMOH-ZpDYA-zWVApkwJby5rrN3s2czignlvT10PtKb0nIEZXm4T7dLveaGx-V9wASZ_3HY1YEEXPXoVOrN4V90VIDctt-0u8Uml9_VrK8ByJeQdBC9IuKV1KHuS52m0RbHvq1diWsLEDaogwF8yyAMwgg_2wXOgC49QxdhE2aZdirCmpSEL0Mgmb_KF-k8Jwq7qYWNgQN5Z8JrxRiw&cid=CAASEuRoquxJu--KiMnszY60socfSw&rfl=2%2Chttp%253A%252F%252Fb.travelmiso.com%242%2Chttp%253A%252F%252Fb.travelmiso.com%252F%240

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da76aa15b2e8662fd4814e6bd1ff6009a696c19b05d1039fe83c3aaf614ddbad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24032
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F846 42 B
63 B 63ms
41ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AuHYeyyDxKTQsvHU6HaXENnOS_jnH8ZPRerfq8EN6rplvRNDgl7VRe6pHk-BZGtUcCRmkspJeoY2lai_lbEVT-NsHas4bx56Q0OoRVGGm7Hkb1Rlg

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame F846 2 KB
1 KB 31ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:48 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F846 122 KB
37 KB 39ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:30 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:30 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame F846 13 KB
6 KB 30ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:12 GMT

GET
H/1.1 200
OK /
optimize.innity.com/ 43 B
452 B 189ms
172ms Image
image/gif 119.81.3.35
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://optimize.innity.com/?pubid=244&zoneid=89377&cb=1623656850910
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 119.81.3.35 Singapore, Singapore, ASN36351 (SOFTLAYER, US),
Reverse DNS: 23.03.5177.ip4.static.sl-reverse.com
Software: Apache /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:31 GMT
Last-Modified: Mon, 14 Jun 2021 07:47:31 GMT
Server: Apache
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 03 Sep 1983 02:00:00 GMT

GET
H/1.1 200
OK ucfad-formats.css
cdn.aralego.net/css/dev/ 975 B
1 KB 29ms
17ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 5876
Cf-Polished: origSize=1191
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0aab167df200004a56b105e000000001
Last-Modified: Fri, 16 Mar 2018 07:19:46 GMT
Server: cloudflare
ETag: W/"5aab7012-4a7"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WqfVl%2FKgMBrb4JzOrM%2FQrEfD%2F8JU9D5TKMRk1VFDy4087nphr2gvocQF%2BZJUWBSo3xR2n9I9g97aHvEpLdGiA1a6aLFU4%2FnTqYUgNpd3J639NV7wtClL%2F5Ot9xwHD3q9XLNt8X5f9JU%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
CF-RAY: 65f1f3765bc94a56-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ 46 B
493 B 407ms
105ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Falls Church, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 2e22d0f48fb64994bb452c630105d437ee7a66add079e88b8ce81a1930915c19

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
connection: close
content-length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ 1 KB
1 KB 502ms
177ms XHR
text/html 192.96.200.41
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=0&bl=en-US&je=1&dnt=0&host=b.travelmiso.com&u=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&xr=0&adid=ad-2737989E46EA329AF8AD8BAE88E73D2A&w=970&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.4499768892535836&euconsent-v2=%24%7BGDPR_CONSENT_607%7D
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.96.200.41 , United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: dc9ccdcc7815ae04e6554daefaf5d11678dbd757b31ca89abf2101c7ba723d53

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:31 GMT
X-Width: 970
X-Height: 250
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: http://b.travelmiso.com
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Access-Control-Allow-Credentials: true
X-Adtype: html
Connection: close
Content-Encoding: gzip
Transfer-Encoding: chunked
X-AdStyle: banner

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ 2 KB
2 KB 917ms
151ms XHR
text/html 192.96.200.41
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=0&bl=en-US&je=1&dnt=0&host=b.travelmiso.com&u=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&xr=0&adid=ad-8A296626DD227AEDFB79A483A68EB8E2&w=728&h=90&ver=UCX_WEB-20200113&pos=1&seq=1&cb=0.5910538727662948&euconsent-v2=%24%7BGDPR_CONSENT_607%7D
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.96.200.41 , United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 8507ab63a7478086a53e8a637dcf676af8a9ed2c1018f252479d79d22a839b3a

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:31 GMT
Content-Encoding: gzip
Access-Control-Allow-Origin: http://b.travelmiso.com
X-Height: 90
X-AdStyle: banner
Connection: close
X-Width: 728
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/html; charset=utf-8
X-Deal
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Transfer-Encoding: chunked
X-Adtype: html
Access-Control-Allow-Credentials: true
X-AdWatchUrl: https://us-east-ad-track.aralego.com/v1/ban/watch?iid=30d37c0d-3e18-456e-8ce0-b583004efb89

GET
H2 200 adtrue.travelmiso.com.975429.js Show response
jsc.mgid.com/a/d/ Frame AB28 0
522 B 333ms
45ms Script
text/javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/a/d/adtrue.travelmiso.com.975429.js
Requested by: Host: exchange.adtrue.com
URL: http://exchange.adtrue.com/tag/passback?adtrue_pzoneid=19020&divid=968174944&ref=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
cf-cache-status: HIT
age: 3760
cf-ray: 65f1f3788f10ee48-CDG
last-modified: Thu, 28 Jan 2021 17:16:02 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
x-amz-id-2: uRdhG5UHRnY98gQbQCloCHwo78Duz8eJwG+wdNVPu6PMnQy4f5InVjrTbSh7qY7pK1+N9eAn6Z8=
cf-bgj: minify
server: cloudflare
etag: "d41d8cd98f00b204e9800998ecf8427e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: AZ2AZ43B9MXMQGNC
cache-control: public, max-age=10800
cf-request-id: 0aab167f550000ee486f29b000000001
accept-ranges: bytes
content-type: text/javascript
expires: Mon, 14 Jun 2021 10:47:31 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1FFD 107 B
122 B 36ms
20ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1FFD 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1FFD 15 KB
9 KB 383ms
383ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3744383241577349&correlator=1346371892941283&output=ldjh&impl=fifs&eid=31061039%2C31061410%2C44744016&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=211003152%2Com_ron_dis_300x600_d_catchall_pp0.1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&eri=4&cust_params=domain%3Dtravelmiso.com%26site_id%3D35808%26publisher_id%3D2633&cookie=ID%3Db91b9b5f565a940c%3AT%3D1623656848%3AS%3DALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w&cdm=b.travelmiso.com&bc=23&abxe=1&dt=1623656851104&dlt=1623656849713&idt=1279&ea=0&frm=23&biw=1600&bih=1200&oid=3&adxs=1231&adys=533&adks=1576936405&ucis=ebmwv27ko1x1&ifi=1&ifk=2165813388&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=http%3A%2F%2Fb.travelmiso.com%2F&loc=about%3Ablank&top=b.travelmiso.com&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=0x0&ga_vid=1323273303.1623656851&ga_sid=1623656851&ga_hid=615859684&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ae4c97f706732f20820e6397fb9e7cc12f1fba082196fca14f1251fd6ba3ee6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8796
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1FFD 0
0 32ms
17ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2559 11 KB
8 KB 22ms
21ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

609e05518e71e1718e9ad3f5b2980252e319aaf98f0a04a789e5f3150525c4b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8515
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.fr/adsid/ Frame 036B 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 036B 107 B
122 B 16ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 036B 7 KB
4 KB 190ms
189ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4302321736003007&correlator=1389926557173035&output=ldjh&impl=fif&eid=31060032%2C31061413%2C31061410%2C21065724&vrg=2021060901&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=53015287%2Ctravelmiso.com_d_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=2&cookie=ID%3Db91b9b5f565a940c%3AT%3D1623656848%3AS%3DALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1594654829&dt=1623656851164&dlt=1623656849657&idt=1468&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=619&adys=265&adks=1866056204&ucis=pvtu5h92ca9k&ifi=1&ifk=4190388977&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fyl%2F300x250-btf.html&ref=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x0&ga_vid=148647629.1623656851&ga_sid=1623656851&ga_hid=236473159&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dc311c9663caa10117b500ff228ef5860342dd1a6a3307c7b48defc0279453c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3896
x-xss-protection: 0
google-lineitem-id: 5089889175
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138322591312
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
825cb99a063aef49f60a236187a75474.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 036B 0
0 33ms
16ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://825cb99a063aef49f60a236187a75474.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 0513 83 KB
27 KB 81ms
26ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.viralize.tv
URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a98e1f08dd27c121a337ddc31691d4044f56ae83301b574728548b78d3068d3b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:09:58 GMT
server: nginx
etag: W/"60b79136-14aab"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:47:31 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9F02 143 B
1 KB 37ms
37ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.travelmiso.com
URL: http://www.travelmiso.com/js/apnx_prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0901695300ed9b729e2743f579db6bee7b77caa8391b3f21df9bb4bcaf9da969

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:31 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.87:80
AN-X-Request-Uuid: ac2ada62-84f0-4f0b-8131-b1233b3c7937
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame A515 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame A515 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A515 15 KB
9 KB 418ms
414ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1991056454205619&correlator=4035379468786325&output=ldjh&impl=fifs&eid=31061436%2C31061150%2C31061410&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=211003152%2Com_ron_dis_160x600_d_catchall_pp0.1&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&eri=4&cust_params=domain%3Dtravelmiso.com%26site_id%3D35808%26publisher_id%3D2633&cookie=ID%3Db91b9b5f565a940c%3AT%3D1623656848%3AS%3DALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w&cdm=b.travelmiso.com&bc=23&abxe=1&dt=1623656851215&dlt=1623656849779&idt=1428&ea=0&frm=23&biw=1600&bih=1200&oid=3&adxs=927&adys=533&adks=3266069665&ucis=w453f12ogcji&ifi=1&ifk=2165813388&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=http%3A%2F%2Fb.travelmiso.com%2F&loc=about%3Ablank&top=b.travelmiso.com&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=0x0&ga_vid=1436120261.1623656851&ga_sid=1623656851&ga_hid=1625355903&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b4734070955004bd8c250e32864669ced4492faf50be5858ba1e08ec1b233f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8768
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FFA2 6 KB
3 KB 30ms
14ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:31 GMT
expires: Tue, 14 Jun 2022 07:47:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 204
No Content t.dhj Show response
pxdrop.lijit.com/1/d/ Frame A368 0
225 B 58ms
41ms Script
text/plain 104.111.233.227
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://pxdrop.lijit.com/1/d/t.dhj?dmn=nichools.com&GDPR_v2=
Requested by: Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1
Protocol: HTTP/1.1
Server: 104.111.233.227 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Expires: Mon, 14 Jun 2021 07:47:31 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame A368
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=1512&partner_device_id=2122916275e28e076559a386&gdpr=1&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=2122916275e28e076559a386&gdpr=1&gdpr_consent=

95 B
426 B

24ms
21ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=2122916275e28e076559a386&gdpr=1&gdpr_consent=

Requested by

Host: nichools.com
URL: http://nichools.com/user?i=jvz1bqas4afbza0812345&a=fdd68d248266fd4eefa4158297b65a017&cb=1266771623656847653

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.36.v20210114) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

date: Mon, 14 Jun 2021 07:47:31 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=2122916275e28e076559a386&gdpr=1&gdpr_consent=
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK pixel
ps.eyeota.net/ Frame A368 0
344 B 3153ms
24ms Image
text/plain 3.124.210.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=&pid=51md42u&t=gif
Requested by: Host: nichools.com
URL: http://nichools.com/user?i=jvz1bqas4afbza0812345&a=fdd68d248266fd4eefa4158297b65a017&cb=1266771623656847653
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.124.210.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-210-90.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame A368
Redirect Chain

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=2122916275e28e076559a386/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent=
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=2122916275e28e076559a386/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=5001&3pid=36252f567055f1ac5e723f37ce2ebfd&gdpr=1&gdpr_consent=

43 B
1 KB

168ms
27ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=5001&3pid=36252f567055f1ac5e723f37ce2ebfd&gdpr=1&gdpr_consent=
Requested by: Host: nichools.com
URL: http://nichools.com/user?i=jvz1bqas4afbza0812345&a=fdd68d248266fd4eefa4158297b65a017&cb=1266771623656847653
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:32 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ce.lijit.com/merge?pid=5001&3pid=36252f567055f1ac5e723f37ce2ebfd&gdpr=1&gdpr_consent=
cache-control: no-cache
x-server: 10.45.6.156
content-length: 0
expires: 0

GET
H/1.1 200
OK ct
ap.lijit.com/data/ Frame A368 43 B
206 B 31ms
30ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/data/ct?tid=a_739868_bc525577f911439e862ec68774802197&zoneid=739868&cid=18&geo=FR&all_tags=185%2C203%2C205%2C248%2C429%2C458%2C462%2C465%2C490%2C501%2C503%2C512%2C515%2C519%2C520%2C523%2C539%2C541%2C543%2C561%2C563%2C565%2C578%2C589%2C590%2C600&tss=836%2C837%2C838%2C844&fired_tags=519%2C520%2C541%2C590&count=4&status=8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C1%2C8%2C8%2C1%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C32&elapsed_ms=845
Requested by: Host: nichools.com
URL: http://nichools.com/user?i=jvz1bqas4afbza0812345&a=fdd68d248266fd4eefa4158297b65a017&cb=1266771623656847653
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:31 GMT
Server: nginx
X-Sovrn-Pod: ad_ap7ams1
X-Powered-By: raptor
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D78A 318 KB
112 KB 32ms
31ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:31 GMT

GET
H2

200

/ Show response
track.adform.net/Serving/TrackPoint/
Redirect Chain

https://track.adform.net/Serving/TrackPoint/?pm=720907&ADFPageName=Viralize-all%20cookie&ADFdivider=%7C&ord=885940280676&Set1=en-US%7Cen-US%7C1600x1200%7C24&CPref=http%3A%2F%2Fshoppinglifestyle.biz...
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=720907&ADFPageName=Viralize-all%20cookie&ADFdivider=%7C&ord=885940280676&Set1=en-US%7Cen-US%7C1600x1200%7C24&CPref=http%3A%2F%2Fshoppinglifestyl...

561 B
906 B

98ms
98ms

Script
text/javascript

37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?CC=1&pm=720907&ADFPageName=Viralize-all%20cookie&ADFdivider=%7C&ord=885940280676&Set1=en-US%7Cen-US%7C1600x1200%7C24&CPref=http%3A%2F%2Fshoppinglifestyle.biz%2F&ADFtpmode=2&loc=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e22e1ff97706d2fc0ea5417d0cffd3614791b193a441576a41b46a93044609d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 500
expires: -1

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
server: nginx
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=720907&ADFPageName=Viralize-all%20cookie&ADFdivider=%7C&ord=885940280676&Set1=en-US%7Cen-US%7C1600x1200%7C24&CPref=http%3A%2F%2Fshoppinglifestyle.biz%2F&ADFtpmode=2&loc=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H2

200

/ Show response
track.adform.net/Serving/TrackPoint/
Redirect Chain

https://track.adform.net/Serving/TrackPoint/?pm=720907&ADFPageName=Viralize-tassonomy&ADFdivider=%7C&ord=306832817876&Set1=en-US%7Cen-US%7C1600x1200%7C24&CPref=http%3A%2F%2Fshoppinglifestyle.biz%2F...
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=720907&ADFPageName=Viralize-tassonomy&ADFdivider=%7C&ord=306832817876&Set1=en-US%7Cen-US%7C1600x1200%7C24&CPref=http%3A%2F%2Fshoppinglifestyle.b...

369 B
767 B

99ms
98ms

Script
text/javascript

37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?CC=1&pm=720907&ADFPageName=Viralize-tassonomy&ADFdivider=%7C&ord=306832817876&Set1=en-US%7Cen-US%7C1600x1200%7C24&CPref=http%3A%2F%2Fshoppinglifestyle.biz%2F&ADFtpmode=2&itm=eyJzdjEiOiIyMSJ9&loc=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5bec26154c459a044f35bfabd4a8bb3df662fe977217deede3eb1a4207b2994e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 361
expires: -1

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
server: nginx
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=720907&ADFPageName=Viralize-tassonomy&ADFdivider=%7C&ord=306832817876&Set1=en-US%7Cen-US%7C1600x1200%7C24&CPref=http%3A%2F%2Fshoppinglifestyle.biz%2F&ADFtpmode=2&itm=eyJzdjEiOiIyMSJ9&loc=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H2 200 f9358c97-5614-4a21-8133-fd2cce2c76ee Show response
compass.adop.cc/RE/ Frame D40F 1 KB
1 KB 750ms
687ms Script
text/html 13.32.25.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/f9358c97-5614-4a21-8133-fd2cce2c76ee?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=f9358c97-5614-4a21-8133-fd2cce2c76ee&type=re&loc=http%253A%2F%2Fb.travelmiso.com%2Fads%2Fadop%2F300x250.html&rnd=&percentage=false&size_width=300&size_height=250&
Requested by: Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.25.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-25-2.fra56.r.cloudfront.net
Software: nginx / PHP/7.4.15
Resource Hash: c152b50aa827ac4cf0203287ad2436164e715b4441e5ae8b8bc804b6c6f852d9

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: FRA56-C2
x-powered-by: PHP/7.4.15
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
cache-control: public, max-age=300
content-type: text/html; charset=UTF-8
content-length: 550
x-amz-cf-id: d3e3bXR7ASM1aJuh6pA_Yq5O25lDo2MCXI7XY3YbARsx055iYAs7PA==

GET
H2 200 WGBxsh8JTtodCEZYWdOx7yCFU2bMd4R-zo6WOMHrcvwX3R5122S1RI7ll_U3NsR0sJiITQsusuRK5BqDtFReXltZrOQwmd4=w400-h209-rj-pd-pc0x00e9e9e9
lh6.googleusercontent.com/proxy/ Frame C995 11 KB
12 KB 36ms
10ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/WGBxsh8JTtodCEZYWdOx7yCFU2bMd4R-zo6WOMHrcvwX3R5122S1RI7ll_U3NsR0sJiITQsusuRK5BqDtFReXltZrOQwmd4=w400-h209-rj-pd-pc0x00e9e9e9

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f3c34804791724baacffbf7dc5b5da39fc2fcb6ce136f25afe347e7e384d0213

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:23:37 GMT
x-content-type-options: nosniff
server: fife
age: 1434
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11753
x-xss-protection: 0
expires: Tue, 15 Jun 2021 07:23:37 GMT

GET
H3-29 200 823626295475002233
s0.2mdn.net/simgad/ Frame C995 6 KB
6 KB 10ms
6ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/823626295475002233

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0db662d6599b5a2be7b16e8a8a6ab2a59966e31efa4020bca34d0c920f9fb4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 13:26:34 GMT
x-content-type-options: nosniff
age: 152457
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6225
x-xss-protection: 0
last-modified: Fri, 28 May 2021 16:33:11 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 13:26:34 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C995 42 B
63 B 29ms
25ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BGlo-hcdw_4eeo_1m1kP9-K2tu9eLeDrnXlAPbStw8Ki6Y7nCFh7rQCPmx60mRDdV7GjAwlfwkHJ4cy7tS_qOK-iCXzoLr8wgdB_9FnanWTaDZGQqh20LH2stY5f_Je2usmESYti3hRIAbiESwtmUSwts78g&dbm_d=AKAmf-DUhCRQBpQzV_n29othrZO_tR3vyc3S89bn4goDSSn77TGcqayZMWW14Q1BuD4euWJzZwI7ZI-FXOxSPY0rdx_0sq1OfcN123LrvW5f4H1xqC3A4m0Ngcm2DsYzaTDgvN_xXTfa6jL34yg1ZA9xDzbrJvXMtiYvZMJeKCbpZCnpLYxkDzIcR3DBdh8ZSFQDMLh4VuAanICEirjOnvHpzwPognWIkqXFOK2-vXv6Ghr9rYvXixaQEQ1T2xXmcTxFsXfXDTkXF_HK4BAx2EAz1hyVw3hE4rC9RM3nywu61hyjcMrwCC2rPw8Vjs6DDZogf64n2-uwG_QEKKYfRfzXOyY3AMSQRpHqAxeY4uRNWalOy3wrDtASoPtc51Sc2NxRl3xfYmKfkDVzlLh7d4Sr78F-SiSthCYcHMzsKOceMfQqZkuDMoJZImasN-Wb_UPQcMjICN1cD3oIyizkNN2uhvarxYA3AIiuBjYxbcmklD1ShVy2OEIxSS95Q7N4lHVAVBc3OqMWiWFkrJkmyoMdZ-_aj2z0B5wylJJSIhL4TYCOnWzbYrAtAGrrYOFOphz5THCidHheIf0C7Tt9sG8cwAxSVsJJzYkd7mKfe069h2MlrAMz4VRq4bcBv3111ZHjcbrNkAi6a18riPuYS-VfrxuuSx9IuH9bi77K76PaXHmryejqPj9w7pZheK-h4oiEuy9N8iQ3gQuq842UgUvFI-ZbylUQE1Aw0A-4Hc2j88crHVvgvpZxpSa5HSswln6MdRI9nvqv8uchEJMAPNrfeIGrJG3fo4vvQiHcHGNhNkgk0Tf8wGUqadAlwy9-5Pwsq8eUI3fAdf2E3-jwBZl6Rhp2CV4EaVVog_43oyd5jyg9dGPlfJPwP27VjsdyMPfI2r87EfFLjuaSeF0aC-LqElv8DPgniNktrPTlmR1Bz7ltAFE7bnlQYRd9laRXXSj5L-f_CYAsLfxvbVvc7An7b5Xmyms_zSkSLASMMvJzd2Ct8n_jXfGvGMn1SYa8YzlUaXt5XwBCujcTG6e7m0ofBTT3_uJduNIgm2QmzKC7JRfjQBYVC9fmhU1cquBH7vJHA9mNZq4zvelzuDObpsu3be6hwOjlkKZ8oYI-tx9bkCrEz-FzK86FZtYvW195zFkIBuwKcb7OWPVEgFHDW393hioaLNS4CPJrdfFH0QHVdA4yFf-Q5QgLWjjCaAun6bIys_3aD5qUavB3Lxlg2kUjM0obKhJGES-5lied3-P2T2mkTv7TlVeFbN6Bgvp86BLFWkZUJl9CW5dXJobVW9ZbddnILG19RHMLXcENa8NeXOQs2c7auU6cU2tzvbDualyzE8CR7fWOsHlQPP0LG571PhF0TY2OAUk0LSEK7GogOc_K7uEHk7FRVZMM2jBF4rFSCCgMQFPUQMAb7h--LnLNvGRxsghUZWTQye7WQJ5zJ0Zirl08ewI075U445X3gLKZMZAdO4Svx8pLBtMVFMSpfBfJeDYG8FuW-XvcDrAM5u3TgsBTEVxAk5g8Uocfql5xSw96sE0GrZzLOqBiSPYRgNuHPUbHgj0uZr4I8ldMv54n-6Ovbff8UyQk38fERfZ-ipnkKkSR5cpAw2avUFJfo6kMQVnzjohQ_UasbewRkGc7D6PQm9A3gy48kZ5KuMygHeSTiEfN8ne29oRTBzlg9AHN28MVYGdHqHkAiIBr6J0I7Cmfh5Zehu8T8tA7hlyMBHHEM5iV5wJUA0_QIzfCjvkreAZdrCnt8ZuDVTGoQGHzRbRYPDI6Uv0EUFT-BOQdLbztE5JkQeLtgeMTQqLGUOmgDm5ZydJOrWrsdNfAOkWTgkMQnLYEGvBlBiL_Dn1fajrRhV4s_fLbjBvsGwGWCZE6zYgV6qCchJfYdriJu33lfm3tj8V_nK-yDhSMMozKMwj-1KKtGJZbo4-sd0zcdVwuM0tIGPrDc-JHsIoSaGVQEN63H74uBhEKWh6qu3VLX2BbUwvDrX1hDTYpVw3oahdHkdqIHREC40SWQmVh9ZxErk3n41L1T_07pI1W4uVUV7KJuMc_vHOYom3JSLduxuZqu8JExiVtkSEMZAwossU4nHwZxAYvRbniqVkqxy8gfHwI4A4Z7QLtvGaZDdYWViaRRNHcjQGfydEQ87IscCIraVfNP9Tf_LAxrZRtnpigPAz8Liu0sAiVMeGz5eerLH1DIWOwsmTB7fGx56v-oDvN3JOtrCa46_7NH2ShpPwxgkjmJTgx01wXwoRYPhqWotAPEtKXQIGVYOsn4YOeTE7xfV5ZBudHAPZuobEaRZierejCOWkbD4REdHzSHW7E4j11GPhVTvhm7vHknBsZRgs8fFlZBhFu2pWI-QIfAjPJ3ebni_X0ZKRbe_Fv9mAjtGd2Fq1xCE3pjF1MqLkErQ9Ib1dzOc9jXa6ONYTqOMJL2aG5RbIkgsDR6JVp5xmbyWApYFn4pcNEiXhlBQhXDuKPtigKJL_AByq4hd47Seh-Jrlg1370IGAwvO8_oY2UMZEp5SVa4SUaMHPe6M0Ew0XHMmd5feDnmA24JT50RP62Xiv7fqMx40dCg2vteBKTYlfBB1c9uLo3PnejtUvgZ5uwkbDZsZUkY1Ecet9Zl9SiAR7_xnRmrjAtXdY_9VzxUg_HbFA9a69N_i8z0QNGHpnfti7tWMhohiY-FvN06MtdVMx2hO7iRlYNOo_gmsND_0GIkM4vtD4vRHVFVbyKkiY8XCpaMXmh8EUgBGubAfDGaPvBwcZ2x62CthXFwtKpSTxQm8Omo94hCZQyiF4p3Ebd-t1i0Wi8pIXLRlZaP4D-Xt7vlFyy5JRfOb9F96mduEQ9Upv_75BY8ifsTRkjyQPhuzXZvy0eXCuRZmPaVtxRAcVnstZtypNhrRfCXHp1Wgj1OK48gbxjtSAeCKCEZp-Lx5eA1jtSOK1EKmQch0OSVT35Y5HYJ3LCjHKodHe0Ki4cSYSNuUXE3tXZ8x6Nl2apPBMc-2EUAAVFVpzqK2Jn0_HrfODQLI7ZwLkyNLmPqoDFkZGGyXzkTus0-okqNJIJVOK3XTOMiUCvUr6_Ha01V1ltl1ahDXkDKOA0ma8zkhvdwi3t_tQhh-O7Yb5YQeKRblJ_Oe96fWPp5OfsXIUKVzBYYGs4H0sOb6wwNOlYcBD2PJyfhX_SfcKu0MItPm3hCDbS_-qtdca8RQ8vDXb5ACHApjSjfaVQ87c3ntDRwzjAoCy--ZlXDt2PUsZ8dfkQWGSXpbTQXyWk25tudNJ3texjUyiLBFmmUb_olc0ICDGoqlh2uQ&cid=CAASFeRoZZWnE4xzYbWfQv_pGTp0cL8nxw

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C995 0
0 102ms
100ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CwajykAnHYPmLM5nigQeRkIUYlNKFkGP5vuDI9w3wLhABIIHd-SBg-4GAgIgKoAGz1YL7AsgBBqkCfsYep6lQtD6oAwHIA5sEqgTdAU_Qb94dklkyVVQW9KOm7Dd0ZAUyq4BTW2WUDCjGfNKkRPPVdOAEz0ZaPACixcBqVmRN6AxpC_ExcSmyMI9dNxWfzsYO-MOa21OTUBUqQb9oycz7t_NH-MQpcYkOH0hpTZt1gDBrL5IPkyKxE0F9EQb4Gw4LXqXdzun_nOvwUJ3xLImC-yXSLo3WmwPXlEtJSpSQ2Fo3Cvnd1Kvw1lVgblK5mToi3OcxrhkM6wSxEjgXaNIx8TdQ8FhuWOAZ8On-s4qSMSoLTjclMGesOWypTO_jjwAZMnRxKmdlX8C5wATH5_nZygPgBAOIBcvUzawxkgUGCBsQARgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAe1qv2EAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUb2AcB8gcKEJ-xDxidw-mrAdIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjA0MTczNjczNjIxMjU5M4AKA8gLAbAT2MHOC8gT6vON3QPQEwDYEwPYFAHQFQGAFwGyFxoKGAgAEhRwdWItNzUzODU1NTI4MjAzMzQ1OA&sigh=iIIPm-89vus&cid=CAQSPwCNIrLMgz5HBW-Kl1IzfFwyVfCiOr3iGtoNaVL6CacZTKf0tH4hfmUi5T2VG_nnXvf5EvWlYns-tjBCHGzeZA&template_id=509&vt=10
Requested by: Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 impl.20210613-7-RELEASE.js Show response
cdn.taboola.com/libtrc/ Frame 6040 496 KB
114 KB 331ms
25ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20210613-7-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/travelmiso300x250gr-r19505065/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 8974f58be666ac2c5f7d8a69b09e031e9251163b711e58ec9ca3c9e42fcb7e27

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: MqGiLIR6El3MkuQHJ3.1eYqZMAGTaULA
content-encoding: br
etag: "9678bab06f2bace18fc306bb0efe8c6c"
age: 22465
x-cache: HIT
content-length: 116369
x-amz-id-2: fnO/Pz6PeUpWgpYZ+ik9h3feMutGfagRVzyWKHnWaFSlUcIfz3cLNzzaZduvg0TPEhNDhhtvhd0=
x-served-by: cache-hhn11534-HHN
last-modified: Sun, 13 Jun 2021 09:27:32 GMT
server: AmazonS3-br
x-timer: S1623656852.652838,VS0,VE0
date: Mon, 14 Jun 2021 07:47:31 GMT
vary: Accept-Encoding
x-amz-request-id: 9RZMKTQKNNBRP2Y1
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 40
x-cache-hits: 128611

GET
H2 200 / Show response
ads.viralize.tv/t-bid-opportunity/ Frame 52DC 0
83 B 181ms
175ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-opportunity/?t=badn&zid=AAC96NRlexLe0QQQ&sid=01ebcce4c3c2ea8c58b46cce1d6fbb61&u=http%3A%2F%2Fb.travelmiso.com%2F&item=NTU2MNTbtGao6pCO.9.wp9sc1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2559 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:31 GMT

GET
H/1.1 200
OK Cookie set beacon Show response
ap.lijit.com/ Frame DA0C 2 KB
2 KB 31ms
31ms Document
text/html 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=12205132
Requested by: Host: static.viralize.tv
URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 246da60e920581e59d54e76f585342a9f6e90fef1de497cb9eb942bd0f613c60

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=2122916275e28e076559a386; ctag=512:1623743250|561:1626248850|515:1626248850|563:1626248850|565:1623743250|520:1626248850|185:1623743250|203:1624866450|205:1623743250|541:1624866450|589:1626248850|462:1623743250; ljtrtbexp=eJxdkDESwzAIBP%2BiOgUgBChf8%2FjviTxu2HIZZu%2FgGjq%2BGjbTpy35DHvQK8IPRnSeHVM7q4Chy1dnoXF475194z8pOFChkFHoVA5eYPrQwOjbaIh8i%2FeDIvJw9hsn8hx%2Bh39hf7V%2F3D8tAVUR
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxlkDkSwDAIA%2F%2FiOgVgznwtk7%2FnmBRGKdeSQegYPHZ2maFTjLYhL2q6q%2FE23Be%2B5dnl4M5M3R7fd3H2V5euV1X8XhJmQoSEHQmZUkE3YAd%2FdJYJ%2Fuos%2FjVGRI%2B%2FII%2FEcvNTGexTmK8w3%2BBeW%2Fug8wI1lFUb;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:31 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:31 GMT;Max-Age=31536000;Secure;SameSite=None ctag=512:1623743250|561:1626248850|515:1626248850|563:1626248850|565:1623743250|520:1626248850|185:1623743250|203:1624866450|205:1623743250|541:1624866450|589:1626248850|462:1623743250;Path=/;Domain=.lijit.com;Expires=Wed, 14-Jul-2021 07:47:31 GMT;Max-Age=2592000;Secure;SameSite=None ljt_reader=2122916275e28e076559a386;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap7ams1

GET
H/1.1 200
OK gmdef_300x250.asp Show response
www.travelmiso.com/acta/friends/ Frame 235E 373 B
604 B 183ms
172ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.travelmiso.com/acta/friends/gmdef_300x250.asp
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2F&zt=&cb=412743/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 513ac9644a583953b23a95939cc9301e2fb85785911525cb1425808932477b70

Request headers

Host: www.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://www.travelmiso.com/acta/friends/inndef_300x250.asp
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: _a3rd1567570933=0-9; ASPSESSIONIDQCSSCCAC=PDMDPFDDPOOLNPFLDIGELOAE; __gads=ID=b91b9b5f565a940c:T=1623656848:S=ALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.travelmiso.com/acta/friends/inndef_300x250.asp

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Length: 403

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame A5EF 8 KB
3 KB 294ms
29ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2F&zt=&cb=412743/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.travelmiso.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111763
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:31 GMT
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 715C 8 KB
3 KB 308ms
43ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2F&zt=&cb=412743/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.travelmiso.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111763
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:31 GMT
vary: Accept-Encoding

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame 03F2 2 KB
1 KB 103ms
28ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=83432313f553532313f5435393&cid=954&p=1505449937&s=http://travelmiso.com/&x=gammassp&nci=&adtg=1567570933&nai=&si=&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=1567569789&di=&mm=&os=&ua=&lat=&lon=
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2F&zt=&cb=412743/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Jun 2021 15:09:31 GMT
server: cloudflare
age: 5791
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 65f1f379cc51eddf-CDG
content-length: 1146
cf-request-id: 0aab16801d0000eddf6ab2d000000001
expires: Mon, 14 Jun 2021 09:47:31 GMT

GET
H/1.1

200
OK

recv
cm.gammaplatform.com/adx/ Frame 03F2
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=ambient-digital&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=ambient-digital&ttd_tpi=1
https://cm.gammaplatform.com/adx/recv?pid=5&uid=61edf282-8c4c-4c3b-a577-89026d283e5c

43 B
574 B

1960ms
170ms

Image
image/gif

52.220.229.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.gammaplatform.com/adx/recv?pid=5&uid=61edf282-8c4c-4c3b-a577-89026d283e5c

Requested by

Host: www.travelmiso.com
URL: http://www.travelmiso.com/acta/friends/inndef_300x250.asp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.220.229.2 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

lws: 20
date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
time-ms: 0
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
accept-encoding: utf-8
content-length: 51

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.gammaplatform.com/adx/recv?pid=5&uid=61edf282-8c4c-4c3b-a577-89026d283e5c
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET sync
x.bidswitch.net/ Frame 03F2 0
0

GET

recv
cm.gammaplatform.com/adx/ Frame 03F2
Redirect Chain

https://gocm.c.appier.net/ambient
https://cm.gammaplatform.com/adx/recv?pid=10&uid=uS7aM0vmD-mCGLwPmAnHYA

0
0

GET send
cm.ambientdsp.com/cm/ Frame 03F2 0
0

GET

recv
cm.gammaplatform.com/adx/ Frame 03F2
Redirect Chain

https://cm.gammadsp.com/cm/send?vc=gdj
https://cm.gammaplatform.com/adx/recv?pid=50&uid=re4kfyl6f86

0
0

GET
H2

200

tpid=9espuwvch7le
bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/ Frame 03F2
Redirect Chain

https://bcp.crwdcntrl.net/5/c=13633/tp=GMMA/tpid=9espuwvch7le
https://bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/tpid=9espuwvch7le

49 B
789 B

82ms
77ms

Image
image/gif

52.30.140.199
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/tpid=9espuwvch7le
Requested by: Host: www.travelmiso.com
URL: http://www.travelmiso.com/acta/friends/inndef_300x250.asp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.140.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.17.125
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/tpid=9espuwvch7le
cache-control: no-cache
x-server: 10.45.2.79
content-length: 0
expires: 0

GET
H/1.1

200
OK

sync
d.gammaplatform.com/ltm/ Frame 03F2
Redirect Chain

https://ad.crwdcntrl.net/5/c=13633/pe=y?https%3A%2F%2Fd.gammaplatform.com%2Fltm%2Fsync%3Fsegs%3D%24%7Baud_ids%7D
https://d.gammaplatform.com/ltm/sync?segs=

43 B
433 B

590ms
193ms

Image
image/gif

52.220.229.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d.gammaplatform.com/ltm/sync?segs=

Requested by

Host: www.travelmiso.com
URL: http://www.travelmiso.com/acta/friends/inndef_300x250.asp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.220.229.2 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

lws: 224
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
time-ms: 0
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
accept-encoding: utf-8
content-length: 51

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://d.gammaplatform.com/ltm/sync?segs=
cache-control: no-cache
x-server: 10.45.27.116
content-length: 0
expires: 0

GET
H/1.1 200
OK ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 5BD4 975 B
1 KB 26ms
23ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 5877
Cf-Polished: origSize=1191
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0aab167fd800004a5690157000000001
Last-Modified: Fri, 16 Mar 2018 07:19:46 GMT
Server: cloudflare
ETag: W/"5aab7012-4a7"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=h594FGjnwxJATtTnH9LC9xlGgjhQ1joOgPyVOLp1dO1KeM2a8zzjI%2BOjy0r%2BNpMm2gTJmfostWX6rgL3T5%2FyeUdqBVt0egfYMbIv21tcpIUzcRvw3TUU9jOmOD5TzD1H4zDfJ%2FnxJTs%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
CF-RAY: 65f1f3795b074a56-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame 5BD4 46 B
493 B 419ms
102ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Falls Church, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 2e22d0f48fb64994bb452c630105d437ee7a66add079e88b8ce81a1930915c19

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
connection: close
content-length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame 5BD4 1 KB
1 KB 927ms
158ms XHR
text/html 192.96.200.41
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=b.travelmiso.com&u=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&xr=0&adid=ad-47B773A8369E2ADDC396364BDBB384D&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.9181722301468012&ao=http%3A%2F%2Fb.travelmiso.com
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.96.200.41 , United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 83bf8dc0ed879407ce40e70684ab4aec37b7aef16b78a1690b8996463a512dee

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:32 GMT
X-Width: 300
X-Height: 250
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: http://b.travelmiso.com
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Access-Control-Allow-Credentials: true
X-SspId: 1199424b-5208-3d1a-a051-6db0e30656d7
Connection: close
Content-Encoding: gzip
Transfer-Encoding: chunked
X-AdStyle: banner
X-Adtype: html

GET
H2 200 / Show response
ads.viralize.tv/t-bid-opportunity/ Frame 86D9 0
83 B 94ms
93ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-opportunity/?t=badn&zid=AADSIf6-RvqhS2yK&sid=01ebcce4c3c2f72898a9f96e66b7e271&u=http%3A%2F%2Fb.travelmiso.com%2F&item=NTU1OPkpEx5nemgF.9.wp9sc1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B058 143 B
163 B 51ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkWrAMFjgaPY-5Wy0_C16B8n7Pl47SH-Jjtp9jo0joVkjSULWNSk0VeJUUrC3w; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Jun 2021 07:47:15 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 16
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C995 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c79b928b12b334ac91a14ee72f7074d915742ed0a85744955a36423f7c807fbd

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ucfad-formats.css
cdn.aralego.net/css/dev/ Frame B5A2 975 B
1 KB 17ms
16ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 5877
Cf-Polished: origSize=1191
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0aab16803b00004a56b3145000000001
Last-Modified: Fri, 16 Mar 2018 07:19:46 GMT
Server: cloudflare
ETag: W/"5aab7012-4a7"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2FTN1KJw5jNdZxD0uw5tmLiKgBilUPsk8gspcgT7E3K6ehCUCLyzzj%2BWQOT%2F8fjKNLTwIjmcpHmbwX%2BeTLeEChiF44liZvpou%2Fxr1G0IMS1Zp1uaBJN7Ba%2BdKo9bJHXaoPpoK8r3vISc%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
CF-RAY: 65f1f379fcc64a56-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame B5A2 46 B
493 B 2056ms
102ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Falls Church, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 2e22d0f48fb64994bb452c630105d437ee7a66add079e88b8ce81a1930915c19

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
connection: close
content-length: 46

GET ad_request
ads.aralego.com/ Frame B5A2 0
0

GET
H2 200 cht_cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame D0BD 807 B
866 B 102ms
13ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cht_cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6058eb29e9bb8b7cd0d68f0d180a093941e971f4659092a70c99ca57827bc678

Request headers

:method: GET
:authority: cdn.aralego.net
:scheme: https
:path: /ucfad/cookie/cht_cookieSyncIframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-type: text/html
last-modified: Tue, 11 Aug 2020 08:15:02 GMT
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 5677
cf-request-id: 0aab1680b400004a8604a4d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=M01rTJAAQFwJYqdl0VL4lA7wjwiUUytmVrWOMKajTNLZFED0i1kYnooZsTA4ly1xM4xkhTK8QQPz8oD%2BQqvkuTPwLI4RkWXQ4rzOzIaDwG82VawkTkumUn%2BRe7nDuuidPLi0M%2BnRntI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 65f1f37ab94b4a86-FRA
content-encoding: br

GET

idsync
sync.aralego.com/
Redirect Chain

https://sync.aralego.com/idsync
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/1199424b-5208-3d1a-a051-6db0e30656d7?gdpr=0&euconsent=
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-P2rWK1tE2oWEHSJx.I7WvPR6lyyuUb66gi0s_0Y-~A&redirect=

0
0

GET
H/1.1 200
OK gmdef_300x250.asp Show response
www.travelmiso.com/acta/friends/ Frame B67A 373 B
604 B 209ms
173ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.travelmiso.com/acta/friends/gmdef_300x250.asp
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=876052/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 513ac9644a583953b23a95939cc9301e2fb85785911525cb1425808932477b70

Request headers

Host: www.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: _a3rd1567570933=0-9; ASPSESSIONIDQCSSCCAC=PDMDPFDDPOOLNPFLDIGELOAE; __gads=ID=b91b9b5f565a940c:T=1623656848:S=ALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:30 GMT
Content-Length: 403

GET
H/1.1

200
OK

recv
cm.gammaplatform.com/adx/ Frame C527
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=ambient-digital&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=ambient-digital&ttd_tpi=1
https://cm.gammaplatform.com/adx/recv?pid=5&uid=61edf282-8c4c-4c3b-a577-89026d283e5c

43 B
575 B

1792ms
168ms

Image
image/gif

52.220.229.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.gammaplatform.com/adx/recv?pid=5&uid=61edf282-8c4c-4c3b-a577-89026d283e5c

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/300x250.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.220.229.2 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

lws: 222
date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
time-ms: 0
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
accept-encoding: utf-8
content-length: 51

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.gammaplatform.com/adx/recv?pid=5&uid=61edf282-8c4c-4c3b-a577-89026d283e5c
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET sync
x.bidswitch.net/ Frame C527 0
0

GET

recv
cm.gammaplatform.com/adx/ Frame C527
Redirect Chain

https://gocm.c.appier.net/ambient
https://cm.gammaplatform.com/adx/recv?pid=10&uid=e8NCcYUwA1ei8CtCmAnHYA

0
0

GET send
cm.ambientdsp.com/cm/ Frame C527 0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3400 8 KB
3 KB 144ms
35ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=876052/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111763
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:31 GMT
vary: Accept-Encoding

GET

recv
cm.gammaplatform.com/adx/ Frame C527
Redirect Chain

https://cm.gammadsp.com/cm/send?vc=gdj
https://cm.gammaplatform.com/adx/recv?pid=50&uid=re4kg2apllz

0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 71F8 8 KB
3 KB 102ms
40ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=876052/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111763
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:31 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

sync
d.gammaplatform.com/ltm/ Frame C527
Redirect Chain

https://ad.crwdcntrl.net/5/c=13633/pe=y?https%3A%2F%2Fd.gammaplatform.com%2Fltm%2Fsync%3Fsegs%3D%24%7Baud_ids%7D
https://d.gammaplatform.com/ltm/sync?segs=

43 B
432 B

586ms
190ms

Image
image/gif

52.220.229.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d.gammaplatform.com/ltm/sync?segs=

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/300x250.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.220.229.2 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

lws: 42
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
time-ms: 0
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
accept-encoding: utf-8
content-length: 51

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://d.gammaplatform.com/ltm/sync?segs=
cache-control: no-cache
x-server: 10.45.11.30
content-length: 0
expires: 0

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame C527 2 KB
1 KB 40ms
39ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=83432313f553532313f5435393&cid=954&p=1505449937&s=http://travelmiso.com/&x=gammassp&nci=&adtg=1567570933&nai=&si=&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=1567569789&di=&mm=&os=&ua=&lat=&lon=
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570933&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=876052/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Jun 2021 15:09:31 GMT
server: cloudflare
age: 5791
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 65f1f37a6dc0eddf-CDG
content-length: 1146
cf-request-id: 0aab1680830000eddff83c5000000001
expires: Mon, 14 Jun 2021 09:47:31 GMT

GET
H2

200

tpid=znvd3cft81xn
bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/ Frame C527
Redirect Chain

https://bcp.crwdcntrl.net/5/c=13633/tp=GMMA/tpid=znvd3cft81xn
https://bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/tpid=znvd3cft81xn

49 B
788 B

140ms
134ms

Image
image/gif

52.30.140.199
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/tpid=znvd3cft81xn
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/300x250.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.140.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.12.49
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/tpid=znvd3cft81xn
cache-control: no-cache
x-server: 10.45.20.84
content-length: 0
expires: 0

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1A6C 0
0 37ms
36ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssH6oG25CxuAhP1tNw8psdKr4OTfi9ET15fKWmDRLN2wJxxE6ffJb9ukKZZwOq0mDVdMDWJJ8h66rvb1J5gUtjIAAnWs3RV8RW13HclR0im3Nx83XKvXFChsxmheUL-oH3nanFrNheEfcIo0cFfOH5Qf7vbP8QeFuKUhIo1eVHqo1QPwyG74OcYYvWq1polM3mT_I0tZQuufxeGPmEfDVmI5OWN12RjPp1zRxpnX9gFUoxh2lbagcjU7I07LNyQ6lQIKkC6_bnTN-13AYjNyWhuhwcL3kh8gqtQqKUXdgFtRBfV1kStjvS86CmEMCmJdyk&sig=Cg0ArKJSzMDQi5-pNi2WEAE&urlfix=1&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

b7.80.fd9f.ip4.static.sl-reverse.com

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 1A6C 61 KB
21 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e4810e88e50f93b12c1e24b897d264382cbcf6e2ba29054f68b19bc4dc4e104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 639 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21293
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:31 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1A6C 122 KB
37 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:31 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 036B 73 KB
28 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:31 GMT

GET
H2 200 production_flurryTag.html Show response
cdn.aralego.net/ucfad/mobile/ Frame 8C79 10 KB
2 KB 200ms
197ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=970&height=250&click=
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9bbf2c828c70be6c37d14a29e850719276d371dd384d968c62c63a1f6e8ba2a

Request headers

:method: GET
:authority: cdn.aralego.net
:scheme: https
:path: /ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=970&height=250&click=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-type: text/html
last-modified: Tue, 27 Apr 2021 04:01:41 GMT
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
cf-request-id: 0aab16811900004a86d717b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6BLQZY%2FlFg8YtLwUzFSGr3whFSCsTlyyc8NdcOR33BKChaduzqnMMz1gi2MufA9jcoEDTf1woOkSAfxYeUscKONhXEWnXP8y4PqZr8OR9blwUDfi%2FGZUiasa737P04zNfFld5IDJ448%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 65f1f37b5b144a86-FRA
content-encoding: br

GET
H3-29 200 container.html Show response
a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CC50 6 KB
3 KB 290ms
11ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:31 GMT
expires: Tue, 14 Jun 2022 07:47:31 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
ads.viralize.tv/t-bid-done/ Frame 52DC 0
83 B 38ms
36ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-done/?t=badn&item=NTU2MNTbtGao6pCO&sc=wp9sc1&u=http%3A%2F%2Fb.travelmiso.com%2F&zid=AAC96NRlexLe0QQQ&sid=01ebcce4c3c2ea8c58b46cce1d6fbb61&l=gpt&as=google&ct=&cpm=0.1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1FFD 73 KB
28 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:31 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1FFD 10 KB
8 KB 28ms
26ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49894029bda0e65e886c6650ac50a534b3fb5e249420477ba49429a2ac01ef53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7978
x-xss-protection: 0

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4D7F 42 B
64 B 20ms
14ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssOpi-5CdavwlH97Ibteci7U8nbCYAD1cmSkOIWz2mZZqU4wHXSRnIEu-2wOhisz-Qc_ErC6vhQgoKpAfrE31UtI3jOtfYFEFciKdROImU&sig=Cg0ArKJSzPkTh6s1FZJBEAE&id=lidar2&mcvt=1234&p=0,0,225,225&mtos=1234,1234,1234,1234,1234&tos=1234,0,0,0,0&v=20210611&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=2386355533&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656850183&dlt=0&rpt=706&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=

43 B
1 KB

128ms
30ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:32 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:31 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=&tc=1
https://ce.lijit.com/merge?pid=86&3pid=5p5SPieAjJiCl05raHbo&pi=sovrn&gdpr_consent=&gdpr=1&tc=1
https://ce.lijit.com/merge?pid=86&3pid=5p5SPieAjJiCl05raHbo&pi=sovrn&gdpr_consent=&gdpr=1&tc=1&dnr=1

0
684 B

95ms
28ms

Image
text/plain

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=86&3pid=5p5SPieAjJiCl05raHbo&pi=sovrn&gdpr_consent=&gdpr=1&tc=1&dnr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=86&3pid=5p5SPieAjJiCl05raHbo&pi=sovrn&gdpr_consent=&gdpr=1&tc=1&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=2122916275e28e076559a386&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=

43 B
1 KB

168ms
33ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=3&3pid=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:32 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x27
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ce.lijit.com/merge?pid=3&3pid=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 97BE 0
239 B 3686ms
99ms Image
image/gif 8.43.72.98
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 1c34e56f66d325760e494cbb7a93f50f
Content-Type: image/gif

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=49&3pid=rSzE3oYBNq9J&ev=1&pid=558511&gdpr_consent=&gdpr=1

43 B
1 KB

46ms
33ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=49&3pid=rSzE3oYBNq9J&ev=1&pid=558511&gdpr_consent=&gdpr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://ce.lijit.com/merge?pid=49&3pid=rSzE3oYBNq9J&ev=1&pid=558511&gdpr_consent=&gdpr=1
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-stage-0
expires: -1

GET

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=&_bee_ppp=1
https://ce.lijit.com/merge?pid=85&3pid=AAC92k7BjhMAADGkdfJcLA&gdpr=1

0
0

GET

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

0
0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=87&3pid=97ab0b82-599e-49cd-b60d-a0335abf1d5a

43 B
2 KB

38ms
37ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=87&3pid=97ab0b82-599e-49cd-b60d-a0335abf1d5a
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: //ce.lijit.com/merge?pid=87&3pid=97ab0b82-599e-49cd-b60d-a0335abf1d5a
Date: Mon, 14 Jun 2021 07:47:35 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 97BE 0
0 293ms
37ms Image
text/html 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=%3CPARTNER_UNIQUE_IDENTIFIER%3E?param=NTV_USER_ID&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=90&3pid=%3CPARTNER_UNIQUE_IDENTIFIER%3E?param=NTV_USER_ID&gdpr=1&gdpr_consent=

43 B
907 B

103ms
34ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=90&3pid=%3CPARTNER_UNIQUE_IDENTIFIER%3E?param=NTV_USER_ID&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
server: nginx/1.12.1
location: https://ce.lijit.com/merge?pid=90&3pid=%3CPARTNER_UNIQUE_IDENTIFIER%3E?param=NTV_USER_ID&gdpr=1&gdpr_consent=
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET pixel.gif
aorta.clickagy.com/ Frame 97BE 0
0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=10&3pid=1870471595906418928

43 B
1 KB

30ms
30ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=10&3pid=1870471595906418928
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: https://ce.lijit.com/merge?pid=10&3pid=1870471595906418928
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 97BE 0
0

GET
H/1.1

200
OK

reporting
ap.lijit.com/dsp/google/ Frame 97BE
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=MzNmYmE3ZDg2YzRkZDRmNzAwMmY5MmEz&gdpr=1
https://ap.lijit.com/dsp/google/reporting?gdpr=1

43 B
567 B

31ms
30ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/dsp/google/reporting?gdpr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ap.lijit.com/dsp/google/reporting?gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame 97BE
Redirect Chain

https://um.simpli.fi/lj_match?r=1623656850501&gdpr=1&gdpr_consent=
https://um.simpli.fi/no_match_opted_out

0
272 B

34ms
29ms

Image
text/plain

159.253.128.183
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 14 Jun 2021 07:47:34 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Mon, 14 Jun 2021 07:47:33 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Sun, 13 Jun 2021 07:47:33 GMT

GET
H2 200 generic
data.adsrvr.org/track/cmf/ Frame 97BE 70 B
264 B 60ms
32ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 97BE
Redirect Chain

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=rOBkl6rpPpa34D-R_LEqkvzoZZW35DKQ_OnyIW0a

43 B
1 KB

31ms
31ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=rOBkl6rpPpa34D-R_LEqkvzoZZW35DKQ_OnyIW0a
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=rOBkl6rpPpa34D-R_LEqkvzoZZW35DKQ_OnyIW0a
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET

noop
px.owneriq.net/ Frame 97BE
Redirect Chain

https://px.owneriq.net/eucm/p/sv?gdpr=1&gdpr_consent=
https://px.owneriq.net/ecc?redir=https%3a%2f%2fpx.owneriq.net%2ffr%2fepx.gif&uid=Q6769432551035509590&ref=%2Feucm%2Fp%2Fsv
https://px.owneriq.net/noop?ct=image%2Fgif

0
0

GET tum
ums.acuityplatform.com/ Frame 97BE 0
0

GET sync
x.bidswitch.net/ Frame 97BE 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 97BE
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=MzNmYmE3ZDg2YzRkZDRmNzAwMmY5MmEz&gdpr=1

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=MzNmYmE3ZDg2YzRkZDRmNzAwMmY5MmEz&gdpr=1

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=MzNmYmE3ZDg2YzRkZDRmNzAwMmY5MmEz&gdpr=1
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1

200
OK

iu3
aax-eu.amazon-adsystem.com/s/ Frame 97BE
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=1&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t

0
0

42ms
42ms

Image
text/html

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:36 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame C43C 8 KB
3 KB 30ms
29ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111762
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:32 GMT
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5C1D 8 KB
3 KB 29ms
29ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111762
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:32 GMT
vary: Accept-Encoding

GET
H2 200 0608867b Show response
rtb.gumgum.com/usync/ Frame 3437 4 KB
2 KB 107ms
33ms Document
text/html 34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 29d3ffdaf1b0b0c17b03fa16989dbe0d1e735abda3ab30e0ccdaf9e47d9007ac

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_236dab5e-1504-46ee-999b-da2c0e4f5cb2; Domain=.gumgum.com; Expires=Tue, 14-Jun-2022 07:47:32 GMT; Path=/; Secure; SameSite=None
etag: W/"0c4709fd088acae6e9583124c52cca6ba"
timing-allow-origin: *
content-encoding: gzip

GET
H/1.1

200
OK

Cookie set merge Show response
ce.lijit.com/ Frame FE86
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=1&3pid=4262092000418680198&gdpr=1&gdpr_consent=

43 B
1 KB

317ms
31ms

Document
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=1&3pid=4262092000418680198&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://gslbeacon.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=2122916275e28e076559a386; ctag=512:1623743250|561:1626248850|515:1626248850|563:1626248850|565:1623743250|520:1626248850|185:1623743250|203:1624866450|205:1623743250|541:1624866450|589:1626248850|462:1623743250; ljtrtbexp=eJxlkDkSwDAIA%2F%2FiOgVgznwtk7%2FnmBRGKdeSQegYPHZ2maFTjLYhL2q6q%2FE23Be%2B5dnl4M5M3R7fd3H2V5euV1X8XhJmQoSEHQmZUkE3YAd%2FdJYJ%2Fuos%2FjVGRI%2B%2FII%2FEcvNTGexTmK8w3%2BBeW%2Fug8wI1lFUb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_1=4262092000418680198;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:32 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=2122916275e28e076559a386;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:32 GMT;Max-Age=31536000;Secure;SameSite=None ctag=512:1623743250|561:1626248850|515:1626248850|563:1626248850|565:1623743250|520:1626248850|185:1623743250|203:1624866450|205:1623743250|541:1624866450|589:1626248850|462:1623743250;Path=/;Domain=.lijit.com;Expires=Wed, 14-Jul-2021 07:47:32 GMT;Max-Age=2592000;Secure;SameSite=None ljtrtbexp=eJxlkDkSwDAIA%2F%2FiOgVgznwtk7%2FnmBRGKdeSQegYPHZ2maFTjLYhL2q6q%2FE23Be%2B5dnl4M5M3R7fd3H2V5euV1X8XhJmQoSEHQmZUkE3YAd%2FdJYJ%2Fuos%2FjVGRI%2B%2FII%2FEcvNTGexTmK8w3%2BBeW%2Fug8wI1lFUb;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:32 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap7ams1

Redirect headers

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=4262092000418680198; Domain=.turn.com; Expires=Sat, 11-Dec-2021 07:47:32 GMT; Path=/; Secure; SameSite=None
location: https://ce.lijit.com/merge?pid=1&3pid=4262092000418680198&gdpr=1&gdpr_consent=
content-length: 0
date: Mon, 14 Jun 2021 07:47:31 GMT

GET
H2

200

cm Show response
us-u.openx.net/w/1.0/ Frame 9981
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_c...
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&g...

776 B
777 B

31ms
28ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_739868_bc525577f911439e862ec68774802197&rand=1212&informer=13406526&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com%2F&v=1.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 34e2b5f5ba8d29694c8ae41d124dc1b528f0fc41ea7eca971b8027bbb4ccfe77

Request headers

:method: GET
:authority: us-u.openx.net
:scheme: https
:path: /w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=7b1f04ed-974d-02a6-1807-eb1eba57d7f9|1623656853
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=7b1f04ed-974d-02a6-1807-eb1eba57d7f9|1623656853; Version=1; Expires=Tue, 14-Jun-2022 07:47:33 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1623656853|gekin0vNiygu; Version=1; Expires=Tue, 29-Jun-2021 07:47:33 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.208.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: text/html
content-length: 476
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=9c7f11c1-62db-0ce8-2217-db3c2a4a542b|1623656853; Version=1; Expires=Tue, 14-Jun-2022 07:47:33 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.208.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
date: Mon, 14 Jun 2021 07:47:33 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK proxy_245519.js Show response
media.innity.net/adnetwork/house/pub_244/ 2 KB
1 KB 27ms
24ms Script
application/javascript 104.111.224.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://media.innity.net/adnetwork/house/pub_244/proxy_245519.js?ord=[timestamp]
Requested by: Host: cdn.innity.net
URL: http://cdn.innity.net/global.js
Protocol: HTTP/1.1
Server: 104.111.224.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-224-62.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9463970f54f61dbfb8d8c98776041ae86e009e6101fc13952bda5a98b1bc0edc

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Mon, 14 Jun 2021 07:47:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 May 2020 09:13:58 GMT
Server: Apache
ETag: "95e-5a56fe22c72c9-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 988
Expires: Mon, 14 Jun 2021 08:17:31 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.fr/adsid/ Frame 7BBE 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7BBE 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7BBE 7 KB
4 KB 292ms
291ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4047737969176838&correlator=4267097944279727&output=ldjh&impl=fif&eid=31061428%2C31061410%2C44743204&vrg=2021060901&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=53015287%2Ctravelmiso.com_d_300x250_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=2&cookie=ID%3Db91b9b5f565a940c%3AT%3D1623656848%3AS%3DALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1594654829&dt=1623656852049&dlt=1623656849661&idt=2146&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=923&adys=265&adks=882287229&ucis=q7lv1stf2os3&ifi=1&ifk=3400364530&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fyl%2F300x250.html&ref=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x0&ga_vid=522435683.1623656852&ga_sid=1623656852&ga_hid=1809441329&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e57f58647a4968c7d42224753453ce87eba27bf21e37cb4e9416837c37106c64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3902
x-xss-protection: 0
google-lineitem-id: 5064520045
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138322598764
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
dd411a890dab2b459cd08a40178d49d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7BBE 0
0 41ms
18ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dd411a890dab2b459cd08a40178d49d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame F846 111 KB
38 KB 35ms
13ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:00:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2807
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:00:45 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame F846 8 KB
3 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BDC0oRWQCQOywspfm2pNwCDAubi7dnV9fDFQl3D-MGzuibRFPxJM26uze9CEvIt4_O24oIKw20AJoziEnQ5sA1It4wd21eYewE3MRxsBAyThwqnHz44-zColeXdK7SANfADRSWjn2dmfUX2OZ74v_CHWzPvA&dbm_d=AKAmf-AjGlyGgLdx6vygS-ny4_WZfioeXmuV7OI8LTxLLbuyiG-UkuYf6nuzWtFIO8O6iHIaq1GHHZR8d8tyXgHgZS-GsZGsWl_rq0pRvhyrrrPA25YEfpZtbgLI5y0VyH3ODgeNdPiqElhOyNISn2H2bomgxfNvjuOGP2WWi0rplkHXZtnfGMnBZ8U3OSG_VpkwFbBI2tk7lFMgoMzUL_mf_1rMHnZGMk5uHBoOVBmoSxIzKmYdvO6BQk3FdsccIcKdL2Z0nyNMLI7f7Ax3qwFkuN6CARPwiGIorOtfnHJjqeWq1rvHgXXLSR-wV1YzhlBAM-eH61ltZy_LKaA5WwxKOB99HJ0GaAVW30NhCbddns7lSuY7nU1ubp5qEqMa7AJTWnROf2H7XKM0oC6bK7gZBRzfcpR9O-iMKyGkcODqQ9osTTzTy_fXKQcS5OPPW-1ooBgLqY_fQZ27sTRiomrtCyykIrEOjkVi78ptgjeyOENSQdNEjhH4aBfWPjLfBSyokFq9rXv62NjOFVeY9xv3gMs-gf0uvLK6mkO9rWf0DTJUjVHuMARGF8mFQ9ANIM3Sn3pjLV-JsNP9IeV8JZYDqbD_eYe_XCh3n94mHUdAAd-GkjPirvjl1Pj9QAXyeUcD8WAP0isAPzQO6a3WvDfivqDgLdN8bTHIAOZPtausTezeT21Q4-n0WeeGUIieDQp2Btle35hAoVN2t7ijDqzn2jFHStE0MIyVaOm2KxQZ_rN8KUcVdDpOlQ6ay6MxiOVD1O772HSBtaE28S_6dbSD4oZoHJ3Z2zMa8THKDZ7HsMi8-jCdmn1UdZxOJika73EFpL0mCfVO2yS2vjjvURKTA7Y08kqghLSrYeUpzbUBevQNz6YpKbhrbT4wONJ9Iutdg6QW4JIz5f6iQIm-tdr_JsB3nUUOOv9y6zWyNrxdeP8wsbiMIRc95EL_OC9c-4xmMsm5Hdkc_YzX1J-ZTT19UNOLZHm1KqoSI2v6H1dD_Y3rCDiQk3rReuT5uDU4Vrg6C_blZ2uZVdbZCvAHNw7Ngk3i05amw4CvKGh4gHv-HgP902qsap3nCId61xfBIN5XGuLOlLYz7yYJbtYOPXO05Wn-yK9JLractmzKU_1LLOaKnayKB1kkEwpDRdT9yHXwfVvEc_busTEJ3JXcKIutF2NklWx1CknI0iewypvADLXCfxS4VZNubWGO_C-TO1sLpSzknrhCHGeoQccPgkQML5rtHWJq_k_McZH00CVsJeUcjuWNP3M-TnxRwx06dIQaVN_Gk8V-C2KfoCmiCLgj6O18ap-vdYN65rk7vsBYp5nmJE7cFAVqoc-jUsBurUpiNymC8VzLvkjl5faexBix0vkwgcffOwMGwevukjvcMqf68iZwW2gdHTOZSrQMeY8z4YsI1hibIW5P5eIJbUBOQW6o-09fm5t494iRp7n0UFORdhJ6Vq3WrMFWzkfsnhY0nKUdkLprbBsTz_Yczq-VPlp6BATy9fpA1OeGY6i2L6_BSNTivnrOrhpQeg1mtTMCHHSxvvAwqMc1-GJ7GdYEhbGZQOWqY25RPX0XX4AToiopVfUzvyulWpj37VGoFqonKf819z7VYgDOqp7ymDWX8RaGK6JgvzpOF57IEoP_YFrVTxL9plrR9u63qTcm04coW8kSprXKyUG1ktqPihu5EDOBukP1QIhNCLfXsNuX29fuCQ-hQY8ivGpdewZG7dFzPsDd90ILhHfRgBI099aQmA3n0klUtxa67ExceJM-jNr5soPzs7XFb6urRvMmYr1HDvRff7z-lcFgXAp-ga_BTMoLOwp2z_iGkEvLtp0IoPj0FiRwz5JvRVX3dU-yAovXnlIC190RK4a40xjdv9rQLw5n_QzWOuf3WbfrnaWoHY-u3AbYa1xHZFd24YjXhHqOyIOJd4FW1Zhsgvue7RLl63KcwzpfCz7Sq2Df3Cw_x6Juu15GAknvPs8ND7hwojF8T4bA-jw6Z0V_MUZTCCK6iKnpLu5qnZEyhsZ2LrlpkxgZ2xlVy7Ht5juVz9Lc54VaQyIu8uBslYD8Lvyv_rlQpCCisXnHS8aUHslsnavADrY2g3lGuP2JyesYQeDGicP6bELGy3EkbJpQnP1k7eXbkEmhqdBjYw77D4zxq-qva0cla7s1ZgfnWFrBFkdIRQb0vasiZ2hzSpPADsZnp1AFJh41kiaG4hSGniGy6Cww2yEU1-pcj7hRx1ZLx2TedGguU_dCv1bTxPi8KhTzI4WceRCj75w0-iMHwwLx9hCFQfrhGsiPQWhVPoHtqs7GmNYdL_ZtmYiqsoD5CdsYstyLHJu_MR6-bUm7eFcgoIe1kDMMw5IP-a3EHsJLHOXjAs9av_RzStlruUoSbmkdqayNc4ArDe8Z0kQhi3-ZhYvnV-qgA8m0iH5zQJXLbdR0DjmY_4h5Liamwc6uOK-cj3IWrRFs-_RvtQVGTb7sgdcjCsnmdpkqvTFuH2Gx1GNbOCWT-dAiCBF3q-YrLG16Q-t8dqurobcNoUx1dwx4MIbScRScXhMr9i5GmtsCJTAYqsUVr-UEkDzM_nxihnnUChwFq8gk7iamZV00BdzdejNeTZs8yZSAdLcq4xvH81NwhXaOsOQJwKTkVC-ti-FgI1KqqBEsOFcS9KCn8JkpcNL86inUhUnxZCN_xKUdUVQr7EZCRv3rcBmHNbFshNkdGIGJMXuU6A3gaVtaIt3zNQDh6ssZ7dbxX4uBZGcZrdhu_x-fRkp7pfiViJVOdY62G3SXhtQ9GvFJ_UemEf4OT6hqoLtsDPq3ileGEbDw8zayPVfgVnEl4VImwocyDdofk7SmpBGZ-j0W7tpNKcyZqzGyn0P57glJRpSUGVrCZZZKsB71yzoIVIgVzjcyIBr4AlpoGco7W4XCi_EboKqjhOJSRKpgsBA7zrqCUzT6qS9xnxi90qgDN_lQcdP-XB9cknjJCccGvpeX2g2HGXXKB3bV6TiUoobiMecbkNC9MMAvOM1MjYXJmiistLCFTMOH-ZpDYA-zWVApkwJby5rrN3s2czignlvT10PtKb0nIEZXm4T7dLveaGx-V9wASZ_3HY1YEEXPXoVOrN4V90VIDctt-0u8Uml9_VrK8ByJeQdBC9IuKV1KHuS52m0RbHvq1diWsLEDaogwF8yyAMwgg_2wXOgC49QxdhE2aZdirCmpSEL0Mgmb_KF-k8Jwq7qYWNgQN5Z8JrxRiw&cid=CAASEuRoquxJu--KiMnszY60socfSw&rfl=2%2Chttp%253A%252F%252Fb.travelmiso.com%242%2Chttp%253A%252F%252Fb.travelmiso.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:53 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame F846 22 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:47:25 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 0513 83 KB
27 KB 71ms
26ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a98e1f08dd27c121a337ddc31691d4044f56ae83301b574728548b78d3068d3b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:09:58 GMT
server: nginx
etag: W/"60b79136-14aab"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:47:32 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.fr/adsid/ Frame D78A 107 B
122 B 19ms
18ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame D78A 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D78A 7 KB
4 KB 66ms
65ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3403561844436924&correlator=3069401885224649&output=ldjh&impl=fif&eid=31061279%2C31061412%2C31061410&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=21673142571%2C113__travelmiso.com__default__300x250_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cookie=ID%3Db91b9b5f565a940c%3AT%3D1623656848%3AS%3DALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1613399997&dt=1623656852166&dlt=1623656849944&idt=2196&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=619&adys=519&adks=2246383180&ucis=c7483rx0k64i&ifi=1&ifk=1961491143&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fadsp%2F300x250.html&ref=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x0&ga_vid=74250631.1623656852&ga_sid=1623656852&ga_hid=558233512&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d8a51be227d6741cfedda76f4e6c0dfa972bd44a7e490f617bc0111e19c8bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3902
x-xss-protection: 0
google-lineitem-id: 5624503837
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138340232162
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
721cef14a8319d8ca7bf97ad831ebc00.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D78A 0
0 28ms
13ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://721cef14a8319d8ca7bf97ad831ebc00.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html Show response
936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B511 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:31 GMT
expires: Tue, 14 Jun 2022 07:47:31 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
ads.viralize.tv/t-bid-done/ Frame 86D9 0
83 B 28ms
27ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-done/?t=badn&item=NTU1OPkpEx5nemgF&sc=wp9sc1&u=http%3A%2F%2Fb.travelmiso.com%2F&zid=AADSIf6-RvqhS2yK&sid=01ebcce4c3c2f72898a9f96e66b7e271&l=gpt&as=google&ct=&cpm=0.1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame A515 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A515 10 KB
8 KB 26ms
25ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df97d83ae9a2096126417a8d06d74999c671628ab232ce6f07120e1804485c01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7831
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1FFD 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H2 200 cht_cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 656B 807 B
627 B 18ms
17ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cht_cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6058eb29e9bb8b7cd0d68f0d180a093941e971f4659092a70c99ca57827bc678

Request headers

:method: GET
:authority: cdn.aralego.net
:scheme: https
:path: /ucfad/cookie/cht_cookieSyncIframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-type: text/html
last-modified: Tue, 11 Aug 2020 08:15:02 GMT
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 5678
cf-request-id: 0aab16832a00004a8613152000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GJ%2BDuON16qaQ6ZxnaZDw%2BEVYqaVmOmCLzU%2B9TgsWD7fQUN8CZrANQSXG8%2B27oV%2F4nDSvQ2Ez47WoRHiLiJ8qKd348cBGk1fwPiwPBflej5WCgHKAh9Y7kNTpX3%2B2s5HwPwvQEuDxxc4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 65f1f37eac754a86-FRA
content-encoding: br

GET idsync
sync.aralego.com/ Frame 5BD4 0
0

GET
H2 200 P6xdhRZU1hs Show response
pr.ybp.yahoo.com/ab/secure/true/imp/LC2BFXp66BkBovTgNTeK9Q5FBvHLO7M2j2giC3Co54mmZHZki_PcdzXXwZ9X6ThmfdnSBufQfaXMgwKr_MBnHhJDhRfgaGSsLiNaIEGIegsdyaoj-SiUYrHacILRMtyfpxx-e4GhrDvNA6JrtRoBoKdtFozKmYbF5... Frame D32C 2 KB
3 KB 70ms
38ms Script
text/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://pr.ybp.yahoo.com/ab/secure/true/imp/LC2BFXp66BkBovTgNTeK9Q5FBvHLO7M2j2giC3Co54mmZHZki_PcdzXXwZ9X6ThmfdnSBufQfaXMgwKr_MBnHhJDhRfgaGSsLiNaIEGIegsdyaoj-SiUYrHacILRMtyfpxx-e4GhrDvNA6JrtRoBoKdtFozKmYbF5HYe0AzRBLZmT9V_guQocIXwaaeuzqVdwPOIbGTAal3H87FEvX2hlugH4qpGkyrhT0ZV6LwGRXLlZkrgIceg99z74cX8uFrUcSlHM6XIv9JMVHove2D_poLsLd8hQXokLdRu9NU4gmD-c-xfipY5DuwJteByLpXrMsZrso2kiURGhhf6tBjXLyfNYyqEzO_2jhmmeRWeC7Tw1vokGxl1nSYTE9po0O-L4Q3G75xb4ofKc7HKpL8xdsFWFj1_WAIsXwWoLVwFJsVvWHQfcHP2KNiuJ-IUvh1i0toh9BDaUN0oSphKTQj9B62R85qLR629u7QwPeJuL8UXy3zNnlfKRAj7ChhkGlG1j4RwL0rD9o3AXOIFEeeFSXe5pzlRKbwFLJLHlzVSTo0WyhGzfC9G9Qr8i-br7sL1wSCRQLbNzw3oWuKCL64y-8XndGTXoBC6erpZgYIstvFyvPt_EiRbuRCQFxKacNqXGvi-2ghpXyOCIzaGsu7xQPfJ_xTb2P5U30oPa1-Ku5gn2ZdTHLV259TowFJdBXg7gb6yVXCmlG_SJUTJfSXJm_VVxvK2w1iCiyGFdJ2adtLBKgekrAXYd0Ovmg9vNHw-mIPjB1uqrjJYijamGTXBJdzmXlwVADfn4vsGkc3-YIHUNP4bIIHoWOLI-QZs4xlzkyfAM82A-QP6lBLFhPpRcnSh-gpv6pEUhY2ujfT7LYj6pGPzmG3VBPxKiNAoxpAhFGd2Kfk_H7jRkrVlpDBBLOuNFfcoAN_iaJm4aA1CWnkEwy1Ib14j1882lm9MPuza2oIssLrNlh6pzDODDfI1gxCatFQzIxje33FU1z0Xtqnbz4LpUI1oxrKhu6CoB9U5f2vaMVKhmkDzG-XyuwMgOPI1JyHbCQkUNN9oRYaiGh9CnBTCK3Kl4wj2GH5irUAVjnObX8ySxzPeREXJBLwgtG3RHiE3izMOa-_1oreyAn_ONK20AQuaqwhqAn0nLQlAZMM_yhw1zuL1CQWaEZ7EsTZqe1QhkHc66kj4c9Wtmu-5ux4lOUdhkkpqnB3PEtVW7XIAqjPiLiSUGhoWL0rXptRzfj9wtp3b6tF2MeKB89CTn2WE1yklm0Q9LwTS9tKd3l3h9nmPGRHg07kPDsHneGHvpjH4gdUdTEAqn5E0lkFugFB_PCRtwJEucKUaAtbgAuckei6pHwT08pVDsVL_liWahYHDd7kg2D5gjwSOJXSZsc8qy8cXNY1AUFA97n_JXrSe_g66TvI9u9gUfVzlo46scSDhT_WsQtpHld5U-8BGGFexc4db7YBExj9ygkiZvI4t-oJJSxZIi18D3spv1seMc1GhzK0c7gWeP1rGKx8/wp/P6xdhRZU1hs

Requested by

Host: ads.aralego.com
URL: http://ads.aralego.com/sdk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

9695c463de21662c4185a67ed11cc7bcd88770103efe10e3f12fceedaebc5a05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript
x-xss-protection: 1; mode=block
expiry: Thu, 01 Jan 1970 00:00:00 GMT
public-key-pins-report-only: max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="Gtk3r1evlBrs0hG3fm3VoM19daHexDWP//OCmeeMr5M="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="iduNzFNKpwYZ3se/XV+hXcbUonlLw09QPa6AYUwpu4M="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
content-length: 1968
x-content-type-options: nosniff

GET
H/1.1 200
OK impr
us-east-ad-track.aralego.com/v1/ban/ Frame D32C 35 B
258 B 444ms
105ms Image
image/gif 207.244.102.141
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-east-ad-track.aralego.com/v1/ban/impr?iid=30d37c0d-3e18-456e-8ce0-b583004efb89&ds=55c9caf0c6eedbe3045c5d35&st=OATH101056000&cid=1494724&crid=55c9caf0c6eedbe3045c5d35-3152274
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 207.244.102.141 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: undefined
Date: Mon, 14 Jun 2021 07:47:32 GMT
Access-Control-Allow-Credentials: true
Connection: close
X-Powered-By: Express
Content-Length: 35
Content-Type: image/gif

GET
H2 204 /
ads.viralize.tv/track/ Frame 52DC 0
39 B 24ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_done%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTU2MNTbtGao6pCO~wp9sc1%3A0%22%2C%22bid_done_id%22%3A%220%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_selected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H2 204 /
ads.viralize.tv/track/ Frame 0513 0
39 B 23ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTU1NS23zt7cdAyJ~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22google_viewability_measurable%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FA25 42 B
64 B 17ms
16ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst6IL17K5EltshtsKux0cNBs7nU-d8wBmlZAKcY7AhZRBZi67ZihTx9AVeyGAMhT7Rea1BRmWDA8IMFWSmFPu1dCSxMiTWNqzB3dDFIOg52DC1_zcLZj6CK1YCN3Q&sai=AMfl-YTgpTDhoI1HsxQ0tDam4QTYWbvQ3izW9Z6J7i3BP6CUyx5C_K8aInuPvc4XfnqbhdyKlrqnxxS2zDlUXfdLeaDYpYYknkoFlj9K1cPvChu1B3LAvOiTxEnl_5TAWkQ&sig=Cg0ArKJSzLtVvgoYjrykEAE&cid=CAASFeRo91SOpFZvRmuuur0w42uMvimSlQ&id=ampim&o=11,11&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1392&mtos=0,0,1392,1392,1392&tos=0,0,1392,0,0&tfs=877&tls=2269&g=100&h=100&tt=2269&r=v&avms=ampa&adk=2590938559

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.fr/adsid/ Frame B966 107 B
122 B 18ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame B966 107 B
122 B 17ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame B966 15 KB
9 KB 767ms
767ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2957870746247738&correlator=2063495832751831&output=ldjh&impl=fifs&eid=31061290%2C31061361%2C31061413%2C31061336%2C31061410%2C31060840&vrg=2021060901&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=152344380%2Cca-pub-8804303781641925-tag%2Ctravelmiso.com_300X250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&cookie=ID%3Db91b9b5f565a940c%3AT%3D1623656848%3AS%3DALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1594654823&dt=1623656852310&dlt=1623656849658&idt=2634&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=315&adys=265&adks=2714596404&ucis=la1uch9dxbsn&ifi=1&ifk=3526672771&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fvls%2F300x250.html&ref=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x-1&ga_vid=1397573193.1623656852&ga_sid=1623656852&ga_hid=93613282&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

745700672990713e3b0d24f5d2c3cf15bb349068242a87402ca1dcda51394c16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8820
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B966 0
0 48ms
12ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D8A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0hJKCA763zuiq-Jdm33iE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0hJKCA763zuiq-Jdm33iE&google_cver=1&C=1

43 B
1014 B

39ms
39ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0hJKCA763zuiq-Jdm33iE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMLX3AIQvtXeAhiTyKacATAB&v=APEucNUbhzLCmD2SxeOMtEzL9erscQwnNuHamIw-FrmJWN1k2OFRvBiBOiAkxyN242UYgNUxt437RrPYOheAinpmfAJ5IZ0lPfdwwLSelUDUYiNn0W1bymJJjJ3Gr6STudQIgBrOeZwMuiDysAFg0VfA4uoYkaUwd4tJFPnff-ZqRl9b3WjPUtZLsE_NN0xePwwy8H38BkQ2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Jun 2021 07:47:33 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0hJKCA763zuiq-Jdm33iE&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D8A6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXmxuH4OX7EJpDgEGYxz4g&google_cver=1

43 B
1014 B

32ms
30ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXmxuH4OX7EJpDgEGYxz4g&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMLX3AIQvtXeAhiTyKacATAB&v=APEucNUbhzLCmD2SxeOMtEzL9erscQwnNuHamIw-FrmJWN1k2OFRvBiBOiAkxyN242UYgNUxt437RrPYOheAinpmfAJ5IZ0lPfdwwLSelUDUYiNn0W1bymJJjJ3Gr6STudQIgBrOeZwMuiDysAFg0VfA4uoYkaUwd4tJFPnff-ZqRl9b3WjPUtZLsE_NN0xePwwy8H38BkQ2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Jun 2021 07:47:34 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXmxuH4OX7EJpDgEGYxz4g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame D8A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHP7bTZxBnn5cd7dWsvuSTE&google_cver=1

43 B
1023 B

28ms
27ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHP7bTZxBnn5cd7dWsvuSTE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMLX3AIQvtXeAhiTyKacATAB&v=APEucNUbhzLCmD2SxeOMtEzL9erscQwnNuHamIw-FrmJWN1k2OFRvBiBOiAkxyN242UYgNUxt437RrPYOheAinpmfAJ5IZ0lPfdwwLSelUDUYiNn0W1bymJJjJ3Gr6STudQIgBrOeZwMuiDysAFg0VfA4uoYkaUwd4tJFPnff-ZqRl9b3WjPUtZLsE_NN0xePwwy8H38BkQ2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.106:80
AN-X-Request-Uuid: 3ea05a17-fa41-4f3c-a864-cc1035e14b03
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHP7bTZxBnn5cd7dWsvuSTE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame D8A6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg4Nzc4NDA1NzgwMjMwMjUzNg%3D%3D

170 B
243 B

150ms
36ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg4Nzc4NDA1NzgwMjMwMjUzNg%3D%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:32 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.46:80
AN-X-Request-Uuid: 98429cc4-e6f4-4246-8e88-bc839c3e4ca3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg4Nzc4NDA1NzgwMjMwMjUzNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 2F1B 12 KB
5 KB 9ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4327
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5386 783 B
533 B 86ms
79ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

67c9a52b8e355481dd88b8f805b4016b564adc167e6001e65e6c1324035057d2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0Z+ZzBG8GuiN99To5cRyaA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:32 GMT
date: Mon, 14 Jun 2021 07:47:32 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-0Z+ZzBG8GuiN99To5cRyaA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1A6C 318 KB
112 KB 38ms
37ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A515 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6049 0
0 42ms
39ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvc2REGDdscR_U31pZVuCZX5V4FkFmS6etZK-dFPUzgMmcPLQr_zS6lLkWhL5hRg1IQtpF73KVt_Am68YxehCXtHYBzG6xc7o6nUEbo7whZPRJFcJ3J0sloxMNLz0nS_dM0o8x6rcNRyZdDsOEF0t6QeKR2vhf1MUTYbVHuSA7-oOGITeyaDFdpsbw_e7-LmaMLiQdXS7Et8mv2iDDTxpC55UfEMipX0RQ_zX67TaHG0xeieiBan_iKf0yD3jnxRJaNmUtg78UT5MlAJRzzWEKBau7-LfeW6VdH3-bj_eLP1ZphQyPYSIlNnI3ul1DoC2n84M1OdYoQZWqdd3EZ&sig=Cg0ArKJSzBxwpC77xMi6EAE&urlfix=1&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

fp Show response
ap.lijit.com/www/delivery/ Frame 6049
Redirect Chain

http://ap.lijit.com/www/delivery/fp?z=861814
https://ap.lijit.com/www/delivery/fp?z=861814

87 KB
20 KB

35ms
34ms

Script
text/javascript

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/www/delivery/fp?z=861814
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adsp/300x250.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/"60468da9-15bdc"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap7ams1
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Location: https://ap.lijit.com/www/delivery/fp?z=861814
Content-length: 0

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6049 122 KB
37 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame D78A 73 KB
28 KB 28ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H2 204 /
ads.viralize.tv/track/ Frame 86D9 0
39 B 44ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_done%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTU1OPkpEx5nemgF~wp9sc1%3A0%22%2C%22bid_done_id%22%3A%220%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_selected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H/1.1 200
OK ucfad-formats.css
cdn.aralego.net/css/dev/ 975 B
1 KB 30ms
15ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 5878
Cf-Polished: origSize=1191
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0aab1683e600004a56e4b19000000001
Last-Modified: Fri, 16 Mar 2018 07:19:46 GMT
Server: cloudflare
ETag: W/"5aab7012-4a7"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gencZ%2BOBrOY1LPkInDqcOdFCLS1mtMAjb4dOMTV9a1KOtJ%2B76553VQkeff0UU0hfdpk4CwydyEUJhvq9UcU2ArC%2FnC3fs09yIhb7IdXJymCise8NOUxCuPhCr7bpAUVAYKzcQ7artPY%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
CF-RAY: 65f1f37fdb754a56-FRA
Cf-Bgj: minify

GET
H2 200 adop_sdk_p4.0.1.min.js Show response
adopdmp.adop.cc/ Frame D40F 18 KB
8 KB 45ms
12ms Script
application/javascript 2600:9000:214f:8800:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p4.0.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/f9358c97-5614-4a21-8133-fd2cce2c76ee?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=f9358c97-5614-4a21-8133-fd2cce2c76ee&type=re&loc=http%253A%2F%2Fb.travelmiso.com%2Fads%2Fadop%2F300x250.html&rnd=&percentage=false&size_width=300&size_height=250&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:8800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 509ad252be6b42da4d1b4c0eeaca785fd1f53b092e0e870f1fedb4ae92bf62c4

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 06:32:22 GMT
content-encoding: gzip
last-modified: Wed, 26 May 2021 02:38:34 GMT
server: AmazonS3
age: 1646111
etag: W/"8c7bca07717cb469b00f91427b45cca8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 befe3b8553d90339ecf78e5d7cefa60b.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: vvJkxVMKUt2XJLPqP96vGCg63kmBanptvNUWT1f9rcdyhqO01V7i5Q==

GET
H3-29 200 adop.travelmiso.com.1151336.js Show response
jsc.mgid.com/a/d/ Frame D40F 276 KB
69 KB 127ms
101ms Script
text/javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/a/d/adop.travelmiso.com.1151336.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/f9358c97-5614-4a21-8133-fd2cce2c76ee?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=f9358c97-5614-4a21-8133-fd2cce2c76ee&type=re&loc=http%253A%2F%2Fb.travelmiso.com%2Fads%2Fadop%2F300x250.html&rnd=&percentage=false&size_width=300&size_height=250&
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 120bd0634cb12ea54c3178c7a875dbc2661170fd214753f3e541317f308b3a39

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: br
cf-cache-status: HIT
age: 5266
cf-polished: origSize=283085
last-modified: Fri, 11 Jun 2021 03:25:03 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: YH2ES0XDREZD4FCH
x-amz-id-2: 70FUi2uE/zU9QiP5equQp47e16oNoDo+jTPYiod7yDS+Zu6xBPvoAPtrwV50GXt8JVGevnkgBiM=
cf-bgj: minify
server: cloudflare
etag: W/"a5efe50b30ff1c09a9750887ecbc32e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-request-id: 0aab1684050000edb7f4b92000000001
cf-ray: 65f1f3800a45edb7-CDG
expires: Mon, 14 Jun 2021 10:47:32 GMT

GET
H2 200 / Show response
track.adform.net/serving/container/ Frame C5FF 1 KB
929 B 47ms
35ms Document
text/html 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/container/?pm=720907&lid=25271102&ctype=0&media=0&PageName=Viralize-all+cookie&rnd=1649350748&cpref=http%3a%2f%2fshoppinglifestyle.biz%2f&loc=http%3a%2f%2fb.travelmiso.com%2ftravel%2f

Requested by

Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

dbf0dfecc92dba15f7821257132adc99a026db244bffc07fbdaf087e5d0579b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: track.adform.net
:scheme: https
:path: /serving/container/?pm=720907&lid=25271102&ctype=0&media=0&PageName=Viralize-all+cookie&rnd=1649350748&cpref=http%3a%2f%2fshoppinglifestyle.biz%2f&loc=http%3a%2f%2fb.travelmiso.com%2ftravel%2f
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: C=1; uid=6017011265488529659
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

server: nginx
date: Mon, 14 Jun 2021 07:47:32 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

/
ps.eyeota.net/match/bounce/
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1003
https://a.audrte.com/a?adform_uid=6017011265488529659
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEHTsfqF00uH0pOMNUEkIlAY&google_cver=1
https://ps.eyeota.net/match?bid=kh51m51&uid=67czju6WtFZReeQoh52hy-STw&gdpr=0&gdpr_consent=
https://ps.eyeota.net/match/bounce/?bid=kh51m51&uid=67czju6WtFZReeQoh52hy-STw&gdpr=0&gdpr_consent=

70 B
440 B

26ms
25ms

Image
image/gif

3.124.210.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match/bounce/?bid=kh51m51&uid=67czju6WtFZReeQoh52hy-STw&gdpr=0&gdpr_consent=
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.124.210.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-210-90.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /match/bounce/?bid=kh51m51&uid=67czju6WtFZReeQoh52hy-STw&gdpr=0&gdpr_consent=
Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1 200
OK /
dmp.adform.net/dmp/profile/ 35 B
282 B 84ms
52ms Image
image/gif 37.157.6.242
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://dmp.adform.net/dmp/profile/?pid=10747&sg=21

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

HTTP/1.1

Server

37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:32 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=90
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 7388 14 KB
6 KB 30ms
18ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H2 200 production_flurryTag.html Show response
cdn.aralego.net/ucfad/mobile/ Frame 5F27 10 KB
2 KB 211ms
195ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=300&height=250&click=
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9bbf2c828c70be6c37d14a29e850719276d371dd384d968c62c63a1f6e8ba2a

Request headers

:method: GET
:authority: cdn.aralego.net
:scheme: https
:path: /ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=300&height=250&click=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-type: text/html
last-modified: Tue, 27 Apr 2021 04:01:41 GMT
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
cf-request-id: 0aab16841300004a86d71da000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=x61jgMOxqnuNidVFgrFTS60f6IzV1HSbb1P%2F%2FoGqWijdXC53%2BlQCm10h4KFiAWYpdVgoxcUrjYKqZNwnk6jt74qZQADyWQ%2BLnlsGfa%2BOqw%2FCDfFn5hwrZKVFDnnEAUsMSzbhIG7nxec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 65f1f38018694a86-FRA
content-encoding: br

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame D785 0
0 44ms
38ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstycffdi9Gd79cAGmSzMpoc0ozmo3mAfgqOQz3b0b99LPeI6whxJeOalSexfMK909PubjnQUhQaRsCYqz6LKqq_jGV2uCAmserX0NGcUMUqpPJ0OZNVPwTicCBCF--NZQWXkOuROjvRJzf1xL3zgdT-qKif5d3yJWnOem882UkbSgbTTlSyhvDas4Uon90aqfAEyZQJjbggWRNw-AiNHD-25KY7LaIiqTH5VjHrm6Buodze2xxt5UgSk5uYvg9Rk6Bc8jMf6k1sH6VJ6C_qu_obrcWk6Tk1ZnZSeVVGD6ojVl22vMpIbbwJHrlo8kQKCEQ&sig=Cg0ArKJSzBfQRBNg_xmiEAE&urlfix=1&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

b7.80.fd9f.ip4.static.sl-reverse.com

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame D785 61 KB
21 KB 27ms
20ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86ee0f7b3d235225748ea83380c2c178380256bfc0dec86f7e5fbeb1ff4ec26b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 8 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21287
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D785 122 KB
37 KB 26ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7BBE 73 KB
28 KB 43ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame DA0C
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=87&3pid=1e5909af-14a4-4694-83f5-ae87d11f251b

43 B
2 KB

76ms
36ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=87&3pid=1e5909af-14a4-4694-83f5-ae87d11f251b
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:36 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: //ce.lijit.com/merge?pid=87&3pid=1e5909af-14a4-4694-83f5-ae87d11f251b
Date: Mon, 14 Jun 2021 07:47:35 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame DA0C
Redirect Chain

https://um.simpli.fi/lj_match?r=1623656851377&gdpr=1&gdpr_consent=
https://um.simpli.fi/no_match_opted_out

0
272 B

30ms
25ms

Image
text/plain

159.253.128.183
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 14 Jun 2021 07:47:34 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Mon, 14 Jun 2021 07:47:33 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Sun, 13 Jun 2021 07:47:33 GMT

GET
H/1.1

200
OK

reporting
ap.lijit.com/dsp/google/ Frame DA0C
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=MjEyMjkxNjI3NWUyOGUwNzY1NTlhMzg2&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=MjEyMjkxNjI3NWUyOGUwNzY1NTlhMzg2&gdpr=1&google_tc=
https://ap.lijit.com/dsp/google/reporting?gdpr=1

43 B
567 B

29ms
28ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/dsp/google/reporting?gdpr=1
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ap.lijit.com/dsp/google/reporting?gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame DA0C
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=2122916275e28e076559a386&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=&dnr=1

0
656 B

86ms
29ms

Image
text/plain

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=3&3pid=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=&dnr=1
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=3&3pid=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame DA0C
Redirect Chain

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=&tc=1
https://ce.lijit.com/merge?pid=86&3pid=5p5SPieAjJiCl05raHbo&pi=sovrn&gdpr_consent=&gdpr=1&tc=1
https://ce.lijit.com/merge?pid=86&3pid=5p5SPieAjJiCl05raHbo&pi=sovrn&gdpr_consent=&gdpr=1&tc=1&dnr=1

0
1 KB

27ms
26ms

Image
text/plain

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=86&3pid=5p5SPieAjJiCl05raHbo&pi=sovrn&gdpr_consent=&gdpr=1&tc=1&dnr=1
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:33 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=86&3pid=5p5SPieAjJiCl05raHbo&pi=sovrn&gdpr_consent=&gdpr=1&tc=1&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET sync.php
pixel-eu.rubiconproject.com/exchange/ Frame DA0C 0
0

GET sync
x.bidswitch.net/ Frame DA0C 0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 56E1 8 KB
3 KB 80ms
52ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ap.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111762
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:32 GMT
vary: Accept-Encoding

GET
H2

200

cm Show response
us-u.openx.net/w/1.0/ Frame FD5E
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_c...
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&g...

776 B
810 B

26ms
25ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: a9c4707fb2358aa8b4bf23ed410814b5f220112b6d1aeeb96200b5d1a9b3319b

Request headers

:method: GET
:authority: us-u.openx.net
:scheme: https
:path: /w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ap.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=02c19150-94ee-4c08-a2f6-5eddf73923e0|1623656853
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=02c19150-94ee-4c08-a2f6-5eddf73923e0|1623656853; Version=1; Expires=Tue, 14-Jun-2022 07:47:33 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1623656853|gekin0vNiygu; Version=1; Expires=Tue, 29-Jun-2021 07:47:33 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.208.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: text/html
content-length: 476
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=7b1f04ed-974d-02a6-1807-eb1eba57d7f9|1623656853; Version=1; Expires=Tue, 14-Jun-2022 07:47:33 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.208.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
date: Mon, 14 Jun 2021 07:47:33 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 200 0608867b Show response
rtb.gumgum.com/usync/ Frame 04F9 4 KB
1 KB 57ms
41ms Document
text/html 34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 29d3ffdaf1b0b0c17b03fa16989dbe0d1e735abda3ab30e0ccdaf9e47d9007ac

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ap.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_236dab5e-1504-46ee-999b-da2c0e4f5cb2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
etag: W/"0c4709fd088acae6e9583124c52cca6ba"
timing-allow-origin: *
content-encoding: gzip

GET
H2 200 json Show response
trc.taboola.com/travelmiso300x250gr-r19505065/trc/3/ Frame 6040 5 KB
3 KB 129ms
124ms XHR
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/travelmiso300x250gr-r19505065/trc/3/json?tim=09%3A47%3A32.602&lti=deflated&data=%7B%22id%22%3A872%2C%22ii%22%3A%22%2Fusync%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1623577571216%2C%22vi%22%3A1623656852595%2C%22cv%22%3A%2220210613-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22http%3A%2F%2Fnichools.com%2Fusync%3Fi%3Djvz1bqas4afbza0812345%26a%3Df806503c39db99c77ecab4df904769a71%26cb%3D0646011623656847690%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A300%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A250%2C%22dw%22%3A300%2C%22dh%22%3A250%2C%22qs%22%3A%22%3Fi%3Djvz1bqas4afbza0812345%26a%3Df806503c39db99c77ecab4df904769a71%26cb%3D0646011623656847690%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%2219505065%22%2C%22orig_uip%22%3A%2219505065%22%2C%22cd%22%3A0%2C%22mw%22%3A300%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210613-7-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c7858a9684dd317e8153850511821111c16d787397ea2e46779d09402fb04168

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 99
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
server: nginx
x-timer: S1623656853.626929,VS0,VE99
x-served-by: cache-hhn11534-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: http://nichools.com
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H/1.1 200
OK flimpobj.js Show response
pixel.yabidos.com/ Frame 03F2 30 KB
24 KB 310ms
45ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://pixel.yabidos.com/flimpobj.js?cb=1623656852432&ver1=2.2.3&qid=83432313f553532313f5435393&rnd=50q64xx6m971&cid=954
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83432313f553532313f5435393&cid=954&p=1505449937&s=http://travelmiso.com/&x=gammassp&nci=&adtg=1567570933&nai=&si=&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=1567569789&di=&mm=&os=&ua=&lat=&lon=
Protocol: HTTP/1.1
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:31 GMT
Server: cloudflare
Age: 5796
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f3829fe90482-CDG
Content-Length: 23972
cf-request-id: 0aab1685a600000482668be000000001
Expires: Mon, 14 Jun 2021 09:47:32 GMT

GET
H/1.1 200
OK inndef_728x90.asp Show response
www.travelmiso.com/acta/friends/ Frame 4986 3 B
323 B 173ms
171ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.travelmiso.com/acta/friends/inndef_728x90.asp
Requested by: Host: media.innity.net
URL: http://media.innity.net/adnetwork/house/pub_244/proxy_245519.js?ord=[timestamp]
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e0dc0ad7ac4bba718029e4937736aa9610cf977cd2dd0c3bd468036e4e4f5fe4

Request headers

Host: www.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: _a3rd1567570933=0-9; ASPSESSIONIDQCSSCCAC=PDMDPFDDPOOLNPFLDIGELOAE; __gads=ID=b91b9b5f565a940c:T=1623656848:S=ALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:31 GMT
Content-Length: 122

GET
H/1.1 200
OK / Show response
3jb25f7slq.s.ad6media.fr/ Frame D32C 0
362 B 1191ms
47ms Script
application/javascript 149.202.153.163
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://3jb25f7slq.s.ad6media.fr/?cache_buster=52496831473608013&d=1623656852677&oath_pubid=67&oath_cid=3152274&oath_lid=1494724&clicktag=https%3A%2F%2Fpr.ybp.yahoo.com%2Fcj%2Fcd%2FQxqXNuVd0EQ05bXN6x-7mHR12eRFB9MV3QGk-f--lCXVCjhw0dodwyhKhhbNotpAhHMbAtRyv4g8-re05Gcoai6klmdQcxWVe2WniIRYHFo0H4Jflr3iUCd0MnWiMa8rhqtjIRzJe41ej4r6_8Njz3l-_-xhePKkJb26OpEfhpnwigAYTas5UIMCvsIbDkjwSmxoO3H3PAJAf9CRLQ05cXxPU60SeP7uzbHtD-Cw3HZuxhK3jnH8GHX8558siKMuyMYZFZUQqeGkSC9llKcZzQ%2Frurl%2F&gdpr=1&gdpr_consent=&r=http%3A%2F%2Fshoppinglifestyle.biz%2F
Requested by: Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.202.153.163 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:33 GMT
Content-Type: application/javascript
Server: nginx
Timing-Allow-Origin: *
Transfer-Encoding: chunked
Report-To: { "url": "https://report.s.ad6media.fr/reports", "max_age": 10886400, "include_subdomains":true }
P3P: policyref="https://www.ad6media.fr/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"

GET
H2 200 inside.js Show response
s.yimg.com/rq/iv/ Frame D32C 27 KB
9 KB 26ms
8ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/iv/inside.js

Requested by

Host: pr.ybp.yahoo.com
URL: https://pr.ybp.yahoo.com/ab/secure/true/imp/LC2BFXp66BkBovTgNTeK9Q5FBvHLO7M2j2giC3Co54mmZHZki_PcdzXXwZ9X6ThmfdnSBufQfaXMgwKr_MBnHhJDhRfgaGSsLiNaIEGIegsdyaoj-SiUYrHacILRMtyfpxx-e4GhrDvNA6JrtRoBoKdtFozKmYbF5HYe0AzRBLZmT9V_guQocIXwaaeuzqVdwPOIbGTAal3H87FEvX2hlugH4qpGkyrhT0ZV6LwGRXLlZkrgIceg99z74cX8uFrUcSlHM6XIv9JMVHove2D_poLsLd8hQXokLdRu9NU4gmD-c-xfipY5DuwJteByLpXrMsZrso2kiURGhhf6tBjXLyfNYyqEzO_2jhmmeRWeC7Tw1vokGxl1nSYTE9po0O-L4Q3G75xb4ofKc7HKpL8xdsFWFj1_WAIsXwWoLVwFJsVvWHQfcHP2KNiuJ-IUvh1i0toh9BDaUN0oSphKTQj9B62R85qLR629u7QwPeJuL8UXy3zNnlfKRAj7ChhkGlG1j4RwL0rD9o3AXOIFEeeFSXe5pzlRKbwFLJLHlzVSTo0WyhGzfC9G9Qr8i-br7sL1wSCRQLbNzw3oWuKCL64y-8XndGTXoBC6erpZgYIstvFyvPt_EiRbuRCQFxKacNqXGvi-2ghpXyOCIzaGsu7xQPfJ_xTb2P5U30oPa1-Ku5gn2ZdTHLV259TowFJdBXg7gb6yVXCmlG_SJUTJfSXJm_VVxvK2w1iCiyGFdJ2adtLBKgekrAXYd0Ovmg9vNHw-mIPjB1uqrjJYijamGTXBJdzmXlwVADfn4vsGkc3-YIHUNP4bIIHoWOLI-QZs4xlzkyfAM82A-QP6lBLFhPpRcnSh-gpv6pEUhY2ujfT7LYj6pGPzmG3VBPxKiNAoxpAhFGd2Kfk_H7jRkrVlpDBBLOuNFfcoAN_iaJm4aA1CWnkEwy1Ib14j1882lm9MPuza2oIssLrNlh6pzDODDfI1gxCatFQzIxje33FU1z0Xtqnbz4LpUI1oxrKhu6CoB9U5f2vaMVKhmkDzG-XyuwMgOPI1JyHbCQkUNN9oRYaiGh9CnBTCK3Kl4wj2GH5irUAVjnObX8ySxzPeREXJBLwgtG3RHiE3izMOa-_1oreyAn_ONK20AQuaqwhqAn0nLQlAZMM_yhw1zuL1CQWaEZ7EsTZqe1QhkHc66kj4c9Wtmu-5ux4lOUdhkkpqnB3PEtVW7XIAqjPiLiSUGhoWL0rXptRzfj9wtp3b6tF2MeKB89CTn2WE1yklm0Q9LwTS9tKd3l3h9nmPGRHg07kPDsHneGHvpjH4gdUdTEAqn5E0lkFugFB_PCRtwJEucKUaAtbgAuckei6pHwT08pVDsVL_liWahYHDd7kg2D5gjwSOJXSZsc8qy8cXNY1AUFA97n_JXrSe_g66TvI9u9gUfVzlo46scSDhT_WsQtpHld5U-8BGGFexc4db7YBExj9ygkiZvI4t-oJJSxZIi18D3spv1seMc1GhzK0c7gWeP1rGKx8/wp/P6xdhRZU1hs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

5e7a15a78f3e5acf15d77a470228977a7366dc088ebcf9104c3f05608c5d3472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 14 Jun 2021 04:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11415
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 8520
x-amz-id-2: uSkSLEThSRsK3syVgu8TcdSAFam/Ovdk9c3bWRFzbJVFEvKANQy44SEyAj1Ynj3TLo5w2uGF2lc=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Jun 2021 02:45:00 GMT
server: ATS
etag: "374491d3a72260076e3766e4faa3e403-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: MXP5RD5PVN322APQ
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 4894 14 KB
6 KB 13ms
8ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H/1.1

200
OK

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame 235E
Redirect Chain

http://ads.aralego.com/sdk
http://cdn.aralego.net/ucfad/sdk/us-east/sdk

39 KB
40 KB

19ms
16ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: www.travelmiso.com
URL: http://www.travelmiso.com/acta/friends/gmdef_300x250.asp
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a87fd41597436af0e4160d453d7e8e2b4384edb15d2fdf2058de7c29b31e637

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:33 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 4330
Connection: keep-alive
Content-Length: 40120
cf-request-id: 0aab16871d00004a56b53dc000000001
Last-Modified: Fri, 28 May 2021 01:36:32 GMT
Server: cloudflare
ETag: "60b04920-9cb8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hS4e0YmmGP%2FeHEqnVDzHl1UUO78fhtULRzZW83RtaaMJMmoNaJQD92wEs%2B7zz62mxi3TNLlPIopvnqIwQlPusd6tXPlLpXHJXsJHG7JElfx92ZJ%2Fa1Wk6fLijhK%2Bb2qqe9ejpZ%2BoG14%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/octet-stream
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
CF-RAY: 65f1f384f8574a56-FRA

Redirect headers

Location: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
Content-length: 0

GET
H3-29 200 index.html Show response
s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/ Frame 5AAC 6 KB
2 KB 8ms
7ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d27e59777903b1d8b56239b5affca08291805f3bbb09c281e919f08d826732b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 2326
date: Mon, 14 Jun 2021 07:04:08 GMT
expires: Tue, 15 Jun 2021 07:04:08 GMT
last-modified: Mon, 01 Feb 2021 19:30:33 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 2604
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F846 0
592 B 127ms
42ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsta1etxMfstdc1oZya7Sf37q0PROF0yaSVL182VpXH4umMpX3QYZRkwl_OfbeyvmZPol92vWW_CAhT0R8T-MBkQxweIuH5Ix3tgtf5KAWFMuiDVgJ_J_i5Qa7pcgI3iCzRiLkTNMjjvWSvchiQP6aUkUAoNWn3rzfPoPPF1UH2cdwVEFnFdD3psLm00DeB7vVpqqHkEXKvxs0IFc3vQbfsixHUCZUYzyQfF5K9m5uiPm0XCfrmqRDZEAmdLTt0RgKKtH2z01VVq1ZUkqzra8CJz4YCU2A6XTQ_BeTZDDxKuMzAsOheXLp976C2W5VxIJoLpqPWMaoPGqqfFmhe4Fh-DBhhDdhdymErk-YMdbX8xKRFFXcRH65dBGMo3LwOtf7mgMA6hNaVNO95RjjeZFJGMKW8Jmr8KadLS-u7xFJvalmAT0_5gNTPiIfK2TyEZPdOrmIqphOzYpIfnE2YTxE4b9tlyEcukD-TaEKplR3V29tgEGKRnmPK5uac624n19VKGk_qtAfzEPsciJM6c9gQCWkK68LxS87iYVJTty_BO3f3SmF5ydmK6a7_I6-J7cNz9iLPzw2tQvGaphIE3TsEz02kdoIiwVMNnxa6pTjURuARTn_9S88TUsgEX99yVuTsgovzmRNqGHaC3Tp5AOOVL4F57mdmT4yNGk_ur-nebhG77bGkbIvAh13nvwiS2svhs900Z6QdpEdey2JU5lC119s0IfhHAjGT4mO1uTpHds3dkAtK8-co4rmbA1rpoq_qPAHp8tDqcJ0jK1QxVBIDBYSurok91OqOck6-C83T2tgO-Qll_ymBIldu3u1kZieNThI7IvGvJ-_coRySBpzVnOFdJG1wFlrW6_ozRLsCDX-lwbAxleJ458G7cAYRvQ4A9AUGTDvTTki-hpduF-DsMKvxPf39PR6mX0QQweAJ7tYfOFWTSJCVO740eBYEGC4ttd8l2w92hCMDhfvO2mPzm1zMOQAFyGZX5FDNbL6qjrw7LUQrY-jkTJTCQsUik9_E9VVXgzFbH27KZRxWY0tf1EDKGYQEDUbksCetzXwiORvvvIGXkYa4F2c7bHOU0TxuC-X7CJWeP7jrL6Ayf1xAoBAsA6HJexm8feTXpWBuoG_cMccoJlhD-2WYDIuLDio37DN_RlMUUwM55sA_h1lOJ10_iNq1m6_tu16-xjqEpQNYk6j4XhYVHYOmCdFB3Fe0DPkkNiwFSLGtQ5uf2&sai=AMfl-YQwvv3VDkpEeWalcAE3hWjfFEPF5AlKVgt6qpY6vpk2IoPGQDA_40ctJd5pBvlxTCRLfcpXkKIf8I2ugaCo6UzJV-_PHuNCAfieg7JJfDHgSUgLZPc2JeZTMZXK6ixHNVMyLLEEcGBiy1Jw-q7um2DYwz4kHg&sig=Cg0ArKJSzAumrH5TjmUVEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=660&cbvp=1&cstd=649&cisv=r20210607.72636&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Jun 2021 07:47:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame D0BD 62 KB
21 KB 34ms
34ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cht_cookieSyncIframe.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

501a9391f2566e13d08d808678bfd47a7fef4c33eabbf1625b9494fa75db1071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 859 of 1000 / last-modified: 1623449396"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21627
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 9015 38 KB
14 KB 36ms
36ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29093
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:32 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 267B 38 KB
14 KB 37ms
37ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29093
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:32 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 0411 38 KB
14 KB 45ms
35ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29093
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:32 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame AFCE 38 KB
14 KB 40ms
35ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29093
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:32 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame B67A
Redirect Chain

http://ads.aralego.com/sdk
http://cdn.aralego.net/ucfad/sdk/us-east/sdk

39 KB
40 KB

48ms
41ms

Script
application/octet-stream

2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: www.travelmiso.com
URL: http://www.travelmiso.com/acta/friends/gmdef_300x250.asp
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a87fd41597436af0e4160d453d7e8e2b4384edb15d2fdf2058de7c29b31e637

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 4335
Connection: keep-alive
Content-Length: 40120
cf-request-id: 0aab169ae800004ea4a0b05000000001
Last-Modified: Fri, 28 May 2021 01:36:32 GMT
Server: cloudflare
ETag: "60b04920-9cb8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3Po0vvXRsg58CWKLLQD1l2CoDNIgwdgt4g1V8kM9%2FY2nGm5gxuVF5uhAmBK4Yv7bLHp3hsh3fYTqaGFjLPEbb%2F9g1ugL7ZW4%2B8zgRZPmfLTnw9PhlKSz3wzRt26mcJ3E6jl%2B10BNc7o%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/octet-stream
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
CF-RAY: 65f1f3a4ae804ea4-FRA

Redirect headers

Location: http://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
Content-length: 0

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1A6C 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1A6C 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1A6C 7 KB
4 KB 189ms
184ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=801176634548887&correlator=799911096159029&output=ldjh&impl=fif&eid=31061290%2C31061354%2C31061410&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=53015287%2Ctravelmiso.com_d_300x250_2a&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=2&cookie=ID%3Db91b9b5f565a940c%3AT%3D1623656848%3AS%3DALNI_MZ97nIYoqC28iOPfzwAn6BESrMS9w&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1623656852&dt=1623656852897&dlt=1623656851626&idt=1246&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=619&adys=265&adks=722326227&ucis=1751rxbcbzje&ifi=1&ifk=3551825510&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fyl%2F300x250-btf.html&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=519397575.1623656853&ga_sid=1623656853&ga_hid=221328488&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30af57cbc86d1b9a13cad96681bf4f7995389ac335b932a1d04153708f1c9ff1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3890
x-xss-protection: 0
google-lineitem-id: 5089888533
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138322600219
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
96e31394895da6e35791219a91fa0a55.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1A6C 0
0 53ms
16ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://96e31394895da6e35791219a91fa0a55.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 1A6C 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff7a697e0e6ddab20dec2f1be005cf8d64dd6a398ccad1535f8c280d017a09d1

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 yap.js Show response
s.yimg.com/av/yap/ga/ Frame 8C79 69 KB
21 KB 8ms
7ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/av/yap/ga/yap.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=970&height=250&click=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

56cf6c2adb75e276955f3bf951793f0c794ceb51d67d5d2c64b8ec01b996ecc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 14 Jun 2021 07:17:46 GMT
content-encoding: gzip
x-amz-meta-created-date: Thu, 14 Jun 2018 21:01:51 GMT
age: 1787
x-amz-server-side-encryption: AES256
x-amz-meta-x-ysws-mbst-vtime: 1529010111289407
vary: Accept-Encoding,Origin
x-amz-request-id: T70J71QY40SSM61E
x-amz-id-2: EA69afkUYrGtzWGH8rI2GtYYoH7JGlpRWytpgFMYRhhIOIlQfvIDKxYMQWahHGPI7LbTpka5HRU=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 22 Jun 2018 20:24:03 GMT
server: ATS
etag: "dc33089f908605f46038b49337653924-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,stale-while-revalidate=30,max-age=3600
content-length: 21352
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:f804d14e-b940-4c8c-9951-826241a860ad00056ea0688a983f"
x-content-type-options: nosniff
expires: Fri, 22 Jun 2018 21:24:02 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0617 640 B
316 B 20ms
19ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPWBhJ0BMAE&v=APEucNW1PfRnpP6cqwyKkST1VkYCGwUsr6GHp7FDxRWm6q5y88p2ED0VCGpd-iYM-EaaDTjg9Eb2cNSPfhX3eRPQyZ5e4lj2pe8Lg9wz3nAj5VjhcIr6m0sdVselmERdgUsw0f2zwPAMBam5ygikAMqqsF4QrvvS4PZdGxvQLCOfjt3lSZr7cK6Xy3cbeCJ-bRavgwTTxIKFPnsNyG2Ofx0W6u8BYMD_FA

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CKfiYRCr8_wBGPWBhJ0BMAE&v=APEucNW1PfRnpP6cqwyKkST1VkYCGwUsr6GHp7FDxRWm6q5y88p2ED0VCGpd-iYM-EaaDTjg9Eb2cNSPfhX3eRPQyZ5e4lj2pe8Lg9wz3nAj5VjhcIr6m0sdVselmERdgUsw0f2zwPAMBam5ygikAMqqsF4QrvvS4PZdGxvQLCOfjt3lSZr7cK6Xy3cbeCJ-bRavgwTTxIKFPnsNyG2Ofx0W6u8BYMD_FA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkWrAMFjgaPY-5Wy0_C16B8n7Pl47SH-Jjtp9jo0joVkjSULWNSk0VeJUUrC3w; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Jun 2021 07:47:32 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CC50 58 KB
24 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ALez-eC1NyqlqJ1GhjrTbZccORx7P7_I8loVNSBTEtbUZSJQ04fd02xy8uL3EIPLpqUMdAvPucuIzjiaBaoxBNTFPTkMl7c4imv2Xa2atEMt2W2UBwJQ2hNs3s7FJZL7fW40kdcla_2KxmH0GzD3c_9E01sQ&dbm_d=AKAmf-BhIQcSvrXOX5hhio9D-dJl4PTl2JIEFY3dDGbAdV-csyKLOZwBJJkpdVdJz1V7O7pgo5YCQDkM7rGSD1fc9MGlygmOlpv_G9e4XQhY7A8IsgGTdD2bkFv9e7lVILDFcD7hgtRr4pYvgbysmVRCM-dufx2L1LajexLy-Mm9gOpbgZokeHBkX5nHhVGXvXe5PeqJkvlqqGKSub26XncvsqPqGQnzvChnGf-NkC2za67rXBw2W81_XBDzAQOveYAhMOM_45WusapnoZJTh00zGJDGE8dgpVRyjp7XV2rBA782Mh0GZtyutQMNmxhMMXf9_zL-BMUOYqeQFb0Im3zmXR-nl_sztdTZs9T0MSAStcq5QZ_a7f4aRhq7Z1DCyRbcIHvSOzUCsPeCepNjEhc7dpOM5VOJfVA5HDfgdPQq_9CliLVLwbTqWFJPIXPcnu8HnJechbdV_sMJzVdDzL87eXCOpDp5btb6mqGYuLzN4wnz7LBPSFh4j6epqq3VbShGdhj-6IC52ukyiVe_zlWXGCwAelxignLNLiMShNCFqSC9K8TAn64iJ0yl8ttmjVAlB-jYs6uKxPFhjnlzmaxbBPDrywCvF2gLqp33RghpFk03CDqEgL_YZiVj5yPRUu395rKMa68Qwf9YniPaALIRcnjBBv6e4D1yRM06i17CjffTpchPFva-d3_TZNCSP4pnGQfkB15e9Hl1jNvaAz2DYbSH0Ok_mJqVUWFjy-uNZtAl7pH1MWNSeFW7zh8xlP38DQHUyqHx5L-MkcmL0kvWFQge4pRyTmOS4s8aAdCo9b1Sobys_T6SV2fC_9MhtXY0QhLJl-K_fKZHvWJJWT31i-ZKseSh-fBmdHjlfClJVU1jywpGJWO6OrnPEv1MEs9iEh_cwgz5OCUEqCvyAKEWkiUiSnawiCCmKQsrvuw80qoxwdO-XlcHdofMo-8nsJhR3PB6yocpciN6ldp9NpXw2BtFb9ied-ER9epJ_cMT5jTxwkxUeGuSJCauJVFWjTGN6jOdw1UGn2xCbSY-INm3uwuoSlWolFaCndDydSBLFDNLGmJJHGXYne9HVhoR4GH-tBro3MAapMsdq8Hnd5NdnMOZmrebijZCKt_raVoAu9KSNlnh4hkN0SRJxqhDCrh3z3ZDVBbLQpDf_yR_Vmc7N1zyF2MnEXIl26FUiuzMtsVGfpx3dHaQdwm5tqBthfd-aoDFRzccFDBpvZ_wWiNZSUKIKtnelC3XCllGdTbnRm9khbkci3f1Ony158FmHWkG5efUITKivRfBDF3fJ2p1UQsYjSFCA1ARvtqAkS8VRKLB1PedSJio0_Alf3TO4Df0UjztkV6MM3yd_BdxeUX5duRH0rIFdRNHikzijVCQfHR_1GQCGSzy0jHDT0VjuuXkGQ_Gka91MmOD18FloUkpu6NH-0VIau8yEokKDmIe6SACa_YqnClhjUXKkGyD7nbzn9G-74Go3s5DaGE6_k8dg5DuRNYHGCpi8Kkkx2h5a-7g4HoJWN8WFRgXvzJag8FGkO58XThk_gT5f0Io27MOk4md8tGrSgIJhzb1D7O_e_TMDTcetBlui8bNWhcq8SDAgibfvG2WMEG8twpg08-EKAtK5cXzCAK84_1yPOwMFpMvo9aIDYpTBDRTZaG7oZbJLyApli9_uQ5V1j6rydkqhqMYgzgIfEjfwKInLUP-bgan49zgBKsQWmY7-SMslXBMuP4VXWy3ZKWp_K-f8gb7OZKUEn9NIYCKD5OuSzm1SUKAxBpA2KSi5fNYA9G7GDS1d3w24Cr5V1MxkFKmnlZkfWV4MIVho79ZIhb8QCTaNYdOE4fscwldG8Yx1S-qPZVmGhv1yCjD5YGA80pkn4UZXkujwht7NTZqhB3r6apVskRi8M0H_eFcVLrSdOKBncluzjbsWr5o-6zSyoGskdJ8MEfCJ3VUZtf7Bcl78OLHGxfksoBm0qSkTc_xlB2nlRZN1-N7G75gxMVk-ZdeDl7fFmPwQp7NdK2TLlBom0wgRBp51ZDSewsPw8N7gn3u2AYADNXVlCg9idOKfiWlkaEQTMfG7AnLfFaMyjw8tCD8jOUO7nXvYp0bPT1v-_ygwh3KVFBGv1wGexMmZ32f5jPWf0Cd6NAhB58Ya-c_U1YiklkdLMYynM0UvcpF1P7NiyPEh6mJfIpo7wnkgQipvkZNnkJEfImpqckxWZgFCDN3WTCL0Xuq-gxygUPeYmE7JHeV-TeDh_Lk-xqhMy78WwjVqdLODxnNqNEL3Uz7tw580KJmLh659FXTGB1O_x2mObfmtaRe9znuRgqRboz_SiL3pzpcwTLpmqLpaVjkedmJLsnNyoNA7S-S7E7oPM5HRAZcne5gga24SY5gCmPfjLc5Mn_5BlXvV5EGsFeDC35e0NFAcCpEyx1YMNljk5ceA3G5hXfuwaBzKO4MU2O0lpncol2ndIVBF-C0kqyWyh4tdT9FmoHFFk1rPJPySgiHX0G44TkxBV-sBlFAiWBAfJJD2XD0o0jlFe2W1_UbE-6OzfSKdfngvDOKT3uAnb5ng7LB8KxPpbMileSagN2w487az7_Jk-KtpBzwBRQms8MzF6U6s7SwyTjI1i5Wsy3urU2WB7KfjWQJ8DK3mrc21n8X6cVp68Gg_r9DN9Ud6FLgd7qlhXRgn_h1zhYVBL5GlIwMl7rhKl8oHDt4RHlFduty91XlDh-kzFi9xzatFRVZHdVLWRXKx-_jc2Iq-sMDqDtfqqmp5gF0AqQbyfm5o-nWlMzJGAwwsj_5m0-H09ku4SHoRXdBPL1UT4Z5ZuUaQ-YRJXgTaKUx2yFuQvnNqxyScUqXhbxIDjjcCday2O8lo78T9o9cA99qNhveJ98vBHVehki4SQ9VjJUdDlw6D3JwhXW-oz1sH7Ebb7YMfo3JPeWilRIewcQidsPm8pMi5THUMzZEVdMha-C2k_GPLvjVrsUZIeYitNvbnbx3BBwysh9OrsjLnWJo5GBnWHmZqXXEHD-dmpamHoVl3D3ZSPV8CDj7vwvTgzLsKc34CiQS-W_w-GN54skvwLQrO70pdOeU3_cEVTNnc_iFrLFfgDREvRXerLp40EfOrp1OQ4Pfvvt865UQ30dqap4a14xhJYHsMniv4e1o4h98_1KID9JQ6xyFj4eEDQSEvT_Gtj0bnIsI7Tgn9p4&cid=CAASEuRogdnX5jqM2CZsPjGwYJ96mQ&rfl=3%2Chttp%253A%252F%252Fb.travelmiso.com%242%2C%2C%2Chttps%253A%252F%252Fa15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%253Fn%253D2%240

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c35d6895fe81521f90461d21d874d183e7db65eb55546000ba590d692308898b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC50 42 B
63 B 41ms
39ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AmwJQ_JcQmNdgKeylfi3nxIzQh51bXUdVEf0Q0SjtEmQUkisYlNFBXfZ7n9NwgLQuL5bSY4csXbDmKulVExRsZ-ajP-L4LZ76-Z6c4mw9V7dTOkac

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame CC50 2 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:48 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CC50 122 KB
37 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:32 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame CC50 13 KB
6 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:12 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame CC50 0
0 21ms
19ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSy71epIZXQnYj590r39GatGc1Me-d0QXL5LGW1_sB1fCUc6HvMJgyXVS4fvzLrLQTbSG78Q7cx3NnTdTdQzpHKsFU6ag
Requested by: Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame AEC3 12 KB
5 KB 19ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4327
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9C1A 783 B
530 B 30ms
21ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fd19b50c114246a72d6cd32d4a2e13b503b6484e9ce662b393b5e7a8e882975d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dpyQauCdgcMLWz70XdKMgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Mon, 14 Jun 2021 07:47:33 GMT
date: Mon, 14 Jun 2021 07:47:33 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-dpyQauCdgcMLWz70XdKMgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 1AFD 38 KB
14 KB 40ms
39ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29092
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:33 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 6471 38 KB
14 KB 56ms
51ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29092
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:33 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK flimpobj.js Show response
pixel.yabidos.com/ Frame C527 30 KB
24 KB 28ms
23ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://pixel.yabidos.com/flimpobj.js?cb=1623656852681&ver1=2.2.3&qid=83432313f553532313f5435393&rnd=shjzvjyiwtqq&cid=954
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83432313f553532313f5435393&cid=954&p=1505449937&s=http://travelmiso.com/&x=gammassp&nci=&adtg=1567570933&nai=&si=&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=1567569789&di=&mm=&os=&ua=&lat=&lon=
Protocol: HTTP/1.1
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:31 GMT
Server: cloudflare
Age: 5797
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f38369330482-CDG
Content-Length: 23972
cf-request-id: 0aab16861e000004825d306000000001
Expires: Mon, 14 Jun 2021 09:47:33 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F846 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 10:48:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75521
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 13 Jun 2022 10:48:52 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 92BD 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 13 Jun 2021 09:02:58 GMT
expires: Mon, 14 Jun 2021 09:02:58 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 81875
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F846 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4855847245400fcab95a587e6699cb86db51ee31c4cfaad0fd4d5fc101cce3a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame D40F 0
62 B 2070ms
529ms Image
text/plain 15.165.52.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNjE0MDc0NzMxIiwiY3RyeSI6IiIsImFjaWQiOiItMjEwNjE0MDc0NzMxLTZjZDcwMzAwZjljMzQzZGIiLCJuZXQiOiJNR0lEIiwiemlkIjoiZjkzNThjOTctNTYxNC00YTIxLTgxMzMtZmQyY2NlMmM3NmVlIiwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODkuMC40Mzg5LjcyIFNhZmFyaS81MzcuMzYiLCJicm93IjoiQ2hyb21lIiwiZGV2IjoiZGVza3RvcCIsIm9zIjoiV2luZG93cyIsImlwIjoiOTMuMTc3Ljc1LjE4OCIsImZsb2MiOiJodHRwOi8vYi50cmF2ZWxtaXNvLmNvbS90cmF2ZWwvIiwiY2R0IjoiMjEwNjE0MDc0NzMxIiwiZGlyIjoidiIsInRwIjoicmUiLCJyZWYiOiJodHRwOi8vc2hvcHBpbmdsaWZlc3R5bGUuYml6LyIsInRpdGxlIjoiLSIsImxvZyI6ImJhc2ljIn0%3D&aid=cba778f0-f187-406b-8fcb-8d152fa40556&r=KtbLBjy
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: HTTP/1.1
Server: 15.165.52.101 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3437
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=4887784057802302536

35 B
237 B

36ms
36ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=4887784057802302536
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.16:80
AN-X-Request-Uuid: 650a4617-1f08-4984-bc8b-b077a3cd9a06
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=4887784057802302536
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET sync
x.bidswitch.net/ Frame 3437 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3437
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28biGYQfSuf1lKEbp1HHMi9MWm2O_VyUIqE7erz1Gv8-1HS3e5X6v_w4rBWU01kYnZ%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...

35 B
238 B

142ms
40ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=obn&i=ENC%28biGYQfSuf1lKEbp1HHMi9MWm2O_VyUIqE7erz1Gv8-1HS3e5X6v_w4rBWU01kYnZ%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28biGYQfSuf1lKEbp1HHMi9MWm2O_VyUIqE7erz1Gv8-1HS3e5X6v_w4rBWU01kYnZ%29
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:39 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=obn&i=ENC%28biGYQfSuf1lKEbp1HHMi9MWm2O_VyUIqE7erz1Gv8-1HS3e5X6v_w4rBWU01kYnZ%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28biGYQfSuf1lKEbp1HHMi9MWm2O_VyUIqE7erz1Gv8-1HS3e5X6v_w4rBWU01kYnZ%29
Date: Mon, 14 Jun 2021 07:47:38 GMT
Connection: close
X-TraceId: c82774bba09ff21eebeb5ffcbbadc36a
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3437
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=7c8a2565-d480-4601-be25-e8de94542bff

35 B
237 B

35ms
35ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=7c8a2565-d480-4601-be25-e8de94542bff
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
server: OXGW/16.208.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=7c8a2565-d480-4601-be25-e8de94542bff
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET sync
sync.srv.stackadapt.com/ Frame 3437 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3437
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-Fl4MOPxE2pcRYp9WqkGZSYX6ScPAWFBPEaTI~A

35 B
237 B

36ms
35ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-Fl4MOPxE2pcRYp9WqkGZSYX6ScPAWFBPEaTI~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 14 Jun 2021 07:47:33 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-Fl4MOPxE2pcRYp9WqkGZSYX6ScPAWFBPEaTI~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame 3437 0
0

GET
H2 204 services
sync.technoratimedia.com/ Frame 3437 0
294 B 1328ms
93ms Image
text/plain 193.122.174.27
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 193.122.174.27 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 278331920
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true

GET 142
match.deepintent.com/usersync/ Frame 3437 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3437
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_236dab5e-1504-46ee-999b-da2c0e4f5cb2&gdpr=1&gdpr_consent=&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

35 B
237 B

42ms
42ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:37 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 78
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3437
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=9e44a1e5-8f4c-43ca-9e20-3a43d73ca608

35 B
237 B

35ms
35ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=9e44a1e5-8f4c-43ca-9e20-3a43d73ca608
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=9e44a1e5-8f4c-43ca-9e20-3a43d73ca608
date: Mon, 14 Jun 2021 07:47:33 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3437
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3585972095
https://sync.1rx.io/usersync/tradedesk/f045f152-f2cc-4b14-80ad-163e6e314e57
https://sync.targeting.unrulymedia.com/csync/RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003

35 B
237 B

50ms
50ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
date: Mon, 14 Jun 2021 07:47:38 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX4dd4d7ee80ab4dcfac4dbfe26464020c003
content-type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3437
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=1g6SyeMfn9XN&ev=1&pid=558355

35 B
237 B

40ms
34ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=1g6SyeMfn9XN&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=1g6SyeMfn9XN&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-8474b759f8-2hvq9
expires: -1

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame 3437 43 B
1 KB 29ms
28ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=36&3pid=e_236dab5e-1504-46ee-999b-da2c0e4f5cb2
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7685
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=

35 B
237 B

41ms
40ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_236dab5e-1504-46ee-999b-da2c0e4f5cb2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 14 Jun 2021 07:47:36 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3759 5f8f15b master zrh-pixel-x9
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=b52560c7-0993-4900-a5d6-90ad857f3d77&gdpr=1&gdpr_consent=
Expires: Mon, 14 Jun 2021 07:47:35 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 31A2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD6QBg
https://rtb.gumgum.com/usersync?b=atm&i=YMcJlwABhMsD6QBg&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD6QBg

35 B
237 B

39ms
39ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YMcJlwABhMsD6QBg&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD6QBg
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YMcJlwABhMsD6QBg&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD6QBg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_65463c6f-29ae-47b2-b01c-f64a87d3e3cb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YMcJlwABhMsD6QBg&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD6QBg
accept-ranges: bytes
date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 varnish
x-served-by: cache-fra19164-FRA
x-cache: HIT
x-cache-hits: 0
x-timer: S1623656855.150372,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3-29 200 pixel Show response
cm.g.doubleclick.net/ Frame BFB5 170 B
188 B 67ms
35ms Document
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yMzZkYWI1ZS0xNTA0LTQ2ZWUtOTk5Yi1kYTJjMGU0ZjVjYjI=&gdpr=1&gdpr_consent=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV8yMzZkYWI1ZS0xNTA0LTQ2ZWUtOTk5Yi1kYTJjMGU0ZjVjYjI=&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkWrAMFjgaPY-5Wy0_C16B8n7Pl47SH-Jjtp9jo0joVkjSULWNSk0VeJUUrC3w; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Mon, 14 Jun 2021 07:47:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6A6E 8 KB
3 KB 48ms
46ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111761
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:33 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame C8F4 0
0 3647ms
121ms Document
text/plain 67.202.110.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.22 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-110.static.steadfastdns.net
Software: 33XP001 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP001
date: Mon, 14 Jun 2021 07:47:35 GMT

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 9D53 70 B
264 B 44ms
42ms Document
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

:method: GET
:authority: match.adsrvr.org
:scheme: https
:path: /track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TDID=61edf282-8c4c-4c3b-a577-89026d283e5c; TDCPM=CAEYBSABKAIyCwjworzi7MTXORAFOAE.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame CA77 0
0 1025ms
30ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: text/html
date: Mon, 14 Jun 2021 07:47:34 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7837
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YMcJl8Co8XUAAGKjAvYAAAAA

35 B
237 B

36ms
35ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YMcJl8Co8XUAAGKjAvYAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YMcJl8Co8XUAAGKjAvYAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YMcJl8Co8XUAAGKjAvYAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 2
X-SO-HostName: m-ad188.dc4p.scaleout.jp
X-SO-LB-Hostname: m-tgng17.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":60,"gdpr":true,"ipv4":"0.0.0.0","key":"YMcJl8Co8XUAAGKjAvYAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad188"}
X-SO-Key: YMcJl8Co8XUAAGKjAvYAAAAA
X-SO-IP: 93.177.75.188
X-SO-Cluster-ID: 60
X-SO-Upstream-ID: m-ad188

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 004D
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=1875819620578599425

35 B
237 B

40ms
35ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=1875819620578599425
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=1875819620578599425
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 14 Jun 2021 07:47:33 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAAFslxmtoZmRsZmpmYWpsamEGAPev15IQAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 9 Jul 2022 07:47:33 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjA1tzC1tDQxMhXiM9QNTipzDokq0S3MKwmT4jU0MzI2MzWzMDU2tTADAMs-N6M0AAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 9 Jul 2022 07:47:33 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjA1tzC1tDQxMhXiM9QNTipzDokq0S3MKwkDAIXG5PklAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=1875819620578599425
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame E602
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://rtb.gumgum.com/usersync?b=rth&i=5p5SPieAjJiCl05raHbo&pi=gumgum

35 B
237 B

41ms
38ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=5p5SPieAjJiCl05raHbo&pi=gumgum
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=5p5SPieAjJiCl05raHbo&pi=gumgum
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_236dab5e-1504-46ee-999b-da2c0e4f5cb2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Mon, 14 Jun 2021 07:47:33 GMT Mon, 14 Jun 2021 07:47:33 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=5p5SPieAjJiCl05raHbo&pi=gumgum
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 tfa-eid.20210613-7-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 6040 13 KB
5 KB 26ms
24ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tfa-eid.20210613-7-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/travelmiso300x250gr-r19505065/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad8575df16e6b0e4ea3838f3b3e18268e2604e710f3465baa7989eb60b44b8dd

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: kcEw51sMKRl2.h4sJoCLE20MhczULKlU
content-encoding: gzip
etag: "3714bdf8e4af48204faf595a5d695bfd"
age: 63
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 4868
x-amz-id-2: hosfr8aaoi/bz0MCx6cdSmHgzu3XsWLmqCwudNO/XJcyOFQadzNSztkfkuflksynqGtP9WxC7n0=
x-served-by: cache-hhn11534-HHN
last-modified: Sun, 13 Jun 2021 09:35:18 GMT
server: AmazonS3
x-timer: S1623656853.157918,VS0,VE0
date: Mon, 14 Jun 2021 07:47:33 GMT
vary: Accept-Encoding
x-amz-request-id: PZE1D0B04Q25XAZV
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 40
x-cache-hits: 614

GET
H2 200 sha256.20210613-7-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 6040 6 KB
3 KB 26ms
25ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/sha256.20210613-7-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/travelmiso300x250gr-r19505065/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 43d92d16f3e77b23dd9f8c3eeb7e8dc7b6eb268a6cf5a0c8b54524b3f7dab2b4

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: jQvxEXSDIAT2aIkGsqcxQJ6AAStlwvsP
content-encoding: gzip
etag: "ceda57dedd07758d31c2acaff0cdb188"
age: 61
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2595
x-amz-id-2: Gto2CGwDJ7/gQdLd0yE3AgnVoH2ve4TpLHbXIvqb5DGlrI2RME7LoYu7ToRILfMiwKEuH8SA1Nc=
x-served-by: cache-hhn11534-HHN
last-modified: Sun, 13 Jun 2021 09:35:30 GMT
server: AmazonS3
x-timer: S1623656853.157978,VS0,VE0
date: Mon, 14 Jun 2021 07:47:33 GMT
vary: Accept-Encoding
x-amz-request-id: FV7PV1D10S7RK4MF
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 40
x-cache-hits: 550

GET
H2 200 userx.20210613-7-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 6040 23 KB
8 KB 29ms
28ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20210613-7-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/travelmiso300x250gr-r19505065/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 823853f9b04c0dc0e7c6123806900acd039d13e0144a7596f3b582f13bccf9c0

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: BwIkvCb0Ghm3fpm4K8_buUhZ.LFluzgg
content-encoding: gzip
etag: "3afde2883f82a67f3f31c804cb1170a8"
age: 62
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 7962
x-amz-id-2: jdpHohKl0pNLLSz75K6+HHjPq2iOsfpX2+7Otjfl27CKvZ72isUIwRRShfm553qXXKl87vNZjbg=
x-served-by: cache-hhn11534-HHN
last-modified: Sun, 13 Jun 2021 09:35:13 GMT
server: AmazonS3
x-timer: S1623656853.174401,VS0,VE0
date: Mon, 14 Jun 2021 07:47:33 GMT
vary: Accept-Encoding
x-amz-request-id: WYAPXBSQCHGASHWV
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 40
x-cache-hits: 179

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 52DC 83 KB
27 KB 33ms
31ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.viralize.tv
URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js?e=ops
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a98e1f08dd27c121a337ddc31691d4044f56ae83301b574728548b78d3068d3b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:09:58 GMT
server: nginx
etag: W/"60b79136-14aab"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:47:33 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0D48 499 B
334 B 19ms
19ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGOzHiqcBMAE&v=APEucNUGPMHtQHlrwzWZBimhESDFk8NVnjDj65NpbfYYS8X0ImCOJc0wxob8obPfIEMly_iN5Y4RlwM5nK0_hIu_j0mWhypM0-Oy3IOLkhUfoXcQC0-_mgtfEgncY2WH85Ons6MRmnmPuGMXFc07b5rsfVd0_-NhWoJN_AdP7e6YS2__JU4d1sg8vrt8v9IdOHSlRCKjLH9sTB-lhWIB-WNy2FncBdBSZA

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CKfiYRCr8_wBGOzHiqcBMAE&v=APEucNUGPMHtQHlrwzWZBimhESDFk8NVnjDj65NpbfYYS8X0ImCOJc0wxob8obPfIEMly_iN5Y4RlwM5nK0_hIu_j0mWhypM0-Oy3IOLkhUfoXcQC0-_mgtfEgncY2WH85Ons6MRmnmPuGMXFc07b5rsfVd0_-NhWoJN_AdP7e6YS2__JU4d1sg8vrt8v9IdOHSlRCKjLH9sTB-lhWIB-WNy2FncBdBSZA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkWrAMFjgaPY-5Wy0_C16B8n7Pl47SH-Jjtp9jo0joVkjSULWNSk0VeJUUrC3w; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Jun 2021 07:47:33 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B511 59 KB
24 KB 78ms
74ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C-VtTTa-FP9-t-Ri6MWtHVFnDvA7tFDEKV7l5vuJug4TSTtlnnk3i17vHzYdurtfPiiQKWA6-I-Qynuxonqn92rDhfVdOTBrgQ787yeRiqQL3J8hTPWLudW-KIIe_Halhe25FvJjlrjmWWsR-Sh9-v12gvmg&dbm_d=AKAmf-DNH52U7EIuUcc7aVecNVD0HghI98M7jpZY0pHXRswh-pRjadZs8SX_0pJ8yrJWTO_-P9UZgLVnOYNG4Ez1xaThQhQzQ1K7YG8i60LnIIG4bq9RHm31EJENTb6DEkQGpGXqCq5vbprqv8r7i9acMUoMB972b99Rbqu-9HdZYsFR6I9iCfMiMJWvdWvk3Q3_K1Eo1YmjXFPAzr0772CSc7YjgCLA1BYAww3sC84PkW6c-KAX1mbkXgX6ae0SWlNAlfjgosc_wOoLcyDbsKGW-U7DuApnCwNKNXW3OoMvWxgYT_hKHaYZrmtkiFecx_ACr0ZcYC2_o_FUoQxuKotFV3LsTwQkQ99Id7wPC2ef12cPOfMGYjOSXK4pfWARsDWD19z2fqzhWXDhJbSSxOky34a8xzPI7eQE7_VtfqoKqUIjGfuAHHv8EckIWTfxx5xRcipr-h2oUvbKxJIsYO57KfzUFy1S7x-YaGuxaKfsPJSUnqxln-QCgfWY8OgdQarr7QTyP7swjCRZmC9j8ytuXOoFr22aqcuh5MIbUI2A1NwuzsL44Lx_HCb9un2VpkQotg_JIc1NN7PWCa5omm3Iq0H6XVCR9ep15KNCiPCiPOnTbZ5t9e3NNGf7StmsZ25WhlMaL6QncbSjggIhfBfFaTVtSUkF2sHqK8PAqOHqwX7kZ5Bvsktpi1VTgjYajWT6CW45hkJxj19_G1ItSnqOnZoGpIZzbBVD0OmYiBNs8fYhFx7Ueoj9JnMjZEBkp7L64AiEAxrX2WVs_SBAsc1v9gO_OK-xfKBgiLm7nx2JNo9Pb3G45OTELnWfl7YUza_lqoyMA6jXdMsSyNQmtYbrPcOOeCn0bzyz3CqD4wM3Pc8-cWxrQSHHhK-DEH9DhXI9j9LJIY9BNbG_kfudzcsVC0S85omFL0TOoJ6mantnKxtEDenK2-WbTtLyCIJui1SG43hYzRSvFHXYYIa-XiU_0fKqXF7hQVvANUJHl7LrWrocz-16F3Ce3t5qKDrht9wfD3-7HdmYq-jYFMdLlHMa_sxBbhIFp4yDAc_KMKnhJfS42AoNPjyavQaaqayoXlY-dlDBr0Xlh-7Ao5J-k70IR7_iMTRW0Envtyl1e0zzc2Kw1Pi44wtARIVwsuzDtEH0j5FGpYrwxgqNiXyezsc1RJrvuhE0ffMr1os3MV4UIDNwowPM9_th8IWSXVF8MQlfbNV77gKqcox4n4dijcXHWlAczfPg3Po9mvRW-rJXYVhdkOoh4zFhRi74GgJJvooIWND81PmTMh0VKABOb2HeJKG5xVyuTLoA1otSvKWEHDC1oriO6rgTsjfPBJBwvYfAuhD0aOIX3m4Wprkb99JOOwt6kPuqNGQ2TFr4-xMVWwjaKjG8xd-YWXvuh1ZdiBP5fVOotJbN8ez4fbb0Ezri73mVWwSjRyNCpvNSOAcQTnOmCJgL001_647lGpeF_NTKIrU569y5YNyS8SeTOQIzLEeYL2jEpgK-qhZP6htPILcg7p-w3Y0XsWEEcALu_18N7p-NjStTK7xF2m5cfrhoSu9BRc70CbTG1LKFrmvi8DWnUjgxSWcfZKS7DO0fvdunEvtosSLrEytgKZGFj9UYPaK1BMcn6cNdkqLTXYp6vyFEt_GdwZ5bGYdOSuJcEYKdxrhSgzNCZKRsBZqqJqS0_IQ1E52iNd83H5Xa18EVpRh1DqnUg6jHJNpemO43fTadMUbePpjs8_VDykt_ZEM1ocGtYOZCXBKtiOGh--JSc7sSr8OoLXlld0Ok5JFQKdWkQ-i7NkN5SbZ0dlZOmsytMRSTOg3Xfsby49F0OESnlJbo6IoggEFDEDAYWswUWCuVXFky9P4cf5INTaGOYRLnGrh_Ku69oLkGIciBS0C9oRXk8aVxyrI2XAHQosK0SYASrrbYNe5WgxRzBZtSGOFUguhoYHlNj1G31j7NQZf1kOpCeWEMYTTgL7bDV3EtA3d-1vSRozaa5UlB0f1mVRGATsUohfQDo8jJcZHNIevJTOt8P7Lj2qtVw7CvpH9AImlzplb5H98B7YcC-g6PuyXH9YMfgabC6dR3EGnU-CTswSYRG0JHV-MyShrC5FTXJZouspoQlIidQHubBcCOpX7z32N3oeCswOUet9KNrqF9Wm297FVai6l8C1AGO7KFkMrqMd8k6rTQKUhtBoHUI_-eMYlq4Vkq_nEl2n5TpvjS5MNW8cy8BJcSLYxZO0Ad9m8wOIXcyQZGUFO0IqfsFhl_nhIm_fetw_rGMzEZYRRjZg0JKSBe603nXOaNE5q83gHQhvtP1XjN6DQGJBge14RMoo5f2f8IhNvRYZel9hUI8Xn6eECDlzAnNPSXOJr7SXESi6aYxrvYZZQgLfDbGSLGbFVrk_ug-Gvcj7L1NS0lgGTDRlcZXjCyFucxUXudtaE5EgKc6C9Ni84vYIN80M3cDvueGUZIFtmvzYbmoRRP5KCT-SwV89E5sJULx2PyVsbarcgoggJ-ma8WgSyVacM_3h9LQdHIc-NLrSNTTa_QqUXSICrIBVyLu8Ll-WT6jRZ4LmwBpxbxu2pGPr9g9bR0Bb8fL2pvjebZ79j4y3mNjF_aLkktukTAKdgV-NeBMZqb0FCQXVXtGTNBQ2hqCuoJ8PS_Rqficimgd0s7vNl0tcl8hE43XVGRZpi4wmrJFrAUq-oqh1jNi-H7TcU9Betxa8Nwb40sv0_fi_H1Z-f4wBNaPYt5Hdg0mwjYHtkXMUJcv0z4VT1tSuyMEG11O_B_rbC58H099tT_oJ5DjHcXwl0OZEDQWuH495RQyrhnb_pTBFqrCB9BzeBEKYAdX19WWmi2ARE2treXWuKQEuWD5-oSTdhmhLlSuSbOfWz4XFpnDF8dNo10yF9WomzgtPeKNxXKUs3vVaRuQ_2148kLvTTtqI8k2tkX7p2MFZHd5AeFoUuHYtygNq2sNA6q-anc4Lz4qorJUx1Fpz_pkaXOkOwJo4qcx1UxzeMNcFprKz-1mrkQ1ZAjP3GRp3uee2NYJ-OTWd6hjCrc38EI4gZMgqg2Xk6B6lVG-WP4orvrRsa324SO-gB-vCsHeFkqLnEIu_JgseNKhDzav6NK04aSMMPfodp1HYcL0q8WB50L8zBE3LPplIhkFDAR0K5RjU6nhbFWNSgxWglNzkZAnwLKBcLdR8ghJFc&cid=CAASEuRopKgHzxKTLjmhcI_qu-kDpg&rfl=3%2Chttp%253A%252F%252Fb.travelmiso.com%242%2C%2C%2Chttps%253A%252F%252F936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%253Fn%253D2%240

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

556a721c1f6cbd821cec030ac2ce49c1094076c2d5929b381363d7e65f04765a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24798
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B511 42 B
63 B 42ms
39ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AegTUxQhCuvtxExcndf8S1KAMC0kBUQK3m0zDWLEFBsIC0QHaMofSx4q8JASn3qKip1YF3ZrZOMcEJyk7MASJIXRrSAc699URR07wvyXLIv0o_Ihk

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame B511 2 KB
1 KB 16ms
12ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:48 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B511 122 KB
37 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame B511 13 KB
6 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 141
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:12 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame B511 0
0 17ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTLXvQDrDFOwwR_dmiE_0pE-opD78K4xh8UQlkG8qQPj7FGdU-OsEYtk0cTWwHvjeTwUSEVGQ0ZHwYh9Pvrw2T3Wtmciw
Requested by: Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D785 318 KB
112 KB 37ms
36ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 86D9 83 KB
27 KB 31ms
31ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.viralize.tv
URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js?e=ops
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a98e1f08dd27c121a337ddc31691d4044f56ae83301b574728548b78d3068d3b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:09:58 GMT
server: nginx
etag: W/"60b79136-14aab"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:47:33 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame C463 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4328
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 47D4 783 B
758 B 16ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

91bd90e12e94492d5c28e0ad86ff901b1c395befe9a4fcd61f9b8bf6f443ad6c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-boqpSqgYyRdb+xnxnNqneg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Mon, 14 Jun 2021 07:47:33 GMT
date: Mon, 14 Jun 2021 07:47:33 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-boqpSqgYyRdb+xnxnNqneg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 509
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK analytics.js Show response
cdn.innity.net/ 173 B
523 B 29ms
28ms Script
application/javascript 104.111.224.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.innity.net/analytics.js
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 104.111.224.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-224-62.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d86f773cc0628268e605173f2d589ee2ec9ecfd150e454514240eb2bfcb1fb82

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Dec 2015 07:32:50 GMT
Server: Apache
ETag: "ad-5267218ef0c80-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 152
Expires: Tue, 15 Jun 2021 07:47:33 GMT

GET
H/1.1 200
OK t.js Show response
nichools.com/ 18 KB
18 KB 60ms
59ms Script
application/javascript 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 734dcec8100407e0977735fb49cbd95ada3b9e20659265def7abd0ed52124014

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:33 GMT
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Content-Type: application/javascript; charset=UTF-8
Connection: keep-alive
X-Amz-Cf-Id: zaZaTqMTiPoOqkRtGe332p_qNcHfEtCFszdE7Im47CUoYSPQthdtRw==

GET
H/1.1 200
OK 728x90.html Show response
b.travelmiso.com/ads/ucf/ Frame 5409 328 B
646 B 169ms
169ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/ucf/728x90.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 6e1ce5438c8e9c3b630f802b27725bb86a8f7593158decb3cd4b0120e9593e68

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:21 GMT
Accept-Ranges: bytes
ETag: "34137eb2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Length: 375

GET
H/1.1 200
OK 728x90.html Show response
b.travelmiso.com/ads/gam/ Frame AB7E 294 B
613 B 169ms
168ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/gam/728x90.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ab04851695c80397b2c597c90d6806041956b5b82ab47ab8e0c65bf222c01675

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:02 GMT
Accept-Ranges: bytes
ETag: "2c9ee8df2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Length: 341

GET
H/1.1 200
OK 728x90.html Show response
b.travelmiso.com/ads/vls/ Frame 2748 710 B
773 B 168ms
167ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/vls/728x90.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 0c73e4a8977dc108b5f28a9e205a2b3a61bd38ce6d4708ecde9b2517df429e75

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 20 Jul 2020 00:21:58 GMT
Accept-Ranges: bytes
ETag: "5406c82b5ed61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Length: 503

GET
H2 200 / Show response
ads.viralize.tv/player/ 3 KB
2 KB 30ms
29ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/player/?zid=AAC95piwLXRmBuZQ&sid=01ebcce4c3c2baee823f60362394aff1&activation=&u=http%3A%2F%2Fb.travelmiso.com%2F&ahd=1&player_session=%7B%22page_id%22%3A%22017a097d588379bfa7dacae8f752a8d0%22%2C%22screen%22%3A%7B%22width%22%3A1600%2C%22height%22%3A1200%7D%2C%22page%22%3A%7B%22width%22%3A1834%2C%22height%22%3A1746%7D%2C%22viewport%22%3A%7B%22width%22%3A1600%2C%22height%22%3A1200%7D%2C%22player_size%22%3A%7B%22width%22%3A728%2C%22height%22%3A90%7D%2C%22player_position%22%3A%7B%22top%22%3A1645%2C%22left%22%3A802%7D%7D&r=http%3A%2F%2Fshoppinglifestyle.biz%2F&sc=1&gdpr=1&cmp=unavailable&dd=b.travelmiso.com
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC95piwLXRmBuZQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: b80c1370f82bf3881d3f8c58424244e52629219246dfc9e602af5b6d43c70270

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK raven.min.js Show response
cdn.ravenjs.com/3.17.0/ Frame DFAA 25 KB
10 KB 13ms
12ms Script
application/javascript 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC95piwLXRmBuZQ
Protocol: HTTP/1.1
Server: 2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Fastly /
Resource Hash: 570e90ae53be52eef8849a7f762b304f2506e2d3ab6146bc8dff279111666d74

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:33 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Jul 2017 16:58:06 GMT
Server: Fastly
Age: 23748
ETag: "51d6eff0ea5151f41fa0e2f3310fc7c7"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 9634

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.1/ Frame DFAA 95 KB
34 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.12.1/jquery.min.js

Requested by

Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC95piwLXRmBuZQ

Protocol

HTTP/1.1

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2359d383bf2d4ab65ebf7923bdf74ce40e4093f6e58251b395a64034b3c39772

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 12 Jun 2021 06:25:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 177720
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 34056
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 12 Jun 2022 06:25:33 GMT

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ Frame DFAA 72 B
145 B 18ms
16ms Script
text/javascript 151.101.1.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=default,es2015,es2016,es2017,es2018,es2019,es5,es6,es7&flags=gated

Requested by

Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC95piwLXRmBuZQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 507006
detected-user-agent: Chrome Mobile/89.0.4389
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Tue, 08 Jun 2021 10:31:30 GMT
date: Mon, 14 Jun 2021 07:47:33 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/89.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 viralize_player_banner.min.07f50ce3.js Show response
static.viralize.tv/ Frame DFAA 358 KB
112 KB 9ms
7ms Script
application/javascript 2a02:26f0:6c00::210:ba1b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js
Requested by: Host: ads.viralize.tv
URL: https://ads.viralize.tv/display/?zid=AAC95piwLXRmBuZQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: eb21cbe16828a9be59196144f96632b8a853f173ce31a8300062ed638ffcb7dc

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-guploader-uploadid: ABg5-UyBpXSuXTR0F6VX-l2Vt7agHxHoU2Gq--ZqkHzFr1Ru75AE58kghukZwo5L2EbqY-Sx6MyixhabyXWKEk00Qjw
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 113586
last-modified: Fri, 11 Jun 2021 12:45:24 GMT
server: UploadServer
etag: "07f50ce37d768478c57a3d75508bf39e"
vary: Accept-Encoding
x-goog-hash: crc32c=j4vTvw==, md5=B/UM4312hHjFej11UIvzng==
x-goog-generation: 1623415524664497
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-goog-stored-content-length: 366310
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 14 Jul 2021 07:47:33 GMT

GET
H/1.1 200
OK 160x600.html Show response
b.travelmiso.com/ads/ucf/ Frame 50DE 331 B
648 B 188ms
183ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/ucf/160x600.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: c015ace92e72f8257d6c10d4efef532980ac5970b890101ff23d171b0a86009e

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:20 GMT
Accept-Ranges: bytes
ETag: "117f92ea2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Length: 376

GET
H/1.1 200
OK 160x600.html Show response
b.travelmiso.com/ads/gam/ Frame 54BB 295 B
615 B 179ms
176ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://b.travelmiso.com/ads/gam/160x600.html
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 5a0f0e8724b21e36fb0ee6771a1afcbb3f596ab6d2b181443a32a7a6612354b2

Request headers

Host: b.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/travel/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/travel/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 15:40:01 GMT
Accept-Ranges: bytes
ETag: "40f35bdf2b59d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Mon, 14 Jun 2021 07:47:32 GMT
Content-Length: 343

GET /
as.innity.com/synd/ 0
0

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 656B 61 KB
21 KB 36ms
36ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cht_cookieSyncIframe.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e1a9fa84f454175a61ddd8369e590829499c033015438f8788b2e40b02864c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 569 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21293
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H2 204 /
ads.viralize.tv/track/ Frame 0513 0
39 B 22ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTU1NS23zt7cdAyJ~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22google_viewable%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTU1NS23zt7cdAyJ~wp9sc1%3A0%3A0~1%22%2C%22format%22%3A%22banner%22%2C%22loader%22%3A%22gpt%22%2C%22linear%22%3Afalse%2C%22content_type%22%3A%22%22%2C%22duration%22%3A0%2C%22adsystem%22%3A%22google%22%2C%22wrappers_count%22%3A0%2C%22creativity_id%22%3A%22%22%2C%22creativity_width%22%3A300%2C%22aspect_ratio%22%3A%22unknown%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22impression%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTU1NS23zt7cdAyJ~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22start%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTU1NS23zt7cdAyJ~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22viewable_start%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H/1.1 200
OK Cookie set beacon Show response
ap.lijit.com/ Frame 4665 2 KB
1 KB 32ms
32ms Document
text/html 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=12205132
Requested by: Host: static.viralize.tv
URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js?e=ops
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 2e751554af8ac0158a34439be8a624d166e96751a8e943a2ec101290847340d1

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=bfd2533ef64fca0d1896e27e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxdzbERgFAIA9BdqC0EYgBX89xdv1ZQvuQuuUTlVJoH3A7fJPEZSWLZvDujG6NX6w7%2BNiqXq2osvEmOjb2%2F3g%2B54yEU;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:33 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=bfd2533ef64fca0d1896e27e;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap7ams1

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7A6E 52 KB
17 KB 3354ms
23ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.adtrue.com
URL: http://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://nichools.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://nichools.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Mon, 14 Jun 2021 04:37:10 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 14 Jun 2021 07:47:36 GMT
Age: 11426
X-Served-By: cache-lga13624-LGA, cache-fra19137-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 80787
X-Timer: S1623656857.733615,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK adcfg Show response
ap.lijit.com/ Frame 6049 159 B
550 B 31ms
30ms Script
application/x-javascript 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/adcfg?zoneid=861814&tid=a7b21871a45942f79122f86e9fce6ca05621d72e&mode=0&dmn=b.travelmiso.com
Requested by: Host: ap.lijit.com
URL: http://ap.lijit.com/www/delivery/fp?z=861814
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 908633f9437433ec7020e64979a2efd101cfda8bd9511c10fcc445c35362ff56

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:33 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 146

GET
DATA 200
OK truncated
/ Frame 6049 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e85b1d7b2907a3ea9badc3e9ceef9883c6191b9a9b590326f3ac2789bb53827

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 container.html Show response
df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2321 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:32 GMT
expires: Tue, 14 Jun 2022 07:47:32 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame B966 73 KB
28 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B966 10 KB
8 KB 17ms
17ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28ee71d8826f73ce1390fd72e385a296f2a1c38d264434f8fe1c188355bbf47b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7910
x-xss-protection: 0

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 931B 0
0 37ms
34ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvb6Vu10Lwwck-QPIgAvwd8LOFUbSUNIhzblgrS6P2RZ9PB38CJCJgAG7iN0SHk42TylxM41a77_CmKJNQW6qyaGpY2De9PM0YYWyUt8Zs06y3SPw5cfdnEBeklse_WQSK2GHKiAM3vHLpBmGqVBKVnn9ddTduq40F9GagD1L67w7oW6eJ_qvh0mTn6iWm9zFBcKLOIKsUSCAl7Mw9eB3YYLH1sJsTuNRMKbHoEUmENAXKiKYq56K0W0zAK6yKX0qfANpDm_NSJNXeV9w-FnCWsayOR3JC5APtR7dVgZ979vEgLW6ERdurteYqXUzdQZT34&sig=Cg0ArKJSzD2JKfILjFnMEAE&urlfix=1&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 931B 61 KB
21 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e4810e88e50f93b12c1e24b897d264382cbcf6e2ba29054f68b19bc4dc4e104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 649 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21293
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 931B 122 KB
37 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1A6C 73 KB
28 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H2 200 cinnpie-580x405.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-central-1.amazonaws.com/www-staging.esports.com/WP%2520Media%2520Folder%252... Frame 6040 11 KB
12 KB 35ms
29ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-central-1.amazonaws.com/www-staging.esports.com/WP%2520Media%2520Folder%2520-%2520esports-com//var/app/current/web/app/uploads/2021/05/cinnpie-580x405.png
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e25403d3f839b463dde5c1b30e552103105a1fd96b47123424db7fdb37799f64

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 14 Jun 2021 07:47:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 1101182
edge-cache-tag: 484742972939072614381997010781313127915,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 36
expiration: expiry-date="Sun, 06 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-central-1.amazonaws.com/www-staging.esports.com/WP%2520Media%2520Folder%2520-%2520esports-com//var/app/current/web/app/uploads/2021/05/cinnpie-580x405.png
content-length: 11508
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
last-modified: Thu, 06 May 2021 06:24:09 GMT
server: nginx
x-timer: S1623656854.508182,VS0,VE1
etag: "1d203384dd14efdc76de36260a6c16a9"
x-served-by: cache-wdc5543-WDC, cache-dca17752-DCA, cache-hhn11534-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C995 42 B
64 B 22ms
21ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss28OYsCcnn8WOA9TQhzT4AtbUKPuxWANeTPHVZ5aQeRI2zMJ32Uxqbw7IrjvQ5zKN6TWcRDUMqG-68UFkdAD1qrfQToqeZxDRWIWj_oE0_fjSYE4ljKDoH3zE3Mg&sai=AMfl-YS2lIGinyJZl8dhMgU1JCndkc0hKE3G1LBI8WPpvR7uf2Bcv3a52GtloPjzmjdGybV2N31ZTJDfFo8FAD_pkCfqY9UPjcKOPiv2Vr-9z-xun7rsi-Kal08kVNBVw2V3&sig=Cg0ArKJSzKPoF5f5giLxEAE&cid=CAASFeRoZZWnE4xzYbWfQv_pGTp0cL8nxw&id=lidar2&mcvt=1290&p=1,1,214,301&mtos=1290,1290,1290,1290,1290&tos=1290,0,0,0,0&v=20210611&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=9&adk=724430845&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656849644&dlt=169&rpt=2094&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B058
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
38ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com
URL: https://9c6d175d9bd67cb83a9557d3172508dd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkpZODAUmN0LQ2pjqI7j5sl5jBVGheRycTPIj29hCRFVKu42-LIT_x4e8TayAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 14 Jun 2021 07:47:33 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 14-Jun-2021 08:47:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 14 Jun 2021 07:47:33 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 14 Jun 2021 07:47:33 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css
fonts.googleapis.com/ Frame D40F 2 KB
642 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3cd4435683f31935fe9fac4db83d9a8c232cfe0849eb2db5c561b839066b0608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 07:20:29 GMT
server: ESF
date: Mon, 14 Jun 2021 07:47:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H2 200 / Show response
c.mgid.com/pv/ Frame D40F 0
306 B 83ms
81ms Script
text/plain 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?pv=5&cbuster=1623656853621763362988&uniqId=046fa&niet=4g&nisd=false&iframe=1&ref=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&cxurl=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&pr=shoppinglifestyle.biz&lu=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&pageView=1&pvid=17a097d7076ad179c6b&site=721011&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/adop.travelmiso.com.1151336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f3873a6fee48-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab1688810000ee4883bbe000000001

GET
H2 200 MGID_plus.svg
cdn.mgid.com/images/logos/ Frame D40F 2 KB
1 KB 30ms
28ms Image
image/svg+xml 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/MGID_plus.svg
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 741932350156677164b36a1506347cfd558bc502310bd1d50e246d454c4c1131

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 5021
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: B9201827F81D32DC
x-amz-id-2: oKgOzNf5arXSuLpawmQDb8wF7AHHBYdedIxY85YAn8qIfNXdz81xtOQ1yH8O6og8UfPiWO7QqMs=
last-modified: Tue, 23 Feb 2021 16:22:15 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1614097325/ctime:1614097325/gid:0/gname:root/md5:f7525f3a5f32c6f4a8e9867e9f57ab45/mode:33206/mtime:1614097325/uid:0/uname:root
etag: W/"f7525f3a5f32c6f4a8e9867e9f57ab45"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-request-id: 0aab16888a0000ee48b5076000000001
cf-ray: 65f1f3874a8aee48-CDG
expires: Tue, 15 Jun 2021 07:47:33 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ Frame D40F 836 B
810 B 30ms
28ms Image
image/svg+xml 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 5021
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 50VWJQBT5W4QYKJG
x-amz-id-2: xhXkWrQ90G/ebA55GK4VP5V6mncDrGDeipe5cahYa8kJ+JMUWbxTCzXMUo5ci9AAJm/Ct0tTCXE=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-request-id: 0aab16888a0000ee487eb8d000000001
cf-ray: 65f1f3874a8bee48-CDG
expires: Tue, 15 Jun 2021 07:47:33 GMT

GET
DATA 200
OK truncated
/ Frame D40F 138 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d98d7a81b2cc1e6b36d75db78826771fed2ddbe50ab593bea89ba19d6e6f7cb4

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK Cookie set beacon Show response
ap.lijit.com/ Frame 8397 2 KB
1 KB 28ms
27ms Document
text/html 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=12205132
Requested by: Host: static.viralize.tv
URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js?e=ops
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e7397e956b8b020d7b01df66bb08af4aaac468854f1305b9fa82a2098a9b4710

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtbexp=eJxdzbERgFAIA9BdqC0EYgBX89xdv1ZQvuQuuUTlVJoH3A7fJPEZSWLZvDujG6NX6w7%2BNiqXq2osvEmOjb2%2F3g%2B54yEU; ljt_reader=33fba7d86c4dd4f7002f92a3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxdjjkSgDAMA%2F%2FimiI%2Both8jeHvEIbGKlfSeH2JyqkwX%2BE2%2FRDg40ggNjsh1UG9Wuf17w2KzVW1%2BuJNsic5iMmR0dm4J8Oknyf5dPQL9wOp%2FzbI;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:33 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=33fba7d86c4dd4f7002f92a3;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap7ams1

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame CC50 111 KB
39 KB 27ms
9ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:00:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2808
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:00:45 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame CC50 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ALez-eC1NyqlqJ1GhjrTbZccORx7P7_I8loVNSBTEtbUZSJQ04fd02xy8uL3EIPLpqUMdAvPucuIzjiaBaoxBNTFPTkMl7c4imv2Xa2atEMt2W2UBwJQ2hNs3s7FJZL7fW40kdcla_2KxmH0GzD3c_9E01sQ&dbm_d=AKAmf-BhIQcSvrXOX5hhio9D-dJl4PTl2JIEFY3dDGbAdV-csyKLOZwBJJkpdVdJz1V7O7pgo5YCQDkM7rGSD1fc9MGlygmOlpv_G9e4XQhY7A8IsgGTdD2bkFv9e7lVILDFcD7hgtRr4pYvgbysmVRCM-dufx2L1LajexLy-Mm9gOpbgZokeHBkX5nHhVGXvXe5PeqJkvlqqGKSub26XncvsqPqGQnzvChnGf-NkC2za67rXBw2W81_XBDzAQOveYAhMOM_45WusapnoZJTh00zGJDGE8dgpVRyjp7XV2rBA782Mh0GZtyutQMNmxhMMXf9_zL-BMUOYqeQFb0Im3zmXR-nl_sztdTZs9T0MSAStcq5QZ_a7f4aRhq7Z1DCyRbcIHvSOzUCsPeCepNjEhc7dpOM5VOJfVA5HDfgdPQq_9CliLVLwbTqWFJPIXPcnu8HnJechbdV_sMJzVdDzL87eXCOpDp5btb6mqGYuLzN4wnz7LBPSFh4j6epqq3VbShGdhj-6IC52ukyiVe_zlWXGCwAelxignLNLiMShNCFqSC9K8TAn64iJ0yl8ttmjVAlB-jYs6uKxPFhjnlzmaxbBPDrywCvF2gLqp33RghpFk03CDqEgL_YZiVj5yPRUu395rKMa68Qwf9YniPaALIRcnjBBv6e4D1yRM06i17CjffTpchPFva-d3_TZNCSP4pnGQfkB15e9Hl1jNvaAz2DYbSH0Ok_mJqVUWFjy-uNZtAl7pH1MWNSeFW7zh8xlP38DQHUyqHx5L-MkcmL0kvWFQge4pRyTmOS4s8aAdCo9b1Sobys_T6SV2fC_9MhtXY0QhLJl-K_fKZHvWJJWT31i-ZKseSh-fBmdHjlfClJVU1jywpGJWO6OrnPEv1MEs9iEh_cwgz5OCUEqCvyAKEWkiUiSnawiCCmKQsrvuw80qoxwdO-XlcHdofMo-8nsJhR3PB6yocpciN6ldp9NpXw2BtFb9ied-ER9epJ_cMT5jTxwkxUeGuSJCauJVFWjTGN6jOdw1UGn2xCbSY-INm3uwuoSlWolFaCndDydSBLFDNLGmJJHGXYne9HVhoR4GH-tBro3MAapMsdq8Hnd5NdnMOZmrebijZCKt_raVoAu9KSNlnh4hkN0SRJxqhDCrh3z3ZDVBbLQpDf_yR_Vmc7N1zyF2MnEXIl26FUiuzMtsVGfpx3dHaQdwm5tqBthfd-aoDFRzccFDBpvZ_wWiNZSUKIKtnelC3XCllGdTbnRm9khbkci3f1Ony158FmHWkG5efUITKivRfBDF3fJ2p1UQsYjSFCA1ARvtqAkS8VRKLB1PedSJio0_Alf3TO4Df0UjztkV6MM3yd_BdxeUX5duRH0rIFdRNHikzijVCQfHR_1GQCGSzy0jHDT0VjuuXkGQ_Gka91MmOD18FloUkpu6NH-0VIau8yEokKDmIe6SACa_YqnClhjUXKkGyD7nbzn9G-74Go3s5DaGE6_k8dg5DuRNYHGCpi8Kkkx2h5a-7g4HoJWN8WFRgXvzJag8FGkO58XThk_gT5f0Io27MOk4md8tGrSgIJhzb1D7O_e_TMDTcetBlui8bNWhcq8SDAgibfvG2WMEG8twpg08-EKAtK5cXzCAK84_1yPOwMFpMvo9aIDYpTBDRTZaG7oZbJLyApli9_uQ5V1j6rydkqhqMYgzgIfEjfwKInLUP-bgan49zgBKsQWmY7-SMslXBMuP4VXWy3ZKWp_K-f8gb7OZKUEn9NIYCKD5OuSzm1SUKAxBpA2KSi5fNYA9G7GDS1d3w24Cr5V1MxkFKmnlZkfWV4MIVho79ZIhb8QCTaNYdOE4fscwldG8Yx1S-qPZVmGhv1yCjD5YGA80pkn4UZXkujwht7NTZqhB3r6apVskRi8M0H_eFcVLrSdOKBncluzjbsWr5o-6zSyoGskdJ8MEfCJ3VUZtf7Bcl78OLHGxfksoBm0qSkTc_xlB2nlRZN1-N7G75gxMVk-ZdeDl7fFmPwQp7NdK2TLlBom0wgRBp51ZDSewsPw8N7gn3u2AYADNXVlCg9idOKfiWlkaEQTMfG7AnLfFaMyjw8tCD8jOUO7nXvYp0bPT1v-_ygwh3KVFBGv1wGexMmZ32f5jPWf0Cd6NAhB58Ya-c_U1YiklkdLMYynM0UvcpF1P7NiyPEh6mJfIpo7wnkgQipvkZNnkJEfImpqckxWZgFCDN3WTCL0Xuq-gxygUPeYmE7JHeV-TeDh_Lk-xqhMy78WwjVqdLODxnNqNEL3Uz7tw580KJmLh659FXTGB1O_x2mObfmtaRe9znuRgqRboz_SiL3pzpcwTLpmqLpaVjkedmJLsnNyoNA7S-S7E7oPM5HRAZcne5gga24SY5gCmPfjLc5Mn_5BlXvV5EGsFeDC35e0NFAcCpEyx1YMNljk5ceA3G5hXfuwaBzKO4MU2O0lpncol2ndIVBF-C0kqyWyh4tdT9FmoHFFk1rPJPySgiHX0G44TkxBV-sBlFAiWBAfJJD2XD0o0jlFe2W1_UbE-6OzfSKdfngvDOKT3uAnb5ng7LB8KxPpbMileSagN2w487az7_Jk-KtpBzwBRQms8MzF6U6s7SwyTjI1i5Wsy3urU2WB7KfjWQJ8DK3mrc21n8X6cVp68Gg_r9DN9Ud6FLgd7qlhXRgn_h1zhYVBL5GlIwMl7rhKl8oHDt4RHlFduty91XlDh-kzFi9xzatFRVZHdVLWRXKx-_jc2Iq-sMDqDtfqqmp5gF0AqQbyfm5o-nWlMzJGAwwsj_5m0-H09ku4SHoRXdBPL1UT4Z5ZuUaQ-YRJXgTaKUx2yFuQvnNqxyScUqXhbxIDjjcCday2O8lo78T9o9cA99qNhveJ98vBHVehki4SQ9VjJUdDlw6D3JwhXW-oz1sH7Ebb7YMfo3JPeWilRIewcQidsPm8pMi5THUMzZEVdMha-C2k_GPLvjVrsUZIeYitNvbnbx3BBwysh9OrsjLnWJo5GBnWHmZqXXEHD-dmpamHoVl3D3ZSPV8CDj7vwvTgzLsKc34CiQS-W_w-GN54skvwLQrO70pdOeU3_cEVTNnc_iFrLFfgDREvRXerLp40EfOrp1OQ4Pfvvt865UQ30dqap4a14xhJYHsMniv4e1o4h98_1KID9JQ6xyFj4eEDQSEvT_Gtj0bnIsI7Tgn9p4&cid=CAASEuRogdnX5jqM2CZsPjGwYJ96mQ&rfl=3%2Chttp%253A%252F%252Fb.travelmiso.com%242%2C%2C%2Chttps%253A%252F%252Fa15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%253Fn%253D2%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:53 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame CC50 22 KB
8 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:47:25 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B966 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H2

200

/
dmp.adform.net/dmp/profile/ Frame C5FF
Redirect Chain

https://dmp.adform.net/dmp/profile/?pid=10747&sg=Vir-1
https://dmp.adform.net/dmp/profile/?CC=1&pid=10747&sg=Vir-1

35 B
231 B

42ms
41ms

Image
image/gif

37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/dmp/profile/?CC=1&pid=10747&sg=Vir-1

Requested by

Host: track.adform.net
URL: https://track.adform.net/serving/container/?pm=720907&lid=25271102&ctype=0&media=0&PageName=Viralize-all+cookie&rnd=1649350748&cpref=http%3a%2f%2fshoppinglifestyle.biz%2f&loc=http%3a%2f%2fb.travelmiso.com%2ftravel%2f

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://track.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif

Redirect headers

location: https://dmp.adform.net/dmp/profile/?CC=1&pid=10747&sg=Vir-1
date: Mon, 14 Jun 2021 07:47:33 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3-29 200 pubads_impl_2021061001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D0BD 326 KB
114 KB 34ms
33ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ce69465fa2284194ab3ec822ee452307e2f4b4ab202499e24a06f8215b1ead1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 08:39:38 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116947
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:33 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame B511 111 KB
38 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:00:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2808
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:00:45 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame B511 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C-VtTTa-FP9-t-Ri6MWtHVFnDvA7tFDEKV7l5vuJug4TSTtlnnk3i17vHzYdurtfPiiQKWA6-I-Qynuxonqn92rDhfVdOTBrgQ787yeRiqQL3J8hTPWLudW-KIIe_Halhe25FvJjlrjmWWsR-Sh9-v12gvmg&dbm_d=AKAmf-DNH52U7EIuUcc7aVecNVD0HghI98M7jpZY0pHXRswh-pRjadZs8SX_0pJ8yrJWTO_-P9UZgLVnOYNG4Ez1xaThQhQzQ1K7YG8i60LnIIG4bq9RHm31EJENTb6DEkQGpGXqCq5vbprqv8r7i9acMUoMB972b99Rbqu-9HdZYsFR6I9iCfMiMJWvdWvk3Q3_K1Eo1YmjXFPAzr0772CSc7YjgCLA1BYAww3sC84PkW6c-KAX1mbkXgX6ae0SWlNAlfjgosc_wOoLcyDbsKGW-U7DuApnCwNKNXW3OoMvWxgYT_hKHaYZrmtkiFecx_ACr0ZcYC2_o_FUoQxuKotFV3LsTwQkQ99Id7wPC2ef12cPOfMGYjOSXK4pfWARsDWD19z2fqzhWXDhJbSSxOky34a8xzPI7eQE7_VtfqoKqUIjGfuAHHv8EckIWTfxx5xRcipr-h2oUvbKxJIsYO57KfzUFy1S7x-YaGuxaKfsPJSUnqxln-QCgfWY8OgdQarr7QTyP7swjCRZmC9j8ytuXOoFr22aqcuh5MIbUI2A1NwuzsL44Lx_HCb9un2VpkQotg_JIc1NN7PWCa5omm3Iq0H6XVCR9ep15KNCiPCiPOnTbZ5t9e3NNGf7StmsZ25WhlMaL6QncbSjggIhfBfFaTVtSUkF2sHqK8PAqOHqwX7kZ5Bvsktpi1VTgjYajWT6CW45hkJxj19_G1ItSnqOnZoGpIZzbBVD0OmYiBNs8fYhFx7Ueoj9JnMjZEBkp7L64AiEAxrX2WVs_SBAsc1v9gO_OK-xfKBgiLm7nx2JNo9Pb3G45OTELnWfl7YUza_lqoyMA6jXdMsSyNQmtYbrPcOOeCn0bzyz3CqD4wM3Pc8-cWxrQSHHhK-DEH9DhXI9j9LJIY9BNbG_kfudzcsVC0S85omFL0TOoJ6mantnKxtEDenK2-WbTtLyCIJui1SG43hYzRSvFHXYYIa-XiU_0fKqXF7hQVvANUJHl7LrWrocz-16F3Ce3t5qKDrht9wfD3-7HdmYq-jYFMdLlHMa_sxBbhIFp4yDAc_KMKnhJfS42AoNPjyavQaaqayoXlY-dlDBr0Xlh-7Ao5J-k70IR7_iMTRW0Envtyl1e0zzc2Kw1Pi44wtARIVwsuzDtEH0j5FGpYrwxgqNiXyezsc1RJrvuhE0ffMr1os3MV4UIDNwowPM9_th8IWSXVF8MQlfbNV77gKqcox4n4dijcXHWlAczfPg3Po9mvRW-rJXYVhdkOoh4zFhRi74GgJJvooIWND81PmTMh0VKABOb2HeJKG5xVyuTLoA1otSvKWEHDC1oriO6rgTsjfPBJBwvYfAuhD0aOIX3m4Wprkb99JOOwt6kPuqNGQ2TFr4-xMVWwjaKjG8xd-YWXvuh1ZdiBP5fVOotJbN8ez4fbb0Ezri73mVWwSjRyNCpvNSOAcQTnOmCJgL001_647lGpeF_NTKIrU569y5YNyS8SeTOQIzLEeYL2jEpgK-qhZP6htPILcg7p-w3Y0XsWEEcALu_18N7p-NjStTK7xF2m5cfrhoSu9BRc70CbTG1LKFrmvi8DWnUjgxSWcfZKS7DO0fvdunEvtosSLrEytgKZGFj9UYPaK1BMcn6cNdkqLTXYp6vyFEt_GdwZ5bGYdOSuJcEYKdxrhSgzNCZKRsBZqqJqS0_IQ1E52iNd83H5Xa18EVpRh1DqnUg6jHJNpemO43fTadMUbePpjs8_VDykt_ZEM1ocGtYOZCXBKtiOGh--JSc7sSr8OoLXlld0Ok5JFQKdWkQ-i7NkN5SbZ0dlZOmsytMRSTOg3Xfsby49F0OESnlJbo6IoggEFDEDAYWswUWCuVXFky9P4cf5INTaGOYRLnGrh_Ku69oLkGIciBS0C9oRXk8aVxyrI2XAHQosK0SYASrrbYNe5WgxRzBZtSGOFUguhoYHlNj1G31j7NQZf1kOpCeWEMYTTgL7bDV3EtA3d-1vSRozaa5UlB0f1mVRGATsUohfQDo8jJcZHNIevJTOt8P7Lj2qtVw7CvpH9AImlzplb5H98B7YcC-g6PuyXH9YMfgabC6dR3EGnU-CTswSYRG0JHV-MyShrC5FTXJZouspoQlIidQHubBcCOpX7z32N3oeCswOUet9KNrqF9Wm297FVai6l8C1AGO7KFkMrqMd8k6rTQKUhtBoHUI_-eMYlq4Vkq_nEl2n5TpvjS5MNW8cy8BJcSLYxZO0Ad9m8wOIXcyQZGUFO0IqfsFhl_nhIm_fetw_rGMzEZYRRjZg0JKSBe603nXOaNE5q83gHQhvtP1XjN6DQGJBge14RMoo5f2f8IhNvRYZel9hUI8Xn6eECDlzAnNPSXOJr7SXESi6aYxrvYZZQgLfDbGSLGbFVrk_ug-Gvcj7L1NS0lgGTDRlcZXjCyFucxUXudtaE5EgKc6C9Ni84vYIN80M3cDvueGUZIFtmvzYbmoRRP5KCT-SwV89E5sJULx2PyVsbarcgoggJ-ma8WgSyVacM_3h9LQdHIc-NLrSNTTa_QqUXSICrIBVyLu8Ll-WT6jRZ4LmwBpxbxu2pGPr9g9bR0Bb8fL2pvjebZ79j4y3mNjF_aLkktukTAKdgV-NeBMZqb0FCQXVXtGTNBQ2hqCuoJ8PS_Rqficimgd0s7vNl0tcl8hE43XVGRZpi4wmrJFrAUq-oqh1jNi-H7TcU9Betxa8Nwb40sv0_fi_H1Z-f4wBNaPYt5Hdg0mwjYHtkXMUJcv0z4VT1tSuyMEG11O_B_rbC58H099tT_oJ5DjHcXwl0OZEDQWuH495RQyrhnb_pTBFqrCB9BzeBEKYAdX19WWmi2ARE2treXWuKQEuWD5-oSTdhmhLlSuSbOfWz4XFpnDF8dNo10yF9WomzgtPeKNxXKUs3vVaRuQ_2148kLvTTtqI8k2tkX7p2MFZHd5AeFoUuHYtygNq2sNA6q-anc4Lz4qorJUx1Fpz_pkaXOkOwJo4qcx1UxzeMNcFprKz-1mrkQ1ZAjP3GRp3uee2NYJ-OTWd6hjCrc38EI4gZMgqg2Xk6B6lVG-WP4orvrRsa324SO-gB-vCsHeFkqLnEIu_JgseNKhDzav6NK04aSMMPfodp1HYcL0q8WB50L8zBE3LPplIhkFDAR0K5RjU6nhbFWNSgxWglNzkZAnwLKBcLdR8ghJFc&cid=CAASEuRopKgHzxKTLjmhcI_qu-kDpg&rfl=3%2Chttp%253A%252F%252Fb.travelmiso.com%242%2C%2C%2Chttps%253A%252F%252F936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%253Fn%253D2%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:53 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame B511 22 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:47:25 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame D785 107 B
165 B 17ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame D785 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D785 7 KB
4 KB 213ms
200ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2480692157435978&correlator=107772130528236&output=ldjh&impl=fif&eid=31061040%2C31061422%2C22316438%2C31061142%2C44742767%2C31060839&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=53015287%2Ctravelmiso.com_d_300x250_1a&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=2&cookie_enabled=1&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1623656853&dt=1623656853828&dlt=1623656852490&idt=1308&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=923&adys=265&adks=2309991019&ucis=efz0dh8kli17&ifi=1&ifk=1150393722&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fyl%2F300x250.html&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=2053897748.1623656854&ga_sid=1623656854&ga_hid=1501880436&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

acb42690d6583475c15463f735b8cfad7fb959ac773f345e662491a8ce83c560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3998
x-xss-protection: 0
google-lineitem-id: 5064520210
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138322598746
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
50a5f2480f0bf33197dc4551644d1780.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D785 0
0 86ms
16ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://50a5f2480f0bf33197dc4551644d1780.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame D785 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 796fbc4773715d5c6f95780cba53871d54ca2f616501248aef74f449e86fcdf4

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cht_cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame B341 807 B
630 B 32ms
26ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cht_cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6058eb29e9bb8b7cd0d68f0d180a093941e971f4659092a70c99ca57827bc678

Request headers

:method: GET
:authority: cdn.aralego.net
:scheme: https
:path: /ucfad/cookie/cht_cookieSyncIframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-type: text/html
last-modified: Tue, 11 Aug 2020 08:15:02 GMT
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 5679
cf-request-id: 0aab16898300004a868ea5a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=cuJ%2BRGzEPEXhT1PR8jRq7tYaFz%2BnBL%2B5LxsIEtGRAz7rA%2F9d%2F2y4KzufDPD99bO5eH8GZHvaq3xbANfOBmrl8I00rylXoX4ZDEGf9nVNUv6krnU5WUUuTyn%2B8nv%2FVqF55rnFIcf%2BWe0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 65f1f388cff64a86-FRA
content-encoding: br

GET idsync
sync.aralego.com/ Frame B5A2 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 04F9
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dapn%26i%3D%24UID
https://rtb.gumgum.com/usersync?b=apn&i=8496773984389683146

35 B
237 B

36ms
35ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=8496773984389683146
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.253:80
AN-X-Request-Uuid: cc30a9dc-1801-4960-8767-7005c0f38447
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=8496773984389683146
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET sync
x.bidswitch.net/ Frame 04F9 0
0

GET redirectObuid
sync.outbrain.com/ Frame 04F9 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 04F9
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=7c8a2565-d480-4601-be25-e8de94542bff

35 B
237 B

40ms
39ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=7c8a2565-d480-4601-be25-e8de94542bff
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 14 Jun 2021 07:47:33 GMT
content-encoding: gzip
server: OXGW/16.208.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=7c8a2565-d480-4601-be25-e8de94542bff
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET sync
sync.srv.stackadapt.com/ Frame 04F9 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 04F9
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-bTA8ND9E2pfdGaER431RTjOdPsi.Me4m5osn~A

35 B
237 B

39ms
39ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-bTA8ND9E2pfdGaER431RTjOdPsi.Me4m5osn~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 14 Jun 2021 07:47:33 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-bTA8ND9E2pfdGaER431RTjOdPsi.Me4m5osn~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame 04F9 0
0

GET
H2 204 services
sync.technoratimedia.com/ Frame 04F9 0
293 B 478ms
94ms Image
text/plain 193.122.174.27
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 193.122.174.27 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 267719198
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true

GET 142
match.deepintent.com/usersync/ Frame 04F9 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 04F9
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_236dab5e-1504-46ee-999b-da2c0e4f5cb2&gdpr=1&gdpr_consent=&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

35 B
237 B

42ms
42ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:38 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 78
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 04F9
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=4fc979ee-f5e3-42c9-8690-3a78a8a9c509

35 B
237 B

35ms
35ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=4fc979ee-f5e3-42c9-8690-3a78a8a9c509
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=4fc979ee-f5e3-42c9-8690-3a78a8a9c509
date: Mon, 14 Jun 2021 07:47:34 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame 04F9
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7396866149
https://sync.1rx.io/usersync/tradedesk/f045f152-f2cc-4b14-80ad-163e6e314e57
https://sync.targeting.unrulymedia.com/csync/RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003

35 B
237 B

50ms
49ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
date: Mon, 14 Jun 2021 07:47:38 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX4dd4d7ee80ab4dcfac4dbfe26464020c003
content-type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame 04F9
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=0L33Fq7aPPvp&ev=1&pid=558355

35 B
237 B

42ms
41ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=0L33Fq7aPPvp&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=0L33Fq7aPPvp&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-8474b759f8-2hvq9
expires: -1

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame 04F9 43 B
1 KB 44ms
42ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=36&3pid=e_236dab5e-1504-46ee-999b-da2c0e4f5cb2
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 73E9
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=f8bf60c7-0995-4800-b758-2ed4f8994f7e&gdpr=1&gdpr_consent=

35 B
237 B

40ms
35ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=f8bf60c7-0995-4800-b758-2ed4f8994f7e&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=f8bf60c7-0995-4800-b758-2ed4f8994f7e&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 14 Jun 2021 07:47:37 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3759 5f8f15b master zrh-pixel-x27
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: uuid=f8bf60c7-0995-4800-b758-2ed4f8994f7e; domain=.mathtag.com; path=/; expires=Tue, 12-Jul-2022 07:47:33 GMT; SameSite=None; Secure
location: https://rtb.gumgum.com/usersync?b=mmh&i=f8bf60c7-0995-4800-b758-2ed4f8994f7e&gdpr=1&gdpr_consent=
Expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H2

200

URnmbSKM Show response
sync-tm.everesttech.net/ct/upi/pid/ Frame BD9F
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD5gBg

85 B
165 B

26ms
26ms

Document
image/png

151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD5gBg
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

:method: GET
:authority: sync-tm.everesttech.net
:scheme: https
:path: /ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD5gBg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: everest_g_v2=g_surferid~YMcJlwABhMsD6QBg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 varnish
age: 2909
x-served-by: cache-fra19164-FRA
x-cache: HIT
x-cache-hits: 7470
x-timer: S1623656855.150174,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 85

Redirect headers

p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
set-cookie: everest_g_v2=g_surferid~YMcJlwABhMsD5gBg; Path=/; Domain=.everesttech.net; Expires=Tue, 14-Jun-2022 07:47:35 GMT; Max-Age=31536000;SameSite=None;Secure
location: https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YMcJlwABhMsD5gBg
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 varnish
x-served-by: cache-fra19164-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1623656855.032171,VS0,VE92
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3-29 200 pixel Show response
cm.g.doubleclick.net/ Frame 66F3 170 B
188 B 37ms
36ms Document
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yMzZkYWI1ZS0xNTA0LTQ2ZWUtOTk5Yi1kYTJjMGU0ZjVjYjI=&gdpr=1&gdpr_consent=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

media-router-flurry71.prod.media.vip.ir2.yahoo.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV8yMzZkYWI1ZS0xNTA0LTQ2ZWUtOTk5Yi1kYTJjMGU0ZjVjYjI=&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkpZODAUmN0LQ2pjqI7j5sl5jBVGheRycTPIj29hCRFVKu42-LIT_x4e8TayAA; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Mon, 14 Jun 2021 07:47:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E666 8 KB
3 KB 149ms
122ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111760
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:34 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 5A96 0
0 2768ms
121ms Document
text/plain 67.202.110.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.22 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-110.static.steadfastdns.net
Software: 33XP004 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP004
date: Mon, 14 Jun 2021 07:47:36 GMT

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 7F47 70 B
264 B 45ms
32ms Document
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

:method: GET
:authority: match.adsrvr.org
:scheme: https
:path: /track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame 857F 0
0 149ms
31ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: text/html
date: Mon, 14 Jun 2021 07:47:34 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 0828
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YMcJl8Co8XUAAGKjAxcAAAAA

35 B
237 B

36ms
35ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YMcJl8Co8XUAAGKjAxcAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YMcJl8Co8XUAAGKjAxcAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YMcJl8Co8XUAAGKjAxcAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 1
X-SO-HostName: m-ad343.dc4p.scaleout.jp
X-SO-LB-Hostname: m-tgng17.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":23,"gdpr":true,"ipv4":"0.0.0.0","key":"YMcJl8Co8XUAAGKjAxcAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad343"}
X-SO-Key: YMcJl8Co8XUAAGKjAxcAAAAA
X-SO-IP: 93.177.75.188
X-SO-Cluster-ID: 23
X-SO-Upstream-ID: m-ad343

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame BB16
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=1870471595906418928

35 B
237 B

51ms
35ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=1870471595906418928
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=1870471595906418928
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAADvEyGtoZmRsZmpmYWpsZmi-SgzBNzEwMgAAARuS9SAAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 9 Jul 2022 07:47:34 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNrQwNzAxNzS1NLU0MDMxtLA0shDiM9QNqizKNSuLckquLM6T4jU0MzI2MzWzMDU2MzQHAA8ClrA0AAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 9 Jul 2022 07:47:34 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzAxNzS1NLU0MDMxtLA0shDiM9QNqizKNSuLckquLM4DACFHubglAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=1870471595906418928
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 1965
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=eN6mBksosBCiO9C86eHa&pi=gumgum&tc=1

35 B
237 B

35ms
34ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=eN6mBksosBCiO9C86eHa&pi=gumgum&tc=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=eN6mBksosBCiO9C86eHa&pi=gumgum&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Mon, 14 Jun 2021 07:47:34 GMT Mon, 14 Jun 2021 07:47:34 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=eN6mBksosBCiO9C86eHa&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame BAB1 38 KB
14 KB 135ms
133ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29091
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:34 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK vbl.gif
pre.glotgrx.com/ Frame 03F2 26 B
451 B 31ms
18ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pre.glotgrx.com/vbl.gif?cb=1623656854077&rnd=50q64xx6m971&ifm=1&uai=1&cid=954&s=http%253A//travelmiso.com/&p=1505449937&x=gammassp&adtg=1567570933&ats=0&atf=&nsi=&si=&nci=&nai=&pft=0&iip=0&adb=0&adc=1&adcd=i0_f0_o0_e0&ai=1567569789&icp=undefined&impid=
Requested by: Host: www.travelmiso.com
URL: http://www.travelmiso.com/acta/friends/inndef_300x250.asp
Protocol: HTTP/1.1
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:22 GMT
Server: cloudflare
Age: 6019
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f38a38e6dfbb-FRA
Content-Length: 26
cf-request-id: 0aab168a640000dfbbb5b5c000000001
Expires: Mon, 14 Jun 2021 09:47:34 GMT

GET
H/1.1 200
OK nflrc.gif
pre.glotgrx.com/ Frame 03F2 26 B
451 B 28ms
15ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pre.glotgrx.com/nflrc.gif?cb=1623656854060879&ver=1.2r81&qid=83432313f553532313f5435393&p=1505449937&s=http%253A//travelmiso.com/&x=gammassp&cid=954&od1=&od2=&adtg=1567570933&nci=&nai=&si=&ai=1567569789&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=50q64xx6m971&impid=&tps=5&ver1=2.2.3&lon=&lat=&ua=&os=&mm=&di=&ip=&ci=&pp=&bp=&w=&h=&pn=&1=ee77c0c034c348ee32ba3530edecd876&2=2.1&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=3&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=954&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=2&icpl=27&icp=http%253A//b.travelmiso.com&irfl=28&irf=http%253A//b.travelmiso.com/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-26-p-fl-10-s-fl-22-x-fl-8-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-10-nci-fl-0-nai-fl-0-si-fl-0-ai-fl-10-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-lon-fl-0-lat-fl-0-ua-fl-0-os-fl-0-mm-fl-0-di-fl-0-ip-fl-0-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-0-h-fl-0-pn-fl-0-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andWindows&adv=0&det=1&adb=0&iip=0&spf=0&adc=1&adcd=i0_f0_o0_e0&vps=300x250&gpu=undefined&ncf=4g_9.8_undefined_null_0_undefined_false&fli=3429136985&flerr=0&trim=&fio=36
Requested by: Host: www.travelmiso.com
URL: http://www.travelmiso.com/acta/friends/inndef_300x250.asp
Protocol: HTTP/1.1
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:22 GMT
Server: cloudflare
Age: 6035
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f38a3d104ed3-FRA
Content-Length: 26
cf-request-id: 0aab168a6200004ed3ddb89000000001
Expires: Mon, 14 Jun 2021 09:47:34 GMT

GET
H2 200 getAds.do Show response
ads.yap.yahoo.com/nosdk/wj/v1/ Frame 8C79 291 B
478 B 1162ms
52ms Script
application/javascript 212.82.100.146
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_us&agentVersion=205&adTrackingEnabled=true&adUnitCode=d3ba746a-82fb-4032-b01e-ccb4c304c69a&apiKey=KDF27TK6KH2YJC7YV2Y3&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Fcdn.aralego.net&caps=16&cb=JSONPCallback0

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/av/yap/ga/yap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

212.82.100.146 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

911ce74c632a59217dd42b1a3412e0701fc2468f44e0b99e9756d5cdf87479d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding, User-Agent
content-type: application/javascript; charset=UTF-8
strict-transport-security: max-age=31536000

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ Frame 5B94 61 KB
21 KB 22ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1534e66c0f755f2d4cd2b899a7155bd2fbff98b00a37e940a08822fc87bfb7f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "902 / 382 of 1000 / last-modified: 1623449396"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin: *
Content-Length: 21294
X-XSS-Protection: 0
Expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H2 200 hb Show response
ice.360yield.com/ Frame DFAA 98 B
515 B 27ms
26ms XHR
application/json 52.57.46.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%2219c8b7548780d56%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22viralize.com%22%2C%22sid%22%3A%222633%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%222c47201599a109%22%2C%22pid%22%3A%2222340141%22%2C%22tid%22%3A%226534d291-5be3-4e63-8eb9-09b99cedd5a6%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.46.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-46-37.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f3a31ac25b27601c081afcd1b85843ab465269227244d1e5eccd690f8d92605b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://b.travelmiso.com
date: Mon, 14 Jun 2021 07:47:34 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 98
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 / Show response
adx.adform.net/adx/ Frame DFAA 5 B
541 B 68ms
68ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&cHJpY2VUeXBlPW5ldCZtaWQ9ODQ4NjYxJnRyYW5zYWN0aW9uSWQ9NjUzNGQyOTEtNWJlMy00ZTYzLThlYjktMDliOTljZWRkNWE2&pt=net&stid=e8912389-7fbc-481d-8508-d60b66316e2c&gdpr=0&gdpr_consent=undefined&fd=1&url=travelmiso.com

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DFAA 19 B
871 B 77ms
77ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.234:80
AN-X-Request-Uuid: 7afa5fce-08ff-4b22-b392-d4caecc3a6c6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame DFAA 0
188 B 18ms
17ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.27.0&cb=78655111236
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://b.travelmiso.com
date: Mon, 14 Jun 2021 07:47:33 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DFAA 19 B
870 B 26ms
26ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.42:80
AN-X-Request-Uuid: 0a508638-76cf-4b9d-95aa-7e9a236508e6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DFAA 19 B
871 B 28ms
28ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.250:80
AN-X-Request-Uuid: 189139c3-88aa-4489-b720-16cad3de886a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://b.travelmiso.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame DFAA 5 B
540 B 68ms
67ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame DFAA 94 B
1 KB 65ms
65ms XHR
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.27.0
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: afdf2a6d3e1f0f9e5179df1ee1c53a7827d9fdb3d2e4d21f60823e51d44592d6

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: http://b.travelmiso.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

GET
H2 200 / Show response
adx.adform.net/adx/ Frame DFAA 5 B
541 B 96ms
96ms XHR
application/json 37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 5
expires: -1

GET
H2 200 1 Show response
servicer.mgid.com/1151336/ Frame D40F 1 KB
829 B 86ms
81ms Script
application/x-javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/1151336/1?pv=5&cbuster=1623656854190198524379&uniqId=046fa&niet=4g&nisd=false&w=300&h=250&p1_w=300&p1_h=250&maxw_1=300&maxh_1=250&cols=1&iframe=1&ref=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&cxurl=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&pr=shoppinglifestyle.biz&lu=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&pageView=1&pvid=17a097d7076ad179c6b&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/adop.travelmiso.com.1151336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 902b97024fed37b1e82425c3c1b444613d7ba73e768effc1281cac104d5fe97c

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f38ac9bcee48-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab168abb0000ee485389a000000001

GET
H2 200 yap.js Show response
s.yimg.com/av/yap/ga/ Frame 5F27 69 KB
21 KB 8ms
7ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/av/yap/ga/yap.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=300&height=250&click=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

56cf6c2adb75e276955f3bf951793f0c794ceb51d67d5d2c64b8ec01b996ecc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 14 Jun 2021 07:17:46 GMT
content-encoding: gzip
x-amz-meta-created-date: Thu, 14 Jun 2018 21:01:51 GMT
age: 1789
x-amz-server-side-encryption: AES256
x-amz-meta-x-ysws-mbst-vtime: 1529010111289407
vary: Accept-Encoding,Origin
x-amz-request-id: T70J71QY40SSM61E
x-amz-id-2: EA69afkUYrGtzWGH8rI2GtYYoH7JGlpRWytpgFMYRhhIOIlQfvIDKxYMQWahHGPI7LbTpka5HRU=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 22 Jun 2018 20:24:03 GMT
server: ATS
etag: "dc33089f908605f46038b49337653924-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,stale-while-revalidate=30,max-age=3600
content-length: 21352
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:f804d14e-b940-4c8c-9951-826241a860ad00056ea0688a983f"
x-content-type-options: nosniff
expires: Fri, 22 Jun 2018 21:24:02 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E080 22 KB
8 KB 9ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 13 Jun 2021 10:48:52 GMT
expires: Mon, 13 Jun 2022 10:48:52 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 75522
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK vbl.gif
pre.glotgrx.com/ Frame C527 26 B
451 B 30ms
29ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pre.glotgrx.com/vbl.gif?cb=1623656854241&rnd=shjzvjyiwtqq&ifm=2&uai=2&cid=954&s=http%253A//travelmiso.com/&p=1505449937&x=gammassp&adtg=1567570933&ats=0&atf=&nsi=&si=&nci=&nai=&pft=0&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=1567569789&icp=undefined&impid=
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/300x250.html
Protocol: HTTP/1.1
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:22 GMT
Server: cloudflare
Age: 6019
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f38b1ac7dfbb-FRA
Content-Length: 26
cf-request-id: 0aab168af20000dfbb030e1000000001
Expires: Mon, 14 Jun 2021 09:47:34 GMT

GET
H/1.1 200
OK nflrc.gif
pre.glotgrx.com/ Frame C527 26 B
451 B 25ms
25ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pre.glotgrx.com/nflrc.gif?cb=1623656854232436&ver=1.2r81&qid=83432313f553532313f5435393&p=1505449937&s=http%253A//travelmiso.com/&x=gammassp&cid=954&od1=&od2=&adtg=1567570933&nci=&nai=&si=&ai=1567569789&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=shjzvjyiwtqq&impid=&tps=5&ver1=2.2.3&lon=&lat=&ua=&os=&mm=&di=&ip=&ci=&pp=&bp=&w=&h=&pn=&1=ee77c0c034c348ee32ba3530edecd876&2=2.1&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=3&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=954&ifm=2&penv=b&pt=&ptbp=&tw=0&ldp=1&icpl=35&icp=http%253A//b.travelmiso.com/travel/&irfl=33&irf=http%253A//shoppinglifestyle.biz/&cty=4&fcs=1&flky=ver-fl-6-qid-fl-26-p-fl-10-s-fl-22-x-fl-8-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-10-nci-fl-0-nai-fl-0-si-fl-0-ai-fl-10-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-lon-fl-0-lat-fl-0-ua-fl-0-os-fl-0-mm-fl-0-di-fl-0-ip-fl-0-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-0-h-fl-0-pn-fl-0-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andWindows&adv=0&det=1&adb=0&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=300x250&gpu=undefined&ncf=4g_9.5_undefined_null_0_undefined_false&fli=3429136985&flerr=0&trim=&fio=17
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/300x250.html
Protocol: HTTP/1.1
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:22 GMT
Server: cloudflare
Age: 6035
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f38b1f414ed3-FRA
Content-Length: 26
cf-request-id: 0aab168af200004ed3b52f8000000001
Expires: Mon, 14 Jun 2021 09:47:34 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 5AAC 236 KB
63 KB 44ms
17ms Script
text/javascript 2a02:26f0:6c00::210:ba1a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 14 Jun 2021 08:02:34 GMT

GET
H3-29 200 index.js Show response
s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/ Frame 5AAC 76 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.js?1610928118453

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

490e996e51191e9d6488bd2662cc72e334e53efcc33347db43535181b22e250c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2605
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15030
x-xss-protection: 0
last-modified: Mon, 01 Feb 2021 19:30:33 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 15 Jun 2021 07:04:09 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 52DC 83 KB
27 KB 47ms
44ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a98e1f08dd27c121a337ddc31691d4044f56ae83301b574728548b78d3068d3b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:09:58 GMT
server: nginx
etag: W/"60b79136-14aab"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:47:34 GMT

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 931B 318 KB
112 KB 37ms
36ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 9015 3 KB
4 KB 89ms
28ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=72418150&p=158212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 46771d529fc664d7e1ac912f27b9fb729a2dec9ff462b1057730ed47573864ce

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 cinnpie-580x405.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-central-1.amazonaws.com/www-staging.esports.com/WP%2520Media%2520Folder%252... Frame 6040 11 KB
11 KB 34ms
24ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-central-1.amazonaws.com/www-staging.esports.com/WP%2520Media%2520Folder%2520-%2520esports-com//var/app/current/web/app/uploads/2021/05/cinnpie-580x405.png
Requested by: Host: nichools.com
URL: http://nichools.com/usync?i=jvz1bqas4afbza0812345&a=f806503c39db99c77ecab4df904769a71&cb=0646011623656847690
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e25403d3f839b463dde5c1b30e552103105a1fd96b47123424db7fdb37799f64

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 varnish, 1.1 varnish
age: 1101183
edge-cache-tag: 484742972939072614381997010781313127915,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 36
expiration: expiry-date="Sun, 06 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-central-1.amazonaws.com/www-staging.esports.com/WP%2520Media%2520Folder%2520-%2520esports-com//var/app/current/web/app/uploads/2021/05/cinnpie-580x405.png
content-length: 11508
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
last-modified: Thu, 06 May 2021 06:24:09 GMT
server: nginx
x-timer: S1623656854.386439,VS0,VE0
etag: "1d203384dd14efdc76de36260a6c16a9"
x-served-by: cache-wdc5543-WDC, cache-dca17752-DCA, cache-hhn11534-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 86D9 83 KB
27 KB 26ms
25ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a98e1f08dd27c121a337ddc31691d4044f56ae83301b574728548b78d3068d3b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:09:58 GMT
server: nginx
etag: W/"60b79136-14aab"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:47:34 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame E074 0
0 47ms
45ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstClt3l2HLEolkuU97v3V-lAKXaU-fZmdR50d9CMnl0zubl3ivsq4VCb0FdSKGzz5FDVXavIMeHWpQS9zFAJU7whkOz1Lj0bTvfAMZeDaFVFAml6rtnhbiA7aBn6D0zlXNH8WzvaAZCn7EN3ElETzDILWIkJ_NVnPMF3okki0uHuigpCRaWtGBR2Itabv3Ee22C-b9JnpMaQeQhEt4eixPVsZ1-wn1bQEeu4OMYiLXNFc7VLjLzvPoojRb4CAQEoBBZ_gngYznrjLVIqb9EFfjtSJ0VBWcLZA2RkyQjyaxkV7Fa9FsyKUBtDZKAMhHvZP4&sig=Cg0ArKJSzHzS_SnkuBxhEAE&urlfix=1&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame E074 62 KB
21 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9866f495460a45d1ec832057bb5b598431206528e7c74fe242d875cb31b3dcd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 315 of 1000 / last-modified: 1623449396"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21413
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E074 122 KB
37 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame D785 73 KB
28 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F846 42 B
64 B 34ms
29ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstjMEvs3xCBXwOZlGNeUTXwGlhUZmykY9-9AnONvtKpHAuj3hw4PTD19NGQdKkkcYD4m-ZH6l24xAOk-BLLBW-SZKqU_yYMx8q_zuDZfgzN69FWU_c9qoaYswa-UQ&sai=AMfl-YTnVEQ6_kzPeIvQz-jlbPLKVLYYSgUQN68IRhCzr3DDlEiIbGB56sp5DIPDEHupPohoeCvxw-Va6-7JIbMVAcXDBhQfPvnLOEVbDqAb2kjUPWw3qkWQC-DAuvc&sig=Cg0ArKJSzCI5anMwn6L9EAE&cid=CAASEuRoquxJu--KiMnszY60socfSw&id=lidar2&mcvt=1359&p=0,0,250,300&mtos=1359,1359,1359,1359,1359&tos=1359,0,0,0,0&v=20210611&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3271745543&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656850115&dlt=187&rpt=3260&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ucfad-formats.css
cdn.aralego.net/css/dev/ Frame 235E 975 B
1 KB 16ms
12ms Stylesheet
text/css 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"report_to":"cf-nel","max_age":604800}
Age: 5880
Cf-Polished: origSize=1191
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0aab168baa00004a56c53cb000000001
Last-Modified: Fri, 16 Mar 2018 07:19:46 GMT
Server: cloudflare
ETag: W/"5aab7012-4a7"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=b5ok1FcOrXEtJJqrM1gVvpc4b%2Fvax4cICZKxlNYHNc2O0YOW9KE1EMGUaa6WbNZEDL8lJMtKNJnj6eC%2Fhnl9sgzrH0%2FESXUV0Sjz2FPRQutKgWyQkx0fwx8VCSJ%2Bu9Y9YNAbW8ehiak%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
Access-Control-Allow-Credentials: true
CF-RAY: 65f1f38c4a5b4a56-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame 235E 46 B
495 B 663ms
103ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Falls Church, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 2e22d0f48fb64994bb452c630105d437ee7a66add079e88b8ce81a1930915c19

Request headers

Referer: http://www.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://www.travelmiso.com
access-control-allow-credentials: true
connection: close
content-length: 46

GET ad_request
ads.aralego.com/ Frame 235E 0
0

GET
H/1.1 200
OK /
optimize.innity.com/ 43 B
452 B 1662ms
365ms Image
image/gif 119.81.3.35
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://optimize.innity.com/?pubid=244&zoneid=87315&cb=1623656854451
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 119.81.3.35 Singapore, Singapore, ASN36351 (SOFTLAYER, US),
Reverse DNS: 23.03.5177.ip4.static.sl-reverse.com
Software: Apache /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:36 GMT
Last-Modified: Mon, 14 Jun 2021 07:47:36 GMT
Server: Apache
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 03 Sep 1983 02:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0617
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1

43 B
172 B

21ms
20ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPWBhJ0BMAE&v=APEucNW1PfRnpP6cqwyKkST1VkYCGwUsr6GHp7FDxRWm6q5y88p2ED0VCGpd-iYM-EaaDTjg9Eb2cNSPfhX3eRPQyZ5e4lj2pe8Lg9wz3nAj5VjhcIr6m0sdVselmERdgUsw0f2zwPAMBam5ygikAMqqsF4QrvvS4PZdGxvQLCOfjt3lSZr7cK6Xy3cbeCJ-bRavgwTTxIKFPnsNyG2Ofx0W6u8BYMD_FA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0617
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTdkODUyZGYtMzVlMi0yMGYzLWNjYmUtYTI4YTk2ZTZlNGQ5

170 B
188 B

35ms
35ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTdkODUyZGYtMzVlMi0yMGYzLWNjYmUtYTI4YTk2ZTZlNGQ5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPWBhJ0BMAE&v=APEucNW1PfRnpP6cqwyKkST1VkYCGwUsr6GHp7FDxRWm6q5y88p2ED0VCGpd-iYM-EaaDTjg9Eb2cNSPfhX3eRPQyZ5e4lj2pe8Lg9wz3nAj5VjhcIr6m0sdVselmERdgUsw0f2zwPAMBam5ygikAMqqsF4QrvvS4PZdGxvQLCOfjt3lSZr7cK6Xy3cbeCJ-bRavgwTTxIKFPnsNyG2Ofx0W6u8BYMD_FA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
server: OXGW/16.208.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTdkODUyZGYtMzVlMi0yMGYzLWNjYmUtYTI4YTk2ZTZlNGQ5
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 0617
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESED_B5-lCGwMxEHA-nZ3wqiQ&google_cver=1

23 B
172 B

51ms
50ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESED_B5-lCGwMxEHA-nZ3wqiQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPWBhJ0BMAE&v=APEucNW1PfRnpP6cqwyKkST1VkYCGwUsr6GHp7FDxRWm6q5y88p2ED0VCGpd-iYM-EaaDTjg9Eb2cNSPfhX3eRPQyZ5e4lj2pe8Lg9wz3nAj5VjhcIr6m0sdVselmERdgUsw0f2zwPAMBam5ygikAMqqsF4QrvvS4PZdGxvQLCOfjt3lSZr7cK6Xy3cbeCJ-bRavgwTTxIKFPnsNyG2Ofx0W6u8BYMD_FA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 14 Jun 2021 07:47:34 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESED_B5-lCGwMxEHA-nZ3wqiQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0617
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YTJiMTNlMWFjNjY0Zjk5NzU5M2Y1MDljOTc2MTQ4ZTcyMzEzYTRjNw==

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YTJiMTNlMWFjNjY0Zjk5NzU5M2Y1MDljOTc2MTQ4ZTcyMzEzYTRjNw==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YTJiMTNlMWFjNjY0Zjk5NzU5M2Y1MDljOTc2MTQ4ZTcyMzEzYTRjNw==
cache-control: max-age=0, no-cache, no-store
content-length: 197
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 330C 61 KB
21 KB 33ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e1a9fa84f454175a61ddd8369e590829499c033015438f8788b2e40b02864c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 967 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21293
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H/1.1 200
OK Cookie set stat Show response
nichools.com/ Frame 452D 9 KB
9 KB 59ms
58ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/stat?i=bdsfyu86g9gsdn1e02&a=709b7e811fc940f8135818fd0d1c581f7&cb=5672321623656854479
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=8163ca57d93c7aeddcc5935f01a47d1c06fa4642; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: o4SNdUa6MVJSRSS9_MfqmfmX1OAWDTx0cJi4q6ZXKYNFpyussfmMew==

GET
H/1.1 200
OK Cookie set send Show response
nichools.com/ Frame 1AD1 9 KB
9 KB 56ms
52ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/send?i=bdsfyu86g9gsdn1e02&a=3f44370d5e0a4599fd8739ecf35584f79&cb=2924581623656854481
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=dd47610ad1c0deb7c05eacb6b7a186133a0a310f; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: oXrsAXUYRSaw7yhGpHaEOujkyD-G8wwWHWtHXsuMtZnx9EtL6ydIpA==

GET
H/1.1 200
OK Cookie set async_usersync Show response
nichools.com/ Frame B8D2 9 KB
9 KB 55ms
54ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/async_usersync?i=bdsfyu86g9gsdn1e02&a=308c3bf9c94b1a8c9c7d0e8cf14e2b811&cb=0199631623656854484
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=e3c47ee88cafb8c716efeec695369575357d730e; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: _z_0ONII4hbOEv_hRwAm0Dd3O8yzGvNTRga_n7PAlBkdREU8-b94IQ==

GET
H/1.1 200
OK Cookie set stats Show response
nichools.com/ Frame AEDB 9 KB
9 KB 54ms
52ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/stats?i=bdsfyu86g9gsdn1e02&a=ab6a3b2224aeb0b660adc3acede22dda5&cb=7636781623656854488
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=90bc5c6a6393ac45c835eec5ae9ed52fee960abe; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: 1_TO-OxO0MDJdQgzTHROVBKRBOTuzAWyPg_H6Rn9RdVZWOpoBUlKbg==

GET
H/1.1 200
OK Cookie set counter Show response
nichools.com/ Frame 1EA9 9 KB
9 KB 76ms
75ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/counter?i=bdsfyu86g9gsdn1e02&a=c291520dd1659ed52de4694ec3aafe767&cb=8918501623656854490
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=b9d4b6653ea76f82ca184c61213707467a59ee81; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: ooF1VJZp3NUbebSF4ep-NziArjLi9W1LgJS0DtUkgR0DlWs_Q-QK0Q==

GET
H/1.1 200
OK Cookie set async_usersync Show response
nichools.com/ Frame BD82 2 KB
1 KB 54ms
53ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/async_usersync?i=bdsfyu86g9gsdn1e02&a=3d82bab48f3e81ef9d78200b8f112b5f5&cb=9789861623656854496
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 54336ff1d5ed61951ed1a8355c27220d7411c7e71d8ba74400add71db28e9c36

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=6519a75c80c86b9123a8fab5f6f51a97b6ffe21a; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: JwdwDR-CKdO_p8jddgXpo9-AQlkei-sNa2faZfGWVN05uHcexzUx1A==

GET
H/1.1 200
OK Cookie set count Show response
nichools.com/ Frame B696 9 KB
9 KB 93ms
52ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/count?i=bdsfyu86g9gsdn1e02&a=4515e380c4149cdb47fd7d16b9ee55da9&cb=9180331623656854499
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=740f54aefc659350e18f0fd07cf3b21fd60e6b33; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: LZftRiS6SBpbYpE8vmsSvq7ak_JlIhdZGe1QPqW3mB3pFdkcd1qnzA==

GET
H/1.1 200
OK Cookie set user Show response
nichools.com/ Frame C77D 9 KB
9 KB 101ms
51ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/user?i=bdsfyu86g9gsdn1e02&a=fd303e746d713aa876b41ea7a757f5779&cb=3518541623656854503
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=07483d4ae6bbc9fe416182fd52e286de8291dfa1; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: E-UX8Fx737Bdr18pAbsXVytMpvjq4okz4vG64VzxoEvP6HA9axe9nA==

GET
H/1.1 200
OK Cookie set stat Show response
nichools.com/ Frame 593F 9 KB
9 KB 98ms
61ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/stat?i=bdsfyu86g9gsdn1e02&a=5a0c5fe6acd05e6588763d6a638269b95&cb=1345901623656854506
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=16653de1436ee2dbc8b7ccdc6aab5609df0c1bcb; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: 7pe2Ac8Msfzuo9IVN1z55xJGkr5pQn11_cS0aOAEI9ZoYYD9E5B7gw==

GET
H/1.1 200
OK Cookie set sync Show response
nichools.com/ Frame 3F81 9 KB
9 KB 86ms
50ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/sync?i=bdsfyu86g9gsdn1e02&a=59c79c030777b63a2ca73dfbc20d339e5&cb=6635031623656854509
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=26244bc9f2607a795884d52d482fac5d8fcedd72; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: 6rZOsSmPxXJCYUKvgcvXS1jt06-_vzBcs7AF9gipiWjkqkvVl_UiKQ==

GET
H/1.1 200
OK Cookie set async_usersync Show response
nichools.com/ Frame F11D 9 KB
9 KB 80ms
50ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/async_usersync?i=bdsfyu86g9gsdn1e02&a=639b5843ddce7790664d1bb76d6f796c3&cb=1119641623656854517
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=b94c4bebd4432f7f7275a83bcf1f8b26457d7fc3; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: IFoYnf1yhXUDMSKCy_TL9eIxTr6-q3t5F5hHh2LXyh4C6hl62Txuig==

GET
H/1.1 200
OK Cookie set user Show response
nichools.com/ Frame 1FE7 9 KB
9 KB 94ms
51ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/user?i=bdsfyu86g9gsdn1e02&a=e86995c3ab7255d0309bc17b4d95628b5&cb=7332321623656854519
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2a19a2212a1b385cfc8f7ce51f5b39fba14aa89bcf368032c73a31047eb611ae

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=3c9bc03da0dbef9d73aeda4940006830d8cab43e; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
X-Cache: Miss from cloudfront
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: HyMDDq-8mnoGcJem-nfTNdYsrpTB5MxTdypfjnZBxgvSAnaVNH1Zzg==

GET
H/1.1 200
OK Cookie set count Show response
nichools.com/ Frame 1C93 2 KB
1 KB 115ms
51ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/count?i=bdsfyu86g9gsdn1e02&a=a3470d651e2f2c2242e8d9613fe995515&cb=7543431623656854526
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 75ca39ef98b437ddf210f46ea88f8ccf1265e6457b2b129734978c4a7f4a0ee8

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=7219a336fcdc73b2787d10b64503bb806e8d04f5; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: lkereKpnHH1Q68GzVQN5ZoZyFmYPRqLvgFVhD3RsZ1tHG6GwW9rS9w==

GET
H/1.1 200
OK Cookie set sync Show response
nichools.com/ Frame D316 2 KB
1 KB 131ms
53ms Document
text/html 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nichools.com/sync?i=bdsfyu86g9gsdn1e02&a=85dc0a40cdabdf79cae78dee359d45d85&cb=4261821623656854534
Requested by: Host: nichools.com
URL: http://nichools.com/t.js?i=bdsfyu86g9gsdn1e02&cb=3714241623656853292
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: 2b75059c4cce36b91ba9bdcbe76e561df952706b3ee6af778e42696b39d76775

Request headers

Host: nichools.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Date: Mon, 14 Jun 2021 07:47:34 GMT
Set-Cookie: SSID=66508764e335136a144f89075b8e5977a16ced89; Path=/; Expires=Wed, 16 Jun 2021 07:47:34 GMT; HttpOnly; SameSite=None
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: ySNyuuofiLCLZYdLLxr7nJ4TgJGlwMjuwzqI7B7qnOXNs0Cs7oOE_g==

GET
H2 204 /
ads.viralize.tv/track/ Frame DFAA 0
39 B 21ms
20ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A10%2C%22category%22%3A%22player_session%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%22%2C%22player_session_id%22%3A%220%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22activation%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 656B 318 KB
112 KB 33ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H2 200 / Show response
ads.viralize.tv/t-bid-opportunity/ Frame DFAA 0
83 B 27ms
26ms XHR
application/json 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/t-bid-opportunity/?t=badn&zid=AAC95piwLXRmBuZQ&sid=01ebcce4c3c2baee823f60362394aff1&u=http%3A%2F%2Fb.travelmiso.com%2F&item=NTM2MrlOxTlfWrqK.0.wp0sc1&item=NTQwNs9nJm8x8tBB.2.wp2sc1&item=NTQ3OExxtbZk4FXJ.8.wp8sc1&item=NTQyOBO98FjUSrAS.5.wp5sc1&item=NTQ3OExxtbZk4FXJ.6.wp6sc1&item=NTQ3OExxtbZk4FXJ.7.wp7sc1&item=NTQwNs9nJm8x8tBB.3.wp3sc1&item=NTM4MAXAemnh4ynA.1.wp1sc1&item=NTQwNs9nJm8x8tBB.4.wp4sc1
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
server: uvicorn, Unknown
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: http://b.travelmiso.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK addelivery Show response
ap.lijit.com/ Frame 6049 863 B
2 KB 76ms
76ms Script
application/x-javascript 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/addelivery?zoneid=861814&tid=a_861814_4c50c09387e64f85b0db26e8e13ca7f6&cb=undefined&mode=0&flv=0.0.0&ifr=true&od=b.travelmiso.com&time=07%3A47%3A34&fd=2&be=sf&loc=http%3A%2F%2Fb.travelmiso.com&orig_loc=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fadsp%2F300x250.html&abf=false&dpz=false&cv=undefined&dop=0&ndw=1&spif=true&btid=a_861814_4c50c09387e64f85b0db26e8e13ca7f6
Requested by: Host: ap.lijit.com
URL: http://ap.lijit.com/www/delivery/fp?z=861814
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9a9c7146e32df6664b94fb4c3457638d1dd211da82baadc6e22ae5a2ba8e0f3c

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 609

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame FD5E 43 B
2 KB 44ms
36ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=76&3pid=bd8370c9-d7dd-49f2-bf9c-2093ebaf2f4f&gdpr=1&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame FD5E
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f8bf60c7-0995-4800-b758-2ed4f8994f7e

43 B
106 B

33ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f8bf60c7-0995-4800-b758-2ed4f8994f7e
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f8bf60c7-0995-4800-b758-2ed4f8994f7e
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame FD5E
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=e_FtWX34N1hg8TZfK6AjXCv5bFtg9TteK_iRBboY

43 B
106 B

23ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=e_FtWX34N1hg8TZfK6AjXCv5bFtg9TteK_iRBboY
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=e_FtWX34N1hg8TZfK6AjXCv5bFtg9TteK_iRBboY
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame FD5E
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6644473454147837141

43 B
106 B

25ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6644473454147837141
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6644473454147837141
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame FD5E 70 B
264 B 38ms
33ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=d16dae09-3d69-73ff-f820-9635931e101d&gdpr=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame FD5E 170 B
188 B 39ms
34ms Image
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmQwMjdkYzMtZjQxZS0yZDViLWVkYzAtY2M4YzU5ZmNkZTdk

Requested by

Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame FD5E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1

43 B
106 B

28ms
26ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame 9981 43 B
2 KB 33ms
27ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=76&3pid=c45de574-d47e-075c-056d-9550a6c1db56&gdpr=1&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 9981
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f8bf60c7-0995-4800-b758-2ed4f8994f7e

43 B
106 B

27ms
26ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f8bf60c7-0995-4800-b758-2ed4f8994f7e
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x3
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f8bf60c7-0995-4800-b758-2ed4f8994f7e
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 9981
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=e_FtWX34N1hg8TZfK6AjXCv5bFtg9TteK_iRBboY

43 B
106 B

24ms
22ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=e_FtWX34N1hg8TZfK6AjXCv5bFtg9TteK_iRBboY
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=e_FtWX34N1hg8TZfK6AjXCv5bFtg9TteK_iRBboY
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 9981
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6644473454147837141

43 B
106 B

25ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6644473454147837141
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6644473454147837141
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 9981 70 B
264 B 36ms
32ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=a8b33bb4-3eca-3d51-42d1-23f6de70e404&gdpr=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 9981 170 B
188 B 38ms
34ms Image
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODRkY2U4N2UtZjdiZC02M2Y1LTU3MzEtNzk0ZjE0OTIyYTY0

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 9981
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1

43 B
106 B

26ms
25ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENnoN7NuVQNHTJxipoZm5a8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame F3CB 38 KB
14 KB 39ms
39ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES; KADUSERCOOKIE=482F80F6-162A-4FE9-B10C-9AEFAE12F9DE; chkChromeAb67Sec=1; DPSync3=1623715200%3A174%7C1624838400%3A197_219_201; SyncRTB3=1624838400%3A220_13_3_71_161_22_21_7_56_54_8%7C1624233600%3A223%7C1624492800%3A63%7C1624924800%3A35%7C1626220800%3A203
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29091
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:34 GMT
vary: Accept-Encoding

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 0D48
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEMLGKCDNhxcX5t7v7ITr2WM&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEMLGKCDNhxcX5t7v7ITr2WM&google_cver=1&__user_check__=1&sync_id=ca3b1f16-cce4-11eb-9bd1-1669d4c90506

43 B
548 B

54ms
53ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEMLGKCDNhxcX5t7v7ITr2WM&google_cver=1&__user_check__=1&sync_id=ca3b1f16-cce4-11eb-9bd1-1669d4c90506
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGOzHiqcBMAE&v=APEucNUGPMHtQHlrwzWZBimhESDFk8NVnjDj65NpbfYYS8X0ImCOJc0wxob8obPfIEMly_iN5Y4RlwM5nK0_hIu_j0mWhypM0-Oy3IOLkhUfoXcQC0-_mgtfEgncY2WH85Ons6MRmnmPuGMXFc07b5rsfVd0_-NhWoJN_AdP7e6YS2__JU4d1sg8vrt8v9IdOHSlRCKjLH9sTB-lhWIB-WNy2FncBdBSZA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.125 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 57
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
Server: nginx
Location: /partner?adv_id=7025&uid=CAESEMLGKCDNhxcX5t7v7ITr2WM&google_cver=1&__user_check__=1&sync_id=ca3b1f16-cce4-11eb-9bd1-1669d4c90506
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 127
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0D48
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2ExMmQ3NzMtY2NlNC0xMWViLWFlZWYtMTI1YjAxMzcwMzA2

170 B
188 B

35ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2ExMmQ3NzMtY2NlNC0xMWViLWFlZWYtMTI1YjAxMzcwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGOzHiqcBMAE&v=APEucNUGPMHtQHlrwzWZBimhESDFk8NVnjDj65NpbfYYS8X0ImCOJc0wxob8obPfIEMly_iN5Y4RlwM5nK0_hIu_j0mWhypM0-Oy3IOLkhUfoXcQC0-_mgtfEgncY2WH85Ons6MRmnmPuGMXFc07b5rsfVd0_-NhWoJN_AdP7e6YS2__JU4d1sg8vrt8v9IdOHSlRCKjLH9sTB-lhWIB-WNy2FncBdBSZA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2ExMmQ3NzMtY2NlNC0xMWViLWFlZWYtMTI1YjAxMzcwMzA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 137
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 0D48 0
299 B 10ms
7ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

POST
H2 204 bulk Show response
trc.taboola.com/travelmiso300x250gr-r19505065/log/3/ Frame 6040 0
271 B 34ms
34ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/travelmiso300x250gr-r19505065/log/3/bulk?route=AM%3AAM%3AV&lti=deflated&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210613-7-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 10
pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 varnish
server: nginx
x-timer: S1623656855.787851,VS0,VE10
x-served-by: cache-hhn11534-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: http://nichools.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

POST
H2 204 visible Show response
trc.taboola.com/travelmiso300x250gr-r19505065/log/3/ Frame 6040 0
66 B 35ms
35ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/travelmiso300x250gr-r19505065/log/3/visible?route=AM%3AAM%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210613-7-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 11
pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 varnish
server: nginx
x-timer: S1623656855.789822,VS0,VE11
x-served-by: cache-hhn11534-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: http://nichools.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H/1.1 200
OK pxl.jpg
nichools.com/ 597 B
1 KB 55ms
52ms Image
image/jpeg 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nichools.com/pxl.jpg?i=bdsfyu86g9gsdn1e02&s=783&p=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&rstk=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&h=0543321623656854812
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: /
Resource Hash: af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Miss from cloudfront
Content-Type: image/jpeg; charset=UTF-8
Connection: keep-alive
Content-Length: 597
X-Amz-Cf-Id: APXgm5z2w5Y8Dk5uuLhwKysz9Z2XTBDv9VjDT5LZm5zk26ClkM4Zmg==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4665
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=MzNmYmE3ZDg2YzRkZDRmNzAwMmY5MmEz&gdpr=1

170 B
188 B

48ms
41ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=MzNmYmE3ZDg2YzRkZDRmNzAwMmY5MmEz&gdpr=1

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=MzNmYmE3ZDg2YzRkZDRmNzAwMmY5MmEz&gdpr=1
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 4665 0
0 260ms
25ms Image
text/html 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET

merge
ce.lijit.com/ Frame 4665
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=87&3pid=97ab0b82-599e-49cd-b60d-a0335abf1d5a

0
0

GET
H2 200 cksync.php
contextual.media.net/ Frame 4665 45 B
371 B 643ms
72ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=sov&ovsid=bfd2533ef64fca0d1896e27e&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1023%263pid%3D%24%7BUSER%7D&gdpr=1&gdpr_consent=

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Mon, 14 Jun 2021 07:47:35 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Mon, 14 Jun 2021 07:47:35 GMT

GET pixel.gif
aorta.clickagy.com/ Frame 4665 0
0

GET
H/1.1

200
OK

iu3
aax-eu.amazon-adsystem.com/s/ Frame 4665
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=1&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t

0
0

79ms
41ms

Image
text/html

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

reporting
ap.lijit.com/dsp/google/ Frame 4665
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=MzNmYmE3ZDg2YzRkZDRmNzAwMmY5MmEz&gdpr=1
https://ap.lijit.com/dsp/google/reporting?gdpr=1

43 B
567 B

29ms
28ms

Image
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/dsp/google/reporting?gdpr=1
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ap.lijit.com/dsp/google/reporting?gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p-CXt61zNBpKUt1.gif
pixel.quantserve.com/pixel/ Frame 4665 35 B
210 B 16ms
12ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent=

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

Cookie set merge Show response
ce.lijit.com/ Frame A518
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=1&3pid=3491688392091848070&gdpr=1&gdpr_consent=

43 B
1 KB

39ms
39ms

Document
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=1&3pid=3491688392091848070&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ap.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=33fba7d86c4dd4f7002f92a3; ljtrtbexp=eJxdjjkSgDAMA%2F%2FimiI%2Both8jeHvEIbGKlfSeH2JyqkwX%2BE2%2FRDg40ggNjsh1UG9Wuf17w2KzVW1%2BuJNsic5iMmR0dm4J8Oknyf5dPQL9wOp%2FzbI; ljtrtb=eJwVjckKwjAUAP8lZwNJs7RPXFAaISpRa6voJaQaL1W7HAQV%2F930OswwX8QkGiJvIyavrhQeU0E45tJ7DAAlvrroQjy%2FiUsZoQHiEOxu%2F1GsPs1NC8vAgAQ22s6y3KjMFkbvCmV1qkyuF1plk2njOvcYm%2Fxgi30wdBoi2kc0iQmPqQABRHKaQJT0D9Y%2FNvPqLrtm2zjGU5zZtWqr16c%2Bn49MpKud3Tzf%2Bkgc%2Bv0B84A1nQ%3D%3D; _ljtrtb_76=bd8370c9-d7dd-49f2-bf9c-2093ebaf2f4f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_76=bd8370c9-d7dd-49f2-bf9c-2093ebaf2f4f;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None ljtrtb=eJwVj81KAzEYRd8lawP5z3xiFctEiEraTmcsdhOSSbKp2uksBCu%2Bu5nt4VwO9xdxhW5R9oyrFKLMmEoisFA5YwCIOAU2kiyKHCNDN0hAtef91fDz%2B9pd4LkyIJXdbR%2B73pnOD87uBuNta1xvn6zp7h%2BmMIfPlevf%2FLCvhm3riC4j2mgiNJUggShBG2DN0uBLY7M%2Bfah52k6BixZ3%2FtVcTt%2FX8%2FF44LJ92fnN1489kFB9vTyIqeGajICTTgkLKAzHAiNmBHiOobAiCvr7Bxd1QTo%3D;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:34 GMT;Max-Age=31536000;Secure;SameSite=None _ljtrtb_1=3491688392091848070;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:34 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtbexp=eJxdjjkSgDAMA%2F%2FimiI%2Both8jeHvEIbGKlfSeH2JyqkwX%2BE2%2FRDg40ggNjsh1UG9Wuf17w2KzVW1%2BuJNsic5iMmR0dm4J8Oknyf5dPQL9wOp%2FzbI;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:34 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=33fba7d86c4dd4f7002f92a3;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap7ams1

Redirect headers

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=3491688392091848070; Domain=.turn.com; Expires=Sat, 11-Dec-2021 07:47:34 GMT; Path=/; Secure; SameSite=None
location: https://ce.lijit.com/merge?pid=1&3pid=3491688392091848070&gdpr=1&gdpr_consent=
content-length: 0
date: Mon, 14 Jun 2021 07:47:34 GMT

GET
H2 200 cm Show response
us-u.openx.net/w/1.0/ Frame F24F 776 B
783 B 23ms
23ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 849f80d3deab64d5414fa18b9e99def801aa5a8cc1ec09a9a20b288b720a65e2

Request headers

:method: GET
:authority: us-u.openx.net
:scheme: https
:path: /w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ap.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=581bbe4c-5512-41a0-8388-30db38231944|1623656853
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=581bbe4c-5512-41a0-8388-30db38231944|1623656853; Version=1; Expires=Tue, 14-Jun-2022 07:47:34 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1623656854|gekin0vNiygu; Version=1; Expires=Tue, 29-Jun-2021 07:47:34 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.208.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 14 Jun 2021 07:47:34 GMT
content-type: text/html
content-length: 478
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 59A7 624 B
297 B 20ms
18ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPqVhZkCEJaHo5kCGOuF4Z0BMAE&v=APEucNVuA1muoa1OB68-0dp_0XVvniAiQv-FeV_SGa8UiLUZ3MclZBY8T50yk9Hqqg-Whul5mXt19OEDCyXd48U61rw7cH0ukONvysXhrk9IRT4KxZOq00ofN4af9glSXt_nlMo13aKFBEWQw1t32rbw72KV-Ga9iYUajSLSAHcXo-kF7ToOaFs

Requested by

Host: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPqVhZkCEJaHo5kCGOuF4Z0BMAE&v=APEucNVuA1muoa1OB68-0dp_0XVvniAiQv-FeV_SGa8UiLUZ3MclZBY8T50yk9Hqqg-Whul5mXt19OEDCyXd48U61rw7cH0ukONvysXhrk9IRT4KxZOq00ofN4af9glSXt_nlMo13aKFBEWQw1t32rbw72KV-Ga9iYUajSLSAHcXo-kF7ToOaFs
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkpZODAUmN0LQ2pjqI7j5sl5jBVGheRycTPIj29hCRFVKu42-LIT_x4e8TayAA; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Jun 2021 07:47:34 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2321 103 KB
27 KB 58ms
56ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cotw3kFu9realDPpfhQxwbX75kqevgUrBolnDLp5bWZiHVaXijAd5T78hYowrQCPv8vA0O2GcZqg8jpnrU4ISLac4nRSEds5RNcdsVqybn6EBWCsToOfpc_CFqOA3HPN_W4wthQHvXFULu2ArbymhHqZmqnw&dbm_d=AKAmf-AFiWqpF_GrI39CvesWnjc0ri5_DAO6-_bVJ9xqX9VdZI-URho81GBDVdlhSoMlYG0o_YYOMH9JgstEdAZUrpQrd3KXHr5gNWP7Zo2BcCiPAXrG5_pvbWt-mNOfF4vFoHB1yj0jC0ed8e1F_YVm0D44zc1ghGWnoc1U_ZN7KSBsPQGsx54zllLmtsCO2P-AAihhkqx8ShZp54MtiMcZCVYPLL12ZBeCtd05aVzfu6ElnJf812upSEgApgU_rfqz6UHmZ3NtQLBZlRnE1BfESDMOlY_bs6M12dlYAe6KxJDq_iU3hHTOzGsTP51WYXeN7KBEMzn_S_li2MBB7R6C0rufO32Ch7_wA1_DZGw3uy6cTsdvtQvuiEQVVw_wLlJBmwfjXm1OCQfPWwbh8KMbm1BzZ4hEdoua50jzzh3dLRBua9Ii7jyDKXvyG-1B1oJY8zkb884_RTWkTFDGPf3Kr3vPw6rpOWE6SRvdWGCUn7LwN6c-eEre98KIqcE3rvnwOxdgJ66Gt9KxbJSvZr9UpvJOWYm8J73WQYiJVZsoZtRdCr5WoG7_NytO1Yaw1hgd0HzXm1mYPCPIQxNheWKB-xl3874Qj0xGIWEiq5QOtR5XMut_-5_JIhiJJEHUF7lz7Fypw7tY7uYGx51Zq4GC-YSBxd5mqdv6N1Hu-sg4r2feZIUd-Y4tApGjJtxe04rIZWMKVnz4EFFDBw4msN1x-CRwnk_zexCTElvDGeG7Xf7NFTVPi15dacqTiSK4o6E4p6LtAuzTchR464Qli_OxvrBWrZgussJs-okqpKggJHGIurP8-YWlusipo1URTsItNTyErZo4196o8xsOHXyT3OG7nj1k1L9JJGXoYIuIMVYr8PWUoWRT28DRiR66hP3zKBl5s5WO6r5a1lipHwE3AF9G9MLEdf5z7a1LnavfHJEjflxb3KzrIgGyiItGvuOlQL08wMFGfLL-QO0dYGMactIA8BMdweCXfsKEJqBzWc8mRIReZD3-EC2ljiFfKylQPOETIdcfMi23OiEs5b1Xl1YmhrWd9MMCwLQE_HbW4sO71UpFqU9amK-wMdWTRSNZxzhgxBLgGro8IH-OZGYoYuZMXuIljVAfxoZDGM-suoUJKTPYfrHOhwyrZ50MAQCItDeQ_nz9nWsGZmRZrY7FP81lRvjkpnU1HvBiJv0GJdKdnqMWbBknPVTMZYfO2M_mEkq0sMJD1PSV70YV3GNttkH2FEaBxuwxk_ofsxP2dgQKBley0B6ixAWsPM-lHv19nXHAbd9FFnygsStzvfZmCd29UA_tl3Mrs5MRs42PgWbmVxZjT9wygdao9DjzKz3T68YKU2HvLCK8UVwQkR4L3s3qajiKmJjv5JZzkyT3u7MG_TntNd5yAiZxlz1vBaUc4XwDK-79zQPjMd_ucKIZB4RN7lSB4fUemE4_uyOKUusBlLm3Gj4LsS6EHbP-Hd7aOlwHz0iA9TxLGzSqr4dFCNSN3defy283b94zLXo3NJHBTwmxPbt47JvFeOEYOnXM_-beHYY4K8ulhgO3MU5IRnVYNrw0g-h8nLCTzVhezvgDL3aASpZ0aK8I3PZXN3WpLKpQXk-a-N9jxub76Ty4Q1tXIiRTqDvcxrAszyaQ-O1leF8-S7_eoqVIbptLVyWQmjk9Iv89-HLP9c7lrfY602NOxtx1YHrNr5RKpbtQkPglxfFtffGGjWyuWGqC2c1mMVWT3RQQjtD1XPuV8zPgWZO9qU8OLNYg_1N6SMjNUcTorilPFhwiqVQSwgjUlb1ttKy1kLdjN7IAYYa8y_qicoigft5_zmRCeXfZf8FdoCbqLwlUxEDAwfhSzTvDxnIvYxuZWGU2LbAxODCc2Qy8v8zXEGDXTMYnSPLFoU2rjwuzOGct9C1bjb9l2NThqnTKU8mqHfxhXABCYcc72pW3xXCgTJwbZ9j327NnzY69jebq22gdnAbX2A3WmmznTiAuvSA-kWveAaMc7FehaIdtTGGcYjhHUnqGWVo0Uy7ebLDdQw7pyqnCOZmuYFi65uNiaaxhGzYo4DBRaRdRbfvJleSoBIHocgprEOdfD-YxJ0z77VqF8OEl6StfDPWR35kPDIFia6Zghijn5U21jHfVZrxX8iOxSYJCw1cNc0-WfZQwrjxjYUBnUtMb1CL18JbE28D9WxzAcgwxg_aj5f8FcqFjnALvw1cBNpqMZ_5J_QiwJs-VViGnZxW38IeWxUnvdHEKYX1lSecqeyYd_qzmvbAvnSfa-azA07gJQRcTzJ2RbFuCl8jf2o8ZkYGvl6pZajWN0C1I-aGsssw4KBQygh1ZlpnKxhssb_8fku0-3Nv_shAEOYnF53L_O-Y96BwbRkJJFwgh7FGAvoxpv1w51lSZW71zrm-XrVhSIk3ML2GqhRTHqNW7AdgCIzMjbv47jTSdFe2g80so2HuAqCM6SVTaVpt2GTt4JGaXq6Lopv4M_BPXSb_0Gbln-sTGJ9yeHSztwHQYh09vu3oe7QIYxDMFiP_FeLxoiR7FLdzO1ft-nGTTDETd5N9OLOkvqnHighePeIvVdhqP_wQqq7FcA8NG52tm1xQXVg8HJTb32EsqaPjS2jQtjEW0Xo8P3CmJ9akRs-iIsSiQCyjjVXnRwuYui_fr3w7bM2sg8MQ6oNDkPpTLHTibFAui4MNfTJnZm_IxiKCCMXnkY-vWHqzoeE6uHvIuTmsuQg366wn76AfipRDBU2zXltpBnKOEsKLTNoJJHS1Ho-VrTUSZPMC0DnMc2hYg4VW_k0FViN0hCuV-NMTYn9fR78gSoF4Uwi58LppKrK3hTcoQAexSZhq3UxWNsINkWNibl-KZj0gHAu1NjkeaDqiaxwjjdDetLzeUXpYo511_F3XRnG-S-lURrupm19cV-HMBbEPmMHUk-Mo_KlphLGYlFmvj_jK2JLjBJhAC4PB9rFSPlwxasTiRv_hTbwX7kd46iQlgeTBQPsSGjvjk6fyQ3kMs7a2DAlAUBa7y7wb5VFdrshMlryzOMmxGmuRsrBVnFBbIS44lzxmuXXwtCe8E7f5Bq_bXUSDC0lopALUGbhM9O_rzavUq78h6Y94CVuKBdVRE9F-CxbZ346ZFRtWlAo6mg5mjiFsuiiilDkpkejhlRAV7trpTZlLjk4Tj0DaHsrGJWTj0EELFAvNL5kFuZF87dA3o9NYvapIF6etEDTP_qoFFTwga3dUlFTdC7W0gjV-dpvA6oGcUC6zJNOo&cid=CAASEuRola203k65bFQvwLsq7DU0lg&rfl=2%2Chttp%253A%252F%252Fb.travelmiso.com%242%2Chttp%253A%252F%252Fb.travelmiso.com%252F%240

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e5c0f3e61928d443087fefa6bc55ff4f440d01d85fcf9b496e7acc5cfd617e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27386
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2321 42 B
63 B 18ms
16ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DxRSz1v9TMxep1bhBaGz06htpfTjOa0_AVjlDvmEFVxqBpVwL00OcKKDwV7rxVP89bW6Qe9cSxjoqE9mrJVJodeK8jrimDfBmwn3kpXycSLw1_M4A

Requested by

Host: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 2321 2 KB
1 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:48 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2321 122 KB
37 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 2321 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:12 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 2321 0
0 17ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTpajkB_wnFJtVHLdJEyqPG1s9hXpX68owM5ZbqD0cM34gYNEJVx7GYVP0zwPntraXkruCYCQ1pv6XYQUuvUsCZvJNzEg
Requested by: Host: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET sdk
ads.aralego.com/ Frame 5409 0
0

GET
H/1.1 200
OK ad-exchange.js Show response
gamma.cachefly.net/js/ Frame AB7E 8 KB
3 KB 16ms
16ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: http://gamma.cachefly.net/js/ad-exchange.js
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/728x90.html
Protocol: HTTP/1.1
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 8bc47888d38c629485975fa1e1f57bf5166fd24880bebf2fdaa4ccd190313f47

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Encoding: gzip
X-CF3: M
CF4ttl: 604800.000
X-CF1: 16114:fB.cdg1:co:1615366953:cacheB.cdg1-01:H
Gamma-CDN: srv_178
Connection: keep-alive
Content-Length: 2563
x-cf-tsc: 1620771469
X-CF2: H
Last-Modified: Wed, 10 Mar 2021 07:30:07 GMT
Server: CFS 0215
X-CFF: B
ETag: W/"6048757f-1eed"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
CF4Age: 0
Accept-Ranges: bytes
Expires: Tue, 15 Jun 2021 07:47:34 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 2748 61 KB
21 KB 33ms
33ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/vls/728x90.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e1a9fa84f454175a61ddd8369e590829499c033015438f8788b2e40b02864c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 940 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21293
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:34 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/9229046/1612520417718/300x600/ Frame C7DA 4 KB
1 KB 13ms
11ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9229046/1612520417718/300x600/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1501061da5edd9c9586656870f5670ec13fd835e13953f1c75354b39674c55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9229046/1612520417718/300x600/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 1493
date: Mon, 14 Jun 2021 06:02:03 GMT
expires: Tue, 15 Jun 2021 06:02:03 GMT
last-modified: Fri, 05 Feb 2021 10:20:17 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6331
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CC50 0
61 B 43ms
41ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstW-eN7f3xBNUDp8E2c0uDYIlLM8oP3zaXH_M1uiu9DPyS0Qb17J-cztWzLqouxTBIQvGRBPUBeJY0HKErardE_IjvsKTKw-zVQ1N45QTEVUAmkJPCgBVj26bJkJMVr0P-YAzf2zdmDgtHqMcO0lVyhPsj8KtytcVlTDIKmWMnhyYkBqZdJn8e7bZMaqcxsaKlkCi7gi3ZuVirg7h2__9QqJndhDHTvpUfJ88LDdk0GVkGeOm3FI1S2CF7RFxk4G6KN2fTXmfN1lWhqWmTPhxmFZdTqhTbc6BLPc7TfhsZiz987iKVfdSd7LeQzLn4UzofyaHiwlxY9QBmUNZ8TucZ2J3cM7tCScoLd_n9FdO-7oVoRmJgppbN6QPdp6dh9mehVEEA9MegdPgFNVfKkMLP6nWzu3w0_SshPB6MyHfZi7dZIvH0DhFX5IbR4xNwO8nq_DXYwvwer3RyLSjZuBwjLSjdq3-zZNsacdNyjlFnCutQqzC5zu4Fnu3mf_proSjWriqDOi8UCLxl1uXwqE3zBhbLyBlTz2qkCUlXF-xpGsI5AuPgbJBWaBQ3OLTS2MLpAsBj7sGiR4Kc9E3YXjg0LwwP5tF4dI7qw9jqN-WM1aL72Zywfm4D3fgC_RW-qsLGoiTit0n3Z5JtTdmWnP_JYOzyu8Eegh0TZtr2A0wFmnUld3NFVZmoxsbTAHimtZNegPtI3zUF5ULRwdkuqlgyOr9M-Ij_fSEIomeD-lnS623w6bDQFHKZzgOiQZi0sRC2WEbM9pXoA-V340QpmNVJnspt2hT58ATB0Rz0VmuvWLRnAqh-lAapeBWTqEPW_xaMxycZqEU4qfb4CpipnSqtVMw1WdAS2TAiV1NOES3FkR8K9MNLHaKsnZgGcxq6WXHm8PwH6k-Py91v3czWZvdhQUYrYpAFJJRgjzW6QRv6hytbYK9XsSZgwBHOqeH3n89bcBN1ChoqGPAPxftwtQ3Imht5BYnpMT7K2Noq3kOJDXbV-9WoIU-h3eTBttX4BKeR4_fJ4Bkhj5pzJG_upXO9TOWogz7-bznlUds16xJoSd7GAQJ8x61OqUWaZeWxfvgBTGqkXjHns-cmFf70xAyGVdfgD24G4GLiUka6XdIA0W3_iuC-sPNsH7TnCskfe2KWECkx6h9lE9rZtxrVTvKli4q01zPSlLH9glnZi9ft5r5mgrJJJQB3tWuvsdCATdDrV2efwPdOyBROiJPrF30VWCB87hTPcdcYHwqBNW45JM5T545njL2Fd7mhBiP0a73x9b1GxTmfyC1oSkJkiMwWZzzepgqFUJyf_&sai=AMfl-YRNUv8H1VaTe52nhigmDVMF0u2H3luV-S5vGkyApP-t1n_g9e5pNgaKmoIre2x3OMr5QLZw3xaw8-1c3gFTuU7aREOfD_F9SBLor1zR0sTORAx1p7b7CC95yyT3jSgPAtXKemxkBfqyZgl7DcnQjkD5F73f3XTIiPa9sX0RKHK9d9-7nMNDtA&sig=Cg0ArKJSzIHU0-wHugH1EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1159&cbvp=1&cstd=1158&cisv=r20210607.71515&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Jun 2021 07:47:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame D5B2 12 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4329
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D35B 783 B
533 B 17ms
16ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1364e2d5ae1eef51e154296b556f12cac32bcb34dbc6235928c97c5e0017c807

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jBzfZBkYQJEUw/n2bYkQZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:34 GMT
date: Mon, 14 Jun 2021 07:47:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-jBzfZBkYQJEUw/n2bYkQZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK ad-exchange.js Show response
gamma.cachefly.net/js/ Frame 54BB 8 KB
3 KB 17ms
16ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: http://gamma.cachefly.net/js/ad-exchange.js
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/160x600.html
Protocol: HTTP/1.1
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 8bc47888d38c629485975fa1e1f57bf5166fd24880bebf2fdaa4ccd190313f47

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:34 GMT
Content-Encoding: gzip
X-CF3: M
CF4ttl: 604800.000
X-CF1: 16114:fB.cdg1:co:1615366953:cacheB.cdg1-01:H
Gamma-CDN: srv_178
Connection: keep-alive
Content-Length: 2563
x-cf-tsc: 1620771469
X-CF2: H
Last-Modified: Wed, 10 Mar 2021 07:30:07 GMT
Server: CFS 0215
X-CFF: B
ETag: W/"6048757f-1eed"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
CF4Age: 0
Accept-Ranges: bytes
Expires: Tue, 15 Jun 2021 07:47:34 GMT

GET sdk
ads.aralego.com/ Frame 50DE 0
0

GET
H3-29 200 index.html Show response
s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/ Frame CB25 157 KB
24 KB 9ms
8ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e082fc0a94d6c9c7c255f03a633dbba389298e6f20b92ba12bb8b7f901c8e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 24548
date: Mon, 14 Jun 2021 06:54:09 GMT
expires: Tue, 15 Jun 2021 06:54:09 GMT
last-modified: Fri, 30 Apr 2021 09:04:04 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 3205
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B511 0
61 B 45ms
44ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuBjOAgkkS_aPmOPWX8nWV7tpSVnftmSbzqcsOOaIzYgZuJd95SB0hCEWoUG6orwQCw83C2Gd75oddEZRhNqao2XbkmIlqvX9XOZaOimLZQzDeXTkiKI5aEoiufQLA2Japo4uUJZspvg3d6FipjrbD1-fenQzHNz9KgDMrWSS-FmGUY8hRQYe8zyBu_f7HJz_b1qH7NJU_CEdnLiBr6_b59RNBYQq_W-zRTU9QGzc7t5U6wqHUgfXiiaR9ZALl87cZFNCJ2dZ0ZzxF78NBYgbLWNV8eO_QE_vzNqHjQ0C2BmH98T4LyeMfpbcS0x7weAfs-7LbbqIvaMM3lf-mL6PQ8JNeNqZdxyug5K2FwaMTbAg4JE6IMct72vBadmjYgSrFFeL34P8ld-qoPeOMfYn128UaTHJAGXCGRM9GDFmVTirNc0HmMGMM1plPgAlotfhZJCtmuOJ_p1EvuSCpnZ1PuwCXu8q-kwjBiSSk6D6SAgNHo0VGvAgfIqnC6e9wELt2Wkkz9Y_5u6YGP1RBw1x8Eo2vGlJ2BbDdLft1hMKSb1FDXDIjgJGhiwVnkomlpDo9UEKLsgPN52rPDg1FgfqWkGyYcNYst7_2FNxGMcNotixNEtn69i7964fZl92zTeoMPUuRaVHT48WqVusLy3KmjRUQWccuvMudj1a8BuHmdZ9l3W-nYoW4uUjnPEkTzcXp_DVdrl_BvwYWt8EzGISXhhzzVuqBwXsMw6Pd61CDBwF5Kba8n13Sj6rU3ltlNpTl3_UFPa0-Yeb0VJ74Kp8GJ7OO9C0oiutAWEK_WvkCB_a11FzhvFZhoQn-xUJ8F-qbvdb6_GssBqIQAQH5VSURsXff0THM5B5x8nWqwijIxpwkT9EShP73TT8hezxE0ykHP4fE3_hd4GZuOpw9IGU5bhWXJ2JkZAl60Nnj_Iuw9e7JoRjrEzfrhdjTiqgfMWHwSHqT_igZf3jaWPcNl0lsbapCM3KOzZDnDi7keS8F-EHaB0yjE50FHAvn6JuZL92K8yzbQs9rcavuy9jnrr_A71Sd7SkqTzd2i0KpZN2U6kPELzuW8x9Eve0q8VcBUBInbYhJxfX5FJyWDVA3Gg8d2nSdMiSOLX7z8dLuZUwJAyseagXoKWnhBIPoGgqDy9hZkTQ8WqV34l6E0R1TKtPigki37l-AVVKobvidfZnhwAqjlPaeqLZlQuJE9AK6FvqC81SypEA-PXLv22Xqd-m-Ey0i1lYO6afsM5jCDbB-byZHHmeyWGjAJ0F-JutimVYIf3Wza5Xjn8f6Fpmmn3yZWL6yMNyIGSISA&sai=AMfl-YQwVX1PVXlSiu_s9X-fEjfMDKyQmDVoF-w8o2QfD1yiLmV6EtSpnjKZ8m8_r06uhuQ69BxbRjPjcIaiEmCO0jwp8HzKwtIQagVgFAZJJEnPFin5ZDfcHVrPMYxBpqW4GZ0qLpndqFQLU3Om7R-rgYCpow78K30ESAfBLV1QRe8iXLKv7vAq3Q&sig=Cg0ArKJSzBtlflAR27BIEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1099&cbvp=1&cstd=1097&cisv=r20210607.17636&adurl=

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Jun 2021 07:47:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ Frame D0BD 107 B
165 B 20ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame D0BD 107 B
122 B 21ms
19ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D0BD 330 B
169 B 63ms
62ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2942803774181730&correlator=4448592424213790&output=ldjh&impl=fifs&eid=31060784%2C31061040%2C31061278%2C31061289%2C31061429%2C31060976%2C31061410&vrg=2021061001&ptt=17&sc=1&sfv=1-0-38&ecs=20210614&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cdm=cdn.aralego.net&bc=23&abxe=1&lmt=1597133702&dt=1623656854938&dlt=1623656852219&idt=2681&ea=0&frm=24&biw=-12245933&bih=-12245933&oid=3&adxs=-12245933&adys=-12245933&adks=64515409&ucis=1tv0li4fdtrz&ifi=1&ifk=923963767&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2Fcht_cookieSyncIframe.html&ref=http%3A%2F%2Fb.travelmiso.com%2F&top=http%3A%2F%2Fb.travelmiso.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x-1&ga_vid=172584101.1623656855&ga_sid=1623656855&ga_hid=2145090282&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

950927611e6c41cde1a517e094f34030f565ebd444035728c0ea02bb5caefa4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
8d74197152eb8dd8e0db39091412e4bc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D0BD 0
0 152ms
53ms Other
text/html 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://8d74197152eb8dd8e0db39091412e4bc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 204 /
ads.viralize.tv/track/ Frame DFAA 0
39 B 22ms
21ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTM2MrlOxTlfWrqK~wp0sc1%22%2C%22bid_opportunity_id%22%3A%22NTM2MrlOxTlfWrqK~wp0sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTQyOBO98FjUSrAS~wp5sc1%22%2C%22bid_opportunity_id%22%3A%22NTQyOBO98FjUSrAS~wp5sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTQ3OExxtbZk4FXJ~wp6sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3OExxtbZk4FXJ~wp6sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTQ3OExxtbZk4FXJ~wp7sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3OExxtbZk4FXJ~wp7sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTQwNs9nJm8x8tBB~wp2sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNs9nJm8x8tBB~wp2sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTQ3OExxtbZk4FXJ~wp8sc1%22%2C%22bid_opportunity_id%22%3A%22NTQ3OExxtbZk4FXJ~wp8sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTM4MAXAemnh4ynA~wp1sc1%22%2C%22bid_opportunity_id%22%3A%22NTM4MAXAemnh4ynA~wp1sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H2 204 /
ads.viralize.tv/track/ Frame DFAA 0
39 B 22ms
21ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTQwNs9nJm8x8tBB~wp3sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNs9nJm8x8tBB~wp3sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A1%2C%22category%22%3A%22bid_opportunity%22%2C%22session_id%22%3A%2201ebcce4c3c2baee823f60362394aff1%3A0%3ANTQwNs9nJm8x8tBB~wp4sc1%22%2C%22bid_opportunity_id%22%3A%22NTQwNs9nJm8x8tBB~wp4sc1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22bid_rejected%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 img_general_main.jpg
s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/ Frame 5AAC 61 KB
61 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/img_general_main.jpg?1610928118441

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

680bb1d39f5e49b6c23855a5a390b59f4d67291bdcab0991dc46fdc158cb307c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 14:46:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 19:30:33 GMT
server: sffe
age: 61255
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-doubleclick-media
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62110
x-xss-protection: 0
expires: Mon, 14 Jun 2021 14:46:39 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame F846 0
23 B 75ms
44ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame 931B 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 931B 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 931B 357 B
197 B 169ms
169ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1159611892736501&correlator=4440818611720004&output=ldjh&impl=fif&eid=31061290%2C31061300&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=53015287%2Ctravelmiso.com_d_300x250_2_dc&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=2&cookie=ID%3D9842d1c790156ac0%3AT%3D1623656853%3AS%3DALNI_MYNulOH7WK5gSvM6-OiGmK9WCRmAA&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1623656854&dt=1623656854994&dlt=1623656853464&idt=1520&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=619&adys=265&adks=572549779&ucis=vh020kjrz5rp&ifi=1&ifk=1259373216&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=3&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fyl%2F300x250-btf.html&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=541635362.1623656855&ga_sid=1623656855&ga_hid=259190995&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f49baba696ddae223df66f439baea0db5742b2e352cbfd76525bc11834fe7d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 157
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
2c9456fc428aa44964903d578c6f33ac.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 931B 0
0 147ms
51ms Other
text/html 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://2c9456fc428aa44964903d578c6f33ac.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 931B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4f24115f931bce6b8d02110e17a738ee7a5202d4a3a3747b923820a4cbea1ba

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 pubads_impl_2021060901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame E074 326 KB
114 KB 45ms
33ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 08:43:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116890
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:35 GMT

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 5B94 318 KB
112 KB 36ms
36ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

media-router-flurry71.prod.media.vip.ir2.yahoo.com

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:35 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 8397
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=33fba7d86c4dd4f7002f92a3&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=f8bf60c7-0995-4800-b758-2ed4f8994f7e&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=f8bf60c7-0995-4800-b758-2ed4f8994f7e&gdpr=1&gdpr_consent=&dnr=1

0
1 KB

37ms
35ms

Image
text/plain

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=3&3pid=f8bf60c7-0995-4800-b758-2ed4f8994f7e&gdpr=1&gdpr_consent=&dnr=1
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=3&3pid=f8bf60c7-0995-4800-b758-2ed4f8994f7e&gdpr=1&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 8397 0
239 B 506ms
98ms Image
image/gif 8.43.72.98
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 1c34e56f66d325760e494cbb7a93f50f
Content-Type: image/gif

GET sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 8397 0
0

GET

merge
ce.lijit.com/ Frame 8397
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

0
0

GET tum
ums.acuityplatform.com/ Frame 8397 0
0

GET
H2 200 p-CXt61zNBpKUt1.gif
pixel.quantserve.com/pixel/ Frame 8397 35 B
210 B 13ms
9ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent=

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 8397 0
0 4353ms
24ms Image
text/html 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D899 8 KB
3 KB 50ms
45ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ap.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES; KADUSERCOOKIE=482F80F6-162A-4FE9-B10C-9AEFAE12F9DE; chkChromeAb67Sec=1; DPSync3=1623715200%3A174%7C1624838400%3A197_219_201; SyncRTB3=1624838400%3A220_13_3_71_161_22_21_7_56_54_8%7C1624233600%3A223%7C1624492800%3A63%7C1624924800%3A35%7C1626220800%3A203
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111759
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:35 GMT
vary: Accept-Encoding

GET
H2 200 0608867b Show response
rtb.gumgum.com/usync/ Frame 81D2 4 KB
2 KB 34ms
32ms Document
text/html 34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 19da6fdd5322045292135a2bd88d86a9e3f87ed122556f560ba7fc2aa678cb41

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ap.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_65463c6f-29ae-47b2-b01c-f64a87d3e3cb; Domain=.gumgum.com; Expires=Tue, 14-Jun-2022 07:47:35 GMT; Path=/; Secure; SameSite=None
etag: W/"0abdf755ea335a8c8b34d0d035dd5cf94"
timing-allow-origin: *
content-encoding: gzip

GET
H/1.1

200
OK

Cookie set merge Show response
ce.lijit.com/ Frame 56D8
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=1&3pid=3491688392091848070&gdpr=1&gdpr_consent=

43 B
2 KB

37ms
35ms

Document
image/gif

216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=1&3pid=3491688392091848070&gdpr=1&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=12205132
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ap.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=33fba7d86c4dd4f7002f92a3; ljtrtbexp=eJxdjjkSgDAMA%2F%2FimiI%2Both8jeHvEIbGKlfSeH2JyqkwX%2BE2%2FRDg40ggNjsh1UG9Wuf17w2KzVW1%2BuJNsic5iMmR0dm4J8Oknyf5dPQL9wOp%2FzbI; _ljtrtb_76=bd8370c9-d7dd-49f2-bf9c-2093ebaf2f4f; ljtrtb=eJwVj81KAzEYRd8lawP5z3xiFctEiEraTmcsdhOSSbKp2uksBCu%2Bu5nt4VwO9xdxhW5R9oyrFKLMmEoisFA5YwCIOAU2kiyKHCNDN0hAtef91fDz%2B9pd4LkyIJXdbR%2B73pnOD87uBuNta1xvn6zp7h%2BmMIfPlevf%2FLCvhm3riC4j2mgiNJUggShBG2DN0uBLY7M%2Bfah52k6BixZ3%2FtVcTt%2FX8%2FF44LJ92fnN1489kFB9vTyIqeGajICTTgkLKAzHAiNmBHiOobAiCvr7Bxd1QTo%3D; _ljtrtb_1=3491688392091848070
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:35 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_1=3491688392091848070;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_76=bd8370c9-d7dd-49f2-bf9c-2093ebaf2f4f;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None ljtrtb=eJwVj8tOwzAURP%2FFayz5bV9EQVQxkgGlbZpQ0Y1lx%2FamQNMskCji33G2M%2BdoNL%2BIolvEBVBlDAdGgBphiCboBnFVq%2BwZVylEmTGVRGChcsYAEHEKbCRZFDlGVmkBlZ73V8vP7%2Bv2As81A1Kzu%2B1j17e280PrdoP1rrFt756c7e4fpjCHz1Xbv%2FlhXwnXVIkuEjWaCE0lSCBKUAPMLBt82disTx9qnrZT4KLBnX%2B1l9P39Xw8HrhsXnZ%2B8%2FXjDiRUXi8PYjJckxFw0ilhAYXhWGDE9SvPMRRWREF%2F%2FxXhRkM%3D;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:35 GMT;Max-Age=31536000;Secure;SameSite=None _ljtrtb_1=3491688392091848070;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:35 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=33fba7d86c4dd4f7002f92a3;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ljtrtbexp=eJxdjjkSgDAMA%2F%2FimiI%2Both8jeHvEIbGKlfSeH2JyqkwX%2BE2%2FRDg40ggNjsh1UG9Wuf17w2KzVW1%2BuJNsic5iMmR0dm4J8Oknyf5dPQL9wOp%2FzbI;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:35 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap7ams1

Redirect headers

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=3491688392091848070; Domain=.turn.com; Expires=Sat, 11-Dec-2021 07:47:35 GMT; Path=/; Secure; SameSite=None
location: https://ce.lijit.com/merge?pid=1&3pid=3491688392091848070&gdpr=1&gdpr_consent=
content-length: 0
date: Mon, 14 Jun 2021 07:47:34 GMT

GET
H2 200 getAds.do Show response
ads.yap.yahoo.com/nosdk/wj/v1/ Frame 5F27 291 B
300 B 198ms
54ms Script
application/javascript 212.82.100.146
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/av/yap/ga/yap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

212.82.100.146 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

911ce74c632a59217dd42b1a3412e0701fc2468f44e0b99e9756d5cdf87479d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding, User-Agent
content-type: application/javascript; charset=UTF-8
strict-transport-security: max-age=31536000

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 92BD
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEECHPoHxMafZuBfIc1d_7LY&google_cver=1&google_push=AYg5qPImi_iXnsjwNBi1qq8T6xeUvJ5Awi3tpY7CdvZef-diYGF8xUCPURaOkbHiCiTgf7t0xGWpgTuxhRmmJUZpgt018rKHo40
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzQ5MTY4ODM5MjA5MTg0ODA3MA==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEHRIukIEyaSmctHlRsUgdyI&google_cver=1

43 B
407 B

17ms
15ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEHRIukIEyaSmctHlRsUgdyI&google_cver=1
Requested by: Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEHRIukIEyaSmctHlRsUgdyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 92BD
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESED9fFlgYDgWg0OovbhgfoGg&google_cver=1&google_push=AYg5qPIkDOKKWtO9JWdWwiGN7PXXe0kvQbiZxjXreQA3VoNxCAkhqZIVYW...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIkDOKKWtO9JWdWwiGN7PXXe0kvQbiZxjXreQA3VoNxCAkhqZIVYWcUSqSx2XrjFt98HjlS--hh5XT9mJAJrC1mNzMUKSc&google_hm=htSkd6B...

170 B
188 B

37ms
36ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIkDOKKWtO9JWdWwiGN7PXXe0kvQbiZxjXreQA3VoNxCAkhqZIVYWcUSqSx2XrjFt98HjlS--hh5XT9mJAJrC1mNzMUKSc&google_hm=htSkd6BZLsFLjIQXXjMw9g

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIkDOKKWtO9JWdWwiGN7PXXe0kvQbiZxjXreQA3VoNxCAkhqZIVYWcUSqSx2XrjFt98HjlS--hh5XT9mJAJrC1mNzMUKSc&google_hm=htSkd6BZLsFLjIQXXjMw9g
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 92BD
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESECxZB1lZvoiUlPhkWaCVhO4&google_cver=1&google_push=AYg5qPL7bleziQzqFtoEOKAItgFr7JzHf3aQX6M62KFVYRfVLuEydcX0jmIDIpAoBIWzoXLtsonWD2wDp0LhHLRw7R7Dsv8vi-c&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECxZB1lZvoiUlPhkWaCVhO4&google_cver=1&google_push=AYg5qPL7bleziQzqFtoEOKAItgFr7JzHf3aQX6M62KFVYRfVLuEydcX0jmIDIpAoBIWzoXLtsonWD2wDp0LhHLRw7R7Dsv8vi-c...

43 B
387 B

170ms
162ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECxZB1lZvoiUlPhkWaCVhO4&google_cver=1&google_push=AYg5qPL7bleziQzqFtoEOKAItgFr7JzHf3aQX6M62KFVYRfVLuEydcX0jmIDIpAoBIWzoXLtsonWD2wDp0LhHLRw7R7Dsv8vi-c&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL7bleziQzqFtoEOKAItgFr7JzHf3aQX6M62KFVYRfVLuEydcX0jmIDIpAoBIWzoXLtsonWD2wDp0LhHLRw7R7Dsv8vi-c%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 65f1f3934d209704-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 43
cf-request-id: 0aab16900e00009704e1157000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 848
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 65f1f3909c3b9704-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECxZB1lZvoiUlPhkWaCVhO4&google_cver=1&google_push=AYg5qPL7bleziQzqFtoEOKAItgFr7JzHf3aQX6M62KFVYRfVLuEydcX0jmIDIpAoBIWzoXLtsonWD2wDp0LhHLRw7R7Dsv8vi-c&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL7bleziQzqFtoEOKAItgFr7JzHf3aQX6M62KFVYRfVLuEydcX0jmIDIpAoBIWzoXLtsonWD2wDp0LhHLRw7R7Dsv8vi-c%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab168e6000009704ee935000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 92BD
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENJqHjN42eFiKvEmBC_Xa60&google_cver=1&google_push=AYg5qPJ0yNOBng_8y0r8zkzAhIgaPYCKkNtMjBjXkTRIfoModa9-Vlcqon9oF2YNtv6PyVGVaTOAcZ2H...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY0NDQ3MzQ1NDE0NzgzNzE0MQ&google_push=AYg5qPJ0yNOBng_8y0r8zkzAhIgaPYCKkNtMjBjXkTRIfoModa9-Vlcqon9oF2YNtv6PyVGVaTOAcZ...

170 B
188 B

37ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY0NDQ3MzQ1NDE0NzgzNzE0MQ&google_push=AYg5qPJ0yNOBng_8y0r8zkzAhIgaPYCKkNtMjBjXkTRIfoModa9-Vlcqon9oF2YNtv6PyVGVaTOAcZ2HrE92jYbXjyj6MUNgGsmL

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY0NDQ3MzQ1NDE0NzgzNzE0MQ&google_push=AYg5qPJ0yNOBng_8y0r8zkzAhIgaPYCKkNtMjBjXkTRIfoModa9-Vlcqon9oF2YNtv6PyVGVaTOAcZ2HrE92jYbXjyj6MUNgGsmL
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET ebda
eb2.3lift.com/ Frame 92BD 0
0

GET sync
rtb2-useast.e-volution.ai/ Frame 92BD 0
0

GET v1
match.sharethrough.com/E4rooAtA/ Frame 92BD 0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 92BD 0
12 B 39ms
31ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KsTvLkzJsoGhpFCcLRD23_8vIeTvwp4T6rBYLo-WsF6KazmgaSOQxOiPqIPxLKbQZ6jN8q8TI

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CC50 41 KB
15 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 10:48:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 13 Jun 2022 10:48:52 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 34C5 1 KB
749 B 12ms
6ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 13 Jun 2021 09:02:58 GMT
expires: Mon, 14 Jun 2021 09:02:58 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 81877
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CC50 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c18127e384749c066405a74d5e9f71fcc2880beedf46d81aa4d9864e0ad2a02

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ Frame D40F 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://b.travelmiso.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 06:09:53 GMT
x-content-type-options: nosniff
age: 178662
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 06:09:53 GMT

GET
H2 200 i.js Show response
cm.mgid.com/ Frame D40F 1 KB
778 B 84ms
75ms Script
application/javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?&cbuster=1623656855193204043124
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/adop.travelmiso.com.1151336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 391bdafd000278194f9da9647d0d38f5cf62fc73568054ef9db6fa0710554b8a

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-mg-request-uuid: ae1afc93-0908-4029-975f-d45ddebd1d90
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f3911c9eee48-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab168ead0000ee487e802000000001
server: cloudflare

GET
H2 200 i-noref.js Show response
cm.mgid.com/ Frame D828 19 B
289 B 80ms
76ms Script
application/javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=162365685519857649855
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/adop.travelmiso.com.1151336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-mg-request-uuid: ffaab7df-57af-4c16-b7cf-d26c34f43e8d
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f3911ca1ee48-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab168eae0000ee4858a67000000001
server: cloudflare

GET
H/1.1 200
OK beacon.js Show response
b.scorecardresearch.com/ Frame D40F 1 KB
2 KB 71ms
44ms Script
application/javascript 99.86.241.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://b.scorecardresearch.com/beacon.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/adop.travelmiso.com.1151336.js
Protocol: HTTP/1.1
Server: 99.86.241.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-241-40.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Mon, 14 Jun 2021 07:36:45 GMT
Via: 1.1 a776ddd883fba0ca203b52822fb50572.cloudfront.net (CloudFront)
Last-Modified: Fri, 26 Feb 2021 14:35:05 GMT
Server: AmazonS3
Age: 651
ETag: "1827f116c73f319409b97f10b8a58ade"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: VIE50-C1
Accept-Ranges: bytes
Content-Length: 1469
X-Amz-Cf-Id: ot0uckBC0Mr2p3cwGyc17eYFNNqXaFnVLOrYx3l_MNlXsZ4jSrcCXg==

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTAvMTAxOTI0L2QwZGE1NGNmMmY1ZTg3YmY5NGE3YTZhOGFhZjJiZWMyLmpwZWc.webp
s-img.mgid.com/g/8164838/492x277/0x0x2049x1366/ Frame D40F 11 KB
11 KB 32ms
30ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164838/492x277/0x0x2049x1366/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTAvMTAxOTI0L2QwZGE1NGNmMmY1ZTg3YmY5NGE3YTZhOGFhZjJiZWMyLmpwZWc.webp?v=1623656854-pfKBogXsIqIWLLu2CDp4TtiNKc0vbCRj52kyfOWjLeo
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1c79d105d05df2684fa4ccbd03d00a8258c11e1db815e6b7577aadf7e6edfe1

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
cf-cache-status: HIT
x-mg-request-uuid: 4c041aa0-598d-4a71-8c77-09ea449c42f5
age: 4503117
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 10998
cf-request-id: 0aab168eae0000ee48381b0000000001
last-modified: Mon, 08 Feb 2021 10:20:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 65f1f3911ca2ee48-CDG

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 2F1B 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57468
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B511 41 KB
15 KB 19ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 10:48:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 13 Jun 2022 10:48:52 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BF23 1 KB
749 B 20ms
13ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 13 Jun 2021 09:02:58 GMT
expires: Mon, 14 Jun 2021 09:02:58 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 81877
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B511 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c085066f1ae53e63d69d395e1b172117b3d04a1fbc9f8ce0ffa40c1fb7687740

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame B341 61 KB
21 KB 38ms
37ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cht_cookieSyncIframe.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

b7.80.fd9f.ip4.static.sl-reverse.com

Software

sffe /

Resource Hash

54e1a9fa84f454175a61ddd8369e590829499c033015438f8788b2e40b02864c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 649 of 1000 / last-modified: 1623449339"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21293
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:35 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 8A01
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=482F80F6-162A-4FE9-B10C-9AEFAE12F9DE
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=482F80F6-162A-4FE9-B10C-9AEFAE12F9DE

35 B
468 B

45ms
44ms

Document
image/gif

37.157.2.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=482F80F6-162A-4FE9-B10C-9AEFAE12F9DE

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?CC=1&party=14&cid=482F80F6-162A-4FE9-B10C-9AEFAE12F9DE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: C=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 14 Jun 2021 07:47:35 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=4610887547124996422; expires=Fri, 13 Aug 2021 07:47:35 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Mon, 14 Jun 2021 07:47:35 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=482F80F6-162A-4FE9-B10C-9AEFAE12F9DE
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: C=1; expires=Wed, 14 Jul 2021 07:47:35 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET pubmatic
d5p.de17a.com/getuid/ Frame 87E3 0
0

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame E710 43 B
369 B 130ms
30ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Mon, 14 Jun 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1266
x-powered-by: ASP.NET
date: Mon, 14 Jun 2021 07:47:34 GMT
content-length: 43

GET /
dsp.adfarm1.adition.com/cookie/ Frame DF77 0
0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9015
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SC-A9hYqT-mxDJrvrhL53g%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SC-A9hYqT-mxDJrvrhL53g%3D%3D&google_tc=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

32ms
31ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 06:44:25 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-2080-5c3aeac410031"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=111758
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 2586
expires: Tue, 15 Jun 2021 14:50:14 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=654a60c7-0997-4c00-b72e-6c248edb4fea

0
370 B

2294ms
32ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=654a60c7-0997-4c00-b72e-6c248edb4fea
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x10
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=654a60c7-0997-4c00-b72e-6c248edb4fea
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 14 Jun 2021 07:47:37 GMT

GET /
pixel.onaudience.com/ Frame 9015 0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NDgyRjgwRjYtMTYyQS00RkU5LUIxMEMtOUFFRkFFMTJGOURF&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NDgyRjgwRjYtMTYyQS00RkU5LUIxMEMtOUFFRkFFMTJGOURF&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
341 B

553ms
23ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug018:0:254
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEBnAxSSMgoPxEpjTuPM-W04&google_cver=1

42 B
283 B

555ms
24ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEBnAxSSMgoPxEpjTuPM-W04&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug017:0:572
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEBnAxSSMgoPxEpjTuPM-W04&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 9015 43 B
612 B 28ms
24ms Image
image/gif 159.253.128.183
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 13 Jun 2021 07:47:35 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:437160c7-0997-4300-93fa-bb602690c95d&gdpr=0&gdpr_consent=

42 B
652 B

3111ms
35ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:437160c7-0997-4300-93fa-bb602690c95d&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug011:0:444
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 14 Jun 2021 07:47:39 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:437160c7-0997-4300-93fa-bb602690c95d&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 14 Jun 2021 07:47:38 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4610887547124996422

42 B
235 B

2970ms
37ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4610887547124996422
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug005:0:594
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4610887547124996422
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=f045f152-f2cc-4b14-80ad-163e6e314e57

42 B
293 B

2970ms
36ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=f045f152-f2cc-4b14-80ad-163e6e314e57
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug004:0:445
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=f045f152-f2cc-4b14-80ad-163e6e314e57
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2283321168535714619&gdpr=0&gdpr_consent=

42 B
210 B

558ms
24ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2283321168535714619&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug020:0:472
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.8:80
AN-X-Request-Uuid: dd84ccd0-f4f1-415d-bfa2-4ab4c1ec3c27
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2283321168535714619&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 482F80F6-162A-4FE9-B10C-9AEFAE12F9DE
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 9015 43 B
586 B 32ms
32ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/482F80F6-162A-4FE9-B10C-9AEFAE12F9DE?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET sync
ups.analytics.yahoo.com/ups/58292/ Frame 9015 0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu

42 B
353 B

71ms
23ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug019:0:397
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9015
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMcJmAABhOYQ8wBg&gdpr=0&gdpr_consent=

1 B
256 B

1834ms
36ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMcJmAABhOYQ8wBg&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug003:0:490
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1623656857.569975,VS0,VE0
x-served-by: cache-fra19164-FRA
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMcJmAABhOYQ8wBg&gdpr=0&gdpr_consent=
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET sync
x.bidswitch.net/ Frame 9015 0
0

GET
H2 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 330C 318 KB
112 KB 33ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:35 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 9855 38 KB
14 KB 42ms
42ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29090
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:35 GMT
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame BAB1 0
39 B 35ms
34ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=65912770&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:34 GMT
content-length: 0

GET
H2 200 cht_cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 7557 807 B
624 B 27ms
26ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cht_cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: http://ads.aralego.com/sdk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6058eb29e9bb8b7cd0d68f0d180a093941e971f4659092a70c99ca57827bc678

Request headers

:method: GET
:authority: cdn.aralego.net
:scheme: https
:path: /ucfad/cookie/cht_cookieSyncIframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.travelmiso.com/

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-type: text/html
last-modified: Tue, 11 Aug 2020 08:15:02 GMT
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 5681
cf-request-id: 0aab168f8d00004a86bba19000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZNODFmx%2F%2FRo0XpYvZ%2Bs9eQxnHrhplXetrvu8g2QC7O%2BSd9mnn2s7jvNI0ytPhvT0WF34YjtP2kzfx3QIHoI5YnM0kJtgI8E8Krxgm8mEu9XZlJ8eenVEIygSvhJRCAumzWDBo%2FbA17U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 65f1f39279b74a86-FRA
content-encoding: br

GET idsync
sync.aralego.com/ Frame 235E 0
0

GET

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame 7B76
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=632002b1-3da9-4edb-a400-1ec07de28493
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=632002b1-3da9-4edb-a400-1ec07de28493&tbid=d6e37edd-a9f5-4b77-9b95-4c71b65d770f-tuct7c08f17&query=taboola_hm%3D632002b1-3da9-...

0
0

GET
H2

200

sd
u.openx.net/w/1.0/ Frame 7B76
Redirect Chain

https://u.openx.net/w/1.0/sd?id=543998486&val=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&gdpr=0&gdpr_consent=
https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&gdpr=0&gdpr_consent=

43 B
106 B

27ms
26ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&gdpr=0&gdpr_consent=
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&gdpr=0&gdpr_consent=
date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 google
server: OXGW/16.208.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 7B76 0
239 B 3376ms
26ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Content-Type: image/gif

GET match
ads.betweendigital.com/ Frame 7B76 0
0

GET
H2 200 101956
jadserve.postrelease.com/suid/ Frame 7B76 43 B
427 B 101ms
96ms Image
image/gif 52.207.161.225
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/101956?ntv_r=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fnativortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3DNTV_USER_ID
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.161.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2

204

/
sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame 7B76
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=nNQ83n1YCYDy&ev=1&orig=trc&pid=562107

0
247 B

52ms
34ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=nNQ83n1YCYDy&ev=1&orig=trc&pid=562107
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.134:10213
date: Mon, 14 Jun 2021 07:47:35 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 12578

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=nNQ83n1YCYDy&ev=1&orig=trc&pid=562107
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-8474b759f8-2hvq9
expires: -1

GET
H2

204

/
sync.taboola.com/sg/adxxscod-network/1/rtb-h/ Frame 7B76
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboolacom_ltd&google_sc&google_hm=sYU0o3pTR_-sWVGBMF4wxA&google_redir=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fadxxscod-network%2F1%2Frtb-h%2F%3Ftaboola_...
https://sync.taboola.com/sg/adxxscod-network/1/rtb-h/?taboola_hm=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&ui=sYU0o3pTR_-sWVGBMF4wxA

0
114 B

101ms
35ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adxxscod-network/1/rtb-h/?taboola_hm=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&ui=sYU0o3pTR_-sWVGBMF4wxA
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.22.84:10213
date: Mon, 14 Jun 2021 07:47:35 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 12578

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.taboola.com/sg/adxxscod-network/1/rtb-h/?taboola_hm=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&ui=sYU0o3pTR_-sWVGBMF4wxA
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 340
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
sync.taboola.com/sg/appnexus-network/1/rtb-h/ Frame 7B76
Redirect Chain

https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=2283321168535714619&orig=trc

0
258 B

102ms
34ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=2283321168535714619&orig=trc
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.10.104:10213
date: Mon, 14 Jun 2021 07:47:35 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 12578

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.42:80
AN-X-Request-Uuid: 8176ffc8-3673-4a7d-be56-0aa31a94f820
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=2283321168535714619&orig=trc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame 7B76
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEHShxirKpQrfwQP1yPUe-bg&google_cver=1

0
183 B

33ms
32ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEHShxirKpQrfwQP1yPUe-bg&google_cver=1
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 varnish
server: nginx
x-timer: S1623656856.893770,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11534-HHN

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEHShxirKpQrfwQP1yPUe-bg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 7B76 42 B
237 B 3474ms
35ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14:$UID
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug002:0:535
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7B76
Redirect Chain

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=d6e37edd-a9f5-4b77-9b95-4c71b65d770f-tuct7c08f17

170 B
188 B

102ms
52ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=d6e37edd-a9f5-4b77-9b95-4c71b65d770f-tuct7c08f17

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=d6e37edd-a9f5-4b77-9b95-4c71b65d770f-tuct7c08f17
tbl-x-upstream: 10.41.10.199:10213
date: Mon, 14 Jun 2021 07:47:35 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 12578

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame 7B76
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=f045f152-f2cc-4b14-80ad-163e6e314e57

0
179 B

33ms
33ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=f045f152-f2cc-4b14-80ad-163e6e314e57
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 varnish
server: nginx
x-timer: S1623656856.917370,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11534-HHN

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=f045f152-f2cc-4b14-80ad-163e6e314e57
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame 7B76 43 B
687 B 39ms
31ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=42&3pid=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&us_privacy=&gdpr=0&gdpr_consent=
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame 7B76 49 B
333 B 101ms
99ms Image
image/gif 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-8474b759f8-2hvq9
expires: -1

GET /
rtb-csync.smartadserver.com/redir/ Frame 7B76 0
0

GET
H2 204 put
e1.emxdgt.com/ Frame 7B76 0
45 B 49ms
35ms Image
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d41&uid=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-length: 0
content-type: text/html

GET
H2

200

/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 7B76
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=af4b3990-2785-4149-96dc-dc029acdb3d4

0
258 B

1128ms
31ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=af4b3990-2785-4149-96dc-dc029acdb3d4
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.12.133:10213
date: Mon, 14 Jun 2021 07:47:36 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 12520

Redirect headers

pragma: no-cache
x-errorlevel: 0
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=af4b3990-2785-4149-96dc-dc029acdb3d4
cache-control: no-cache
date: Mon, 14 Jun 2021 07:47:35 GMT
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1837
content-type: text/html; charset=utf-8
content-length: 222
expires: Mon, 14 Jun 2021 00:00:00 GMT

GET

1.gif
id5-sync.com/c/464/464/7/ Frame 7B76
Redirect Chain

https://id5-sync.com/s/464/9.gif?puid=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D...
https://id5-sync.com/c/464/464/7/1.gif?puid=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14&gdpr=1&gdpr_consent=

0
0

GET taboola
s.c.appier.net/ Frame 7B76 0
0

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 7B76 35 B
380 B 1421ms
98ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track001-dc3
Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:08 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET sync
x.bidswitch.net/ Frame 7B76 0
0

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ Frame 6040 2 KB
1 KB 30ms
25ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210613-7-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 095ba66d80bd93cf592c11fd72a723dfe5ab5f8da183e54063f50e9ba215094b

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: cZudbZahPOBsYvDOdnPtkk7eaBsnPiYA
content-encoding: gzip
etag: "be95692a7dfb1dc3e8629518230a5ec3"
age: 950
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 899
x-amz-id-2: r6l3tKy2bpJUs2hDEPModElWrdrPvnCgDH9URgDwWqurcptvZXS47FQLozu4toPKdKPNOpwdjow=
x-served-by: cache-hhn11534-HHN
last-modified: Wed, 09 Jun 2021 22:03:44 GMT
server: AmazonS3
x-timer: S1623656856.501143,VS0,VE0
date: Mon, 14 Jun 2021 07:47:35 GMT
vary: Accept-Encoding
x-amz-request-id: MX4Q6N7CBJ0TZF9W
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 40
x-cache-hits: 14441

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ Frame 656B 107 B
165 B 19ms
18ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 656B 107 B
165 B 19ms
18ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 656B 330 B
169 B 66ms
63ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4358860757303771&correlator=3550372826427209&output=ldjh&impl=fifs&eid=21068031%2C31061355%2C31061411%2C44744015&vrg=2021060801&ptt=17&sc=1&sfv=1-0-38&ecs=20210614&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cdm=cdn.aralego.net&bc=23&abxe=1&lmt=1597133702&dt=1623656855510&dlt=1623656852443&idt=3053&ea=0&frm=8&biw=-12245933&bih=-12245933&oid=3&adxs=-12245933&adys=-12245933&adks=64515409&ucis=hbslgwtpcx5i&ifi=1&ifk=923963767&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2Fcht_cookieSyncIframe.html&ref=http%3A%2F%2Fb.travelmiso.com%2F&top=http%3A%2F%2Fb.travelmiso.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x-1&ga_vid=1985233381.1623656856&ga_sid=1623656856&ga_hid=196342580&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32a2ccf9c7c05761601326430ae882569ffa5bf3f5d3d71e3b07b3ccea39875e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
70111f60bdb7ad8fb4db1af14fd641a9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 656B 0
0 69ms
52ms Other
text/html 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://70111f60bdb7ad8fb4db1af14fd641a9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK / Show response
tag.gammaplatform.com/adx/request/ Frame AB7E 3 KB
3 KB 189ms
188ms Script
application/x-javascript 54.255.154.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570449&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=374824/
Requested by: Host: gamma.cachefly.net
URL: http://gamma.cachefly.net/js/ad-exchange.js
Protocol: HTTP/1.1
Server: 54.255.154.87 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-154-87.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: b47ac8d4f39a1bf905fb873aba62c94ac2a3f1de4b4fa0b54a5e7033f6b4ad7d

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: application/x-javascript
server-time: 0.1(DD).1(B).1(W).1(CB).1
x-server: AdEx-App126
access-control-allow-credentials: true
x-robots-tag: noindex
transfer-encoding: chunked

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTAvMTAxOTI0L2QwZGE1NGNmMmY1ZTg3YmY5NGE3YTZhOGFhZjJiZWMyLmpwZWc.webp Show response
s-img.mgid.com/g/8164838/492x277/0x0x2049x1366/ Frame D40F 12 KB
12 KB 333ms
293ms Fetch
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s-img.mgid.com/g/8164838/492x277/0x0x2049x1366/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTAvMTAxOTI0L2QwZGE1NGNmMmY1ZTg3YmY5NGE3YTZhOGFhZjJiZWMyLmpwZWc.webp?v=1623656854-pfKBogXsIqIWLLu2CDp4TtiNKc0vbCRj52kyfOWjLeo
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/adop.travelmiso.com.1151336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 178d0923127f644b497c0aba95fabd7a6c8d134730fb7e1810ca947d732e9f8a

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
cf-cache-status: MISS
last-modified: Tue, 11 May 2021 10:41:59 GMT
x-mg-request-uuid: 9e7d362a-eeeb-4ffe-8bcb-9c9193acfa29
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 65f1f39388a1edfb-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 11886
cf-request-id: 0aab1690340000edfbef881000000001
server: cloudflare

GET
H/1.1 200
OK / Show response
tag.gammaplatform.com/adx/request/ Frame 54BB 3 KB
3 KB 171ms
170ms Script
application/x-javascript 54.255.154.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570861&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=644620/
Requested by: Host: gamma.cachefly.net
URL: http://gamma.cachefly.net/js/ad-exchange.js
Protocol: HTTP/1.1
Server: 54.255.154.87 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-154-87.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: fe65459b55a12264cf600905e80b2feb6992a67f057949d445c5ea7b9eb2d6ca

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: application/x-javascript
server-time: 0.1(DD).1(B).1(W).1(CB).1
x-server: AdEx-App127
access-control-allow-credentials: true
x-robots-tag: noindex
transfer-encoding: chunked

GET
H2 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 2321 176 KB
61 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 00:40:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25637
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Jun 2021 00:40:18 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame 2321 8 KB
3 KB 33ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cotw3kFu9realDPpfhQxwbX75kqevgUrBolnDLp5bWZiHVaXijAd5T78hYowrQCPv8vA0O2GcZqg8jpnrU4ISLac4nRSEds5RNcdsVqybn6EBWCsToOfpc_CFqOA3HPN_W4wthQHvXFULu2ArbymhHqZmqnw&dbm_d=AKAmf-AFiWqpF_GrI39CvesWnjc0ri5_DAO6-_bVJ9xqX9VdZI-URho81GBDVdlhSoMlYG0o_YYOMH9JgstEdAZUrpQrd3KXHr5gNWP7Zo2BcCiPAXrG5_pvbWt-mNOfF4vFoHB1yj0jC0ed8e1F_YVm0D44zc1ghGWnoc1U_ZN7KSBsPQGsx54zllLmtsCO2P-AAihhkqx8ShZp54MtiMcZCVYPLL12ZBeCtd05aVzfu6ElnJf812upSEgApgU_rfqz6UHmZ3NtQLBZlRnE1BfESDMOlY_bs6M12dlYAe6KxJDq_iU3hHTOzGsTP51WYXeN7KBEMzn_S_li2MBB7R6C0rufO32Ch7_wA1_DZGw3uy6cTsdvtQvuiEQVVw_wLlJBmwfjXm1OCQfPWwbh8KMbm1BzZ4hEdoua50jzzh3dLRBua9Ii7jyDKXvyG-1B1oJY8zkb884_RTWkTFDGPf3Kr3vPw6rpOWE6SRvdWGCUn7LwN6c-eEre98KIqcE3rvnwOxdgJ66Gt9KxbJSvZr9UpvJOWYm8J73WQYiJVZsoZtRdCr5WoG7_NytO1Yaw1hgd0HzXm1mYPCPIQxNheWKB-xl3874Qj0xGIWEiq5QOtR5XMut_-5_JIhiJJEHUF7lz7Fypw7tY7uYGx51Zq4GC-YSBxd5mqdv6N1Hu-sg4r2feZIUd-Y4tApGjJtxe04rIZWMKVnz4EFFDBw4msN1x-CRwnk_zexCTElvDGeG7Xf7NFTVPi15dacqTiSK4o6E4p6LtAuzTchR464Qli_OxvrBWrZgussJs-okqpKggJHGIurP8-YWlusipo1URTsItNTyErZo4196o8xsOHXyT3OG7nj1k1L9JJGXoYIuIMVYr8PWUoWRT28DRiR66hP3zKBl5s5WO6r5a1lipHwE3AF9G9MLEdf5z7a1LnavfHJEjflxb3KzrIgGyiItGvuOlQL08wMFGfLL-QO0dYGMactIA8BMdweCXfsKEJqBzWc8mRIReZD3-EC2ljiFfKylQPOETIdcfMi23OiEs5b1Xl1YmhrWd9MMCwLQE_HbW4sO71UpFqU9amK-wMdWTRSNZxzhgxBLgGro8IH-OZGYoYuZMXuIljVAfxoZDGM-suoUJKTPYfrHOhwyrZ50MAQCItDeQ_nz9nWsGZmRZrY7FP81lRvjkpnU1HvBiJv0GJdKdnqMWbBknPVTMZYfO2M_mEkq0sMJD1PSV70YV3GNttkH2FEaBxuwxk_ofsxP2dgQKBley0B6ixAWsPM-lHv19nXHAbd9FFnygsStzvfZmCd29UA_tl3Mrs5MRs42PgWbmVxZjT9wygdao9DjzKz3T68YKU2HvLCK8UVwQkR4L3s3qajiKmJjv5JZzkyT3u7MG_TntNd5yAiZxlz1vBaUc4XwDK-79zQPjMd_ucKIZB4RN7lSB4fUemE4_uyOKUusBlLm3Gj4LsS6EHbP-Hd7aOlwHz0iA9TxLGzSqr4dFCNSN3defy283b94zLXo3NJHBTwmxPbt47JvFeOEYOnXM_-beHYY4K8ulhgO3MU5IRnVYNrw0g-h8nLCTzVhezvgDL3aASpZ0aK8I3PZXN3WpLKpQXk-a-N9jxub76Ty4Q1tXIiRTqDvcxrAszyaQ-O1leF8-S7_eoqVIbptLVyWQmjk9Iv89-HLP9c7lrfY602NOxtx1YHrNr5RKpbtQkPglxfFtffGGjWyuWGqC2c1mMVWT3RQQjtD1XPuV8zPgWZO9qU8OLNYg_1N6SMjNUcTorilPFhwiqVQSwgjUlb1ttKy1kLdjN7IAYYa8y_qicoigft5_zmRCeXfZf8FdoCbqLwlUxEDAwfhSzTvDxnIvYxuZWGU2LbAxODCc2Qy8v8zXEGDXTMYnSPLFoU2rjwuzOGct9C1bjb9l2NThqnTKU8mqHfxhXABCYcc72pW3xXCgTJwbZ9j327NnzY69jebq22gdnAbX2A3WmmznTiAuvSA-kWveAaMc7FehaIdtTGGcYjhHUnqGWVo0Uy7ebLDdQw7pyqnCOZmuYFi65uNiaaxhGzYo4DBRaRdRbfvJleSoBIHocgprEOdfD-YxJ0z77VqF8OEl6StfDPWR35kPDIFia6Zghijn5U21jHfVZrxX8iOxSYJCw1cNc0-WfZQwrjxjYUBnUtMb1CL18JbE28D9WxzAcgwxg_aj5f8FcqFjnALvw1cBNpqMZ_5J_QiwJs-VViGnZxW38IeWxUnvdHEKYX1lSecqeyYd_qzmvbAvnSfa-azA07gJQRcTzJ2RbFuCl8jf2o8ZkYGvl6pZajWN0C1I-aGsssw4KBQygh1ZlpnKxhssb_8fku0-3Nv_shAEOYnF53L_O-Y96BwbRkJJFwgh7FGAvoxpv1w51lSZW71zrm-XrVhSIk3ML2GqhRTHqNW7AdgCIzMjbv47jTSdFe2g80so2HuAqCM6SVTaVpt2GTt4JGaXq6Lopv4M_BPXSb_0Gbln-sTGJ9yeHSztwHQYh09vu3oe7QIYxDMFiP_FeLxoiR7FLdzO1ft-nGTTDETd5N9OLOkvqnHighePeIvVdhqP_wQqq7FcA8NG52tm1xQXVg8HJTb32EsqaPjS2jQtjEW0Xo8P3CmJ9akRs-iIsSiQCyjjVXnRwuYui_fr3w7bM2sg8MQ6oNDkPpTLHTibFAui4MNfTJnZm_IxiKCCMXnkY-vWHqzoeE6uHvIuTmsuQg366wn76AfipRDBU2zXltpBnKOEsKLTNoJJHS1Ho-VrTUSZPMC0DnMc2hYg4VW_k0FViN0hCuV-NMTYn9fR78gSoF4Uwi58LppKrK3hTcoQAexSZhq3UxWNsINkWNibl-KZj0gHAu1NjkeaDqiaxwjjdDetLzeUXpYo511_F3XRnG-S-lURrupm19cV-HMBbEPmMHUk-Mo_KlphLGYlFmvj_jK2JLjBJhAC4PB9rFSPlwxasTiRv_hTbwX7kd46iQlgeTBQPsSGjvjk6fyQ3kMs7a2DAlAUBa7y7wb5VFdrshMlryzOMmxGmuRsrBVnFBbIS44lzxmuXXwtCe8E7f5Bq_bXUSDC0lopALUGbhM9O_rzavUq78h6Y94CVuKBdVRE9F-CxbZ346ZFRtWlAo6mg5mjiFsuiiilDkpkejhlRAV7trpTZlLjk4Tj0DaHsrGJWTj0EELFAvNL5kFuZF87dA3o9NYvapIF6etEDTP_qoFFTwga3dUlFTdC7W0gjV-dpvA6oGcUC6zJNOo&cid=CAASEuRola203k65bFQvwLsq7DU0lg&rfl=2%2Chttp%253A%252F%252Fb.travelmiso.com%242%2Chttp%253A%252F%252Fb.travelmiso.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:53 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame 2321 22 KB
9 KB 30ms
5ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:47:25 GMT

GET
H3-29 200 img_logo.png
s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/ Frame 5AAC 5 KB
5 KB 9ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/img_logo.png?1610928118441

Requested by

Host: 8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com
URL: https://8d2d594102a72525c4e49e2eadb2ad67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c79061f1352fb4811f113ed487006e098e76f3cb0171fcb4dbf0c0511128c126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 08:38:05 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 19:30:33 GMT
server: sffe
age: 83370
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5590
x-xss-protection: 0
expires: Mon, 14 Jun 2021 08:38:05 GMT

GET
H/1.1 200
OK gen.js Show response
ads.themoneytizer.com/s/ Frame 6049 4 KB
2 KB 3052ms
15ms Script
text/html 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.themoneytizer.com/s/gen.js?type=2
Requested by: Host: ap.lijit.com
URL: http://ap.lijit.com/www/delivery/fp?z=861814
Protocol: HTTP/1.1
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: b780c05b9b8e1f7acff640ef794ca777ffa43e5d4354a84eebf3dd98975f8675

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:17 GMT
Content-Encoding: gzip
Server: NetDNA-cache/2.2
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2127
Expires: Tue, 15 Jun 2021 07:47:17 GMT

GET
H/1.1 200
OK requestform.js Show response
ads.themoneytizer.com/s/ Frame 6049 47 KB
10 KB 3111ms
59ms Script
text/html 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.themoneytizer.com/s/requestform.js?siteId=64680&formatId=2
Requested by: Host: ap.lijit.com
URL: http://ap.lijit.com/www/delivery/fp?z=861814
Protocol: HTTP/1.1
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 046c6b4309a00a98d8e0633a8bf4327ddd625081951bedfa0066d935a4c7d837

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
Content-Encoding: gzip
Server: NetDNA-cache/2.2
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Expires: Tue, 15 Jun 2021 07:47:38 GMT

GET
H/1.1 200
OK Cookie set beacon Show response
gslbeacon.lijit.com/ Frame 1E86 6 KB
2 KB 38ms
37ms Document
text/html 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://gslbeacon.lijit.com/beacon?viewId=a_861814_4c50c09387e64f85b0db26e8e13ca7f6&rand=2024&informer=13422783&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com&v=1.2
Requested by: Host: ap.lijit.com
URL: http://ap.lijit.com/www/delivery/fp?z=861814
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: fbe7ff42e91753a3aec2922ff76f03d601a1852fb56207d97f589c4ee54b774d

Request headers

Host: gslbeacon.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=f35e06d1217e66947e122508
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxdkDsWAzEIA%2B%2FiOgVgfs7V8nL3ZPdtw5QjY0nwWbremrbLt0W8lt3onekXZk7eE0snhwgUFTAC6gmw1Lz4nFNz4q%2F0VJqeKNlo2Q4OMP%2BjgdHv4D2fG4rI3Rj9rOaOG3kOf4d%2FYD6aN54Nvz8NrFyW;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:35 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=f35e06d1217e66947e122508;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap3ams1

GET
H/1.1 200
OK containertag Show response
ap.lijit.com/ Frame 6049 47 KB
6 KB 37ms
36ms Script
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/containertag?containerId=18&zoneId=861814&v=2
Requested by: Host: ap.lijit.com
URL: http://ap.lijit.com/www/delivery/fp?z=861814
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 8b227819a378695e862bbe6aa21d12b6efbcec36f9b6eb1471605fdc2fb6f313

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: raptor
Vary: Accept-Encoding
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap7ams1
Content-Type: application/json
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK impression
vap7ams1.lijit.com/addelivery/ Frame 6049 43 B
567 B 30ms
29ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vap7ams1.lijit.com/addelivery/impression?i_data=WmfvF8tqmHFmGeJpTSZvzYKpVLmKn7l59nxRHmRWEnPWa8qLu8tqWkkDIWCISemlTKr8wUiZF5thBwhws9muYlrE3287rgxZix9HflWT25mKl1kJ1BCzFLVCCo-NF9xUs4u_gys5xspRv5e_ulpeNk-difzOUciaQR9abU20E855_arBZ3WQ2lN8QJv0Y8ZCHkw6lOdhDjuFUNED7A3_II3ygV70m1ErLH1eZYSl8jj9Bwv_r0A77pSQQssRDlGerc5kjzZ7-WBSUY1N9nKAsacNEB5VUG5DO6RwzX6chafiJ7VrjsE~&bannerid=226223&campaignid=232&endpoint=WATERFALL&zoneid=861814&tid=a_861814_4c50c09387e64f85b0db26e8e13ca7f6
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adsp/300x250.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK fp
vap7ams1.lijit.com/data/ Frame 6049 43 B
206 B 59ms
28ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vap7ams1.lijit.com/data/fp?tid=a_861814_4c50c09387e64f85b0db26e8e13ca7f6&zoneid=861814&starttime=1623656853392&adcfg=3&adcfg_response=1272&addelivery=1281&addelivery_response=2196&lgfired=2204&beacon=2208&container=2217&EOL=2217&ctstart=0&elapsed_ms=2217
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adsp/300x250.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
Server: nginx
X-Sovrn-Pod: ad_ap7ams1
X-Powered-By: raptor
Content-Length: 43
Content-Type: image/gif

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 452D
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

34ms
30ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/stat?i=bdsfyu86g9gsdn1e02&a=709b7e811fc940f8135818fd0d1c581f7&cb=5672321623656854479
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6034
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=aOkCiKdwNTNUVY8PZ1QaJWaI1Ch0EooB6xXLWD3kHLfvRZijAKdB%2BWVcWwotrNQQSg5jlkooXkhQoxv3IR%2BCyICfNmwmvzZGUidvIzpK%2B3gJbWiEBSX6zNBtojXOoRQlKOQFo23G"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691a20000dfffe938e000000001
cf-ray: 65f1f395c97cdfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=USNlR7489NkhZNapGpScnPNh920MIcjTiQGzUQZ8Q6p7aU0XPQXMhtimweY7uxK%2FGHXA2E%2B6dHMgeXwZxKst7FyI6Gdl74bswxtd3l9u82e6YUzHV5EqJB%2FMgntDM9O6B1vwNVnq"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f393a9a64abc-FRA
cf-request-id: 0aab16904c00004abc33a9b000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 1AD1
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

33ms
30ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/send?i=bdsfyu86g9gsdn1e02&a=3f44370d5e0a4599fd8739ecf35584f79&cb=2924581623656854481
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6034
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=iq0gJrY21C8OmiSVjhM3FCGoSNa3WLLQQGpNuNhmzhh9SIjHHMy5MCXBejNgoH7lyo3uG2Ra0H%2B44cI8nS8jpslqMKrGsz4cp4SHx3Elm7dy8TKwvaKEjoDZGjQRuTWhwtxjDE0u"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691a60000dfff15158000000001
cf-ray: 65f1f395d989dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pux1dv62iw0yKgN8K2ZizHg5OpAMxDAspckckujU2WbTII64%2BCjBAfPogKTbDIwWjKHxetWeqUdE9WHG%2FclQxXP%2BRyMvNvaY6fjd7P7%2FhUMTF6%2BQotCmvJSuHwr0mIa%2FZriRZuMZ"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f393c8364e31-FRA
cf-request-id: 0aab16905c00004e31f5036000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame B8D2
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

39ms
35ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/async_usersync?i=bdsfyu86g9gsdn1e02&a=308c3bf9c94b1a8c9c7d0e8cf14e2b811&cb=0199631623656854484
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6034
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tWgTBGa6Ge4WaMwrIG%2FZuJsgHaWZTx0ify5AA39wIPxIH2Hqg0JcJXKXuPy6hBORMkWN%2FfdOfq%2BGbJbNYOqbCGmhUWsB32Ug%2Bk7KMpzntD%2BSzo%2BFonswmaSb%2F25BHuGzbnARSacS"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691a50000dfff0c1fa000000001
cf-ray: 65f1f395d987dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pFg%2B4Hn6B2j8oPXMOnYKGJyko5hBoFSciWzl8OlPLxlbrlV%2BZeGVvj5rnioYRXH2aTSRZYGhFNAVf9oZq%2BdPQodvDOJK9G7IUE74h68HxBNDtvQ9bcumBreRiCDFONH%2B%2FiYk7XLq"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f393cdb4c277-FRA
cf-request-id: 0aab16905b0000c27790325000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 6040 0
0

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame AEDB
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

40ms
40ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/stats?i=bdsfyu86g9gsdn1e02&a=ab6a3b2224aeb0b660adc3acede22dda5&cb=7636781623656854488
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6034
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YzUhLD9Oap1NrLJldg%2B9A3ZD2Uyg%2FKpEP18HmgcJ%2Bj6MvdLtr4n9NJEs6yiqIzOJWAOJvysMcONJoSdrrhK9QcdT%2FW15JtxHPlgKr6WcNFxHVKdnz7jG4h91rfpnDqvRzb3wef2P"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691b70000dffff0874000000001
cf-ray: 65f1f395f9b1dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kEn6dUvoU1zvuNOVDMjDHAicBeXrirZTzA06vvqr188gl3ylYdC7QWZUto%2FYPCUWmHXAPkZMoBmwPexDUmK%2FvxrEN%2BoIxG3t%2FWvufLZBUbBj65FsOQzD46dZ0beSSiIii3JOE%2BuQ"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f393e88e4e31-FRA
cf-request-id: 0aab16907500004e311e948000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H/1.1 200
OK async.js Show response
cdn.adtrue.com/rtb/ Frame BD82 7 KB
3 KB 68ms
35ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.adtrue.com/rtb/async.js
Requested by: Host: nichools.com
URL: http://nichools.com/async_usersync?i=bdsfyu86g9gsdn1e02&a=3d82bab48f3e81ef9d78200b8f112b5f5&cb=9789861623656854496
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Mon, 16 Nov 2020 01:20:45 GMT
Server: cloudflare
Age: 4501800
ETag: W/"5fb1d3ed-1c9f"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31104000
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f3941f1d05b7-FRA
cf-request-id: 0aab169092000005b7129b4000000001
Expires: Mon, 18 Apr 2022 05:17:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 1EA9
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

32ms
32ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/counter?i=bdsfyu86g9gsdn1e02&a=c291520dd1659ed52de4694ec3aafe767&cb=8918501623656854490
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6034
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QaiBKgQZBbIXoeT63iDJ%2BbiymzV7ypsXFd1iHPM6GcQNf63yrvahwWyzpqseI%2BzaD874QczFY8KXOgeTZ03R91muGegICKugY%2BXK%2F93nkIjiWg3Ox34E5oIVtlFddYogm%2F%2BowTH5"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691b90000dffff21fe000000001
cf-ray: 65f1f395f9b8dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rFQKUOnLn4du9Eji55epbBr8FPaR8oP1eKUQ5JYO8PYcCp31JiUmehU5NCDOXJGJE0geBPtbxn0NDMdtLKNgOPLoEhE1ZpBjDeFuhSVuTLpAIT7BhYNIqXQ7b3EogbI3%2BEFh9w7g"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f3941ca2d6dd-FRA
cf-request-id: 0aab1690920000d6dd82895000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame B696
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

43ms
43ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/count?i=bdsfyu86g9gsdn1e02&a=4515e380c4149cdb47fd7d16b9ee55da9&cb=9180331623656854499
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6035
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BuxDZLg4HM%2BZqnp8IjKPoggeAPhFd8h91EWJX2h5ahMwTsnm9FjT5omtDBZ2H7gAULT4TouIbN2r4vGw%2FhNxsMCDJC5LWTh%2BiqUHO4D0caiq7TNmcseSQaucDC2Fm58BZNG%2FEOB%2F"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691bc0000dffff80f4000000001
cf-ray: 65f1f395f9c0dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YIsdSGCvcsuzFZWb0HuDwr3g%2FKo9sxbw6hb%2BzXY1dcvwoH5DpmOVej7NmC1rU1zZrD65FepJIuLsh68%2FqvV9%2FmXIcjEv8%2FACB%2FatP13obHb%2FRUYjsYOzizv0nrGIdUl4ranKu6Xy"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f39429254e31-FRA
cf-request-id: 0aab16909500004e3121b24000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame C77D
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

69ms
68ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/user?i=bdsfyu86g9gsdn1e02&a=fd303e746d713aa876b41ea7a757f5779&cb=3518541623656854503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6035
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=neoz2hW%2BKDigIkbfjyGEOZtmuQrbtf59npcQxBQxIZDX794WMeUA6am4LF2ffZ4bMm7HZ%2FrpOxb1nZLQWhMC9oXs4ReaM7SzPqmW4RybT%2BtQN13kMZiHSLqR37438D%2F38Ta5YQnv"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691bd0000dffffd26d000000001
cf-ray: 65f1f395f9c3dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Jf%2BAFu9wC%2FZNdFQp6rFA3QSKaCvENESharhB0c1La9ruB8vmEElrG1029BnGYuhHal9o6E2bmCiWaXjX%2FRSEt6hN68ZgTJH%2BZsmeJ9POdKUfRczq6t2QknfnHgXqDA%2FfGMQfQbL2"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f394288f05d0-FRA
cf-request-id: 0aab169098000005d078b71000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 3F81
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

49ms
49ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/sync?i=bdsfyu86g9gsdn1e02&a=59c79c030777b63a2ca73dfbc20d339e5&cb=6635031623656854509
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6035
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XsyPAdYs%2FrQDQ6CVVkbsARMdkWzQMfzlPwkK47huPeYG4KZGuPAiCQ%2BhjI8TrAfQtbkSucByKKbBUPerEr4Q9cQRVx4l41z4%2FbkfdJFTfag8OFSxZqJshoZUSymu9JbCYfCihj4N"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691c10000dfff24b03000000001
cf-ray: 65f1f395f9cbdfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=DmvVDg3gMQMIrMygXGyOE%2FIRutwTKQgP7WRr0nQ4RdPV4avjIPVTcxLBXmQEPKOe9Ik4pAQdI2QkCKKnm9IYOQKWNqtQuqzt%2BlNLqF%2BAkaU3WJ5mBauytNrn4X2P6V%2BAAek0p62D"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f3942e4a4a9e-FRA
cf-request-id: 0aab16909900004a9e310e6000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame F11D
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

51ms
39ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/async_usersync?i=bdsfyu86g9gsdn1e02&a=639b5843ddce7790664d1bb76d6f796c3&cb=1119641623656854517
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6035
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=crlMKtARO%2Ffz2oQQFVDLb7ZW2%2BxrCWfe03816j8b8wmgHkUW7iTI01QaYJC8of%2FrhWKLHhlEZMTskOEio70ynfZEkYx7LjYzcTDPxXP0kNNyepBy6ozj7S7hw5%2B4lOVVZRCcqBo9"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691cd0000dfff21b3e000000001
cf-ray: 65f1f39619f2dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=psVppbRSje4jZ%2BkCBQiX2ZooC7dFQ7870D7iJCBTBdNfOoB5quph%2FUg%2BYQkRXYnpU4XdQ9AbF5%2FgxGxd5dLr6oMwLgSAl8cPTGLs4qgJuprPuuizJDmYlTvs40nBAQP45LdhaPr5"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f39439794e31-FRA
cf-request-id: 0aab1690a500004e314e285000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 593F
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

46ms
33ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/stat?i=bdsfyu86g9gsdn1e02&a=5a0c5fe6acd05e6588763d6a638269b95&cb=1345901623656854506
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6035
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Tq8%2B4SSAwEV1Q%2FAIoCT7phBjYqUvyCxwNjOV%2FourFijcqLWR30lLoXzjhKZFCJ4SxaWhElpXV%2B5LK6ZJP16%2BVqIoWq0Ch%2Fw%2BBhfKOu%2FVmf4P2NW4bH8OPDcQJhdeivLXBtvDZNpN"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691d20000dfffb8ab1000000001
cf-ray: 65f1f3961a02dfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=v6tpB5jRNJlkpj9XpuRwKRCkUnDwSoWE%2Baw%2BdQiP5ZGuYnA2kUcvM8KmPD1vBZDn7XU0FUBsaKRwvG3z4%2BfrJ%2BVf2Box1lAalW49xL4dsWxFyojfYJrC%2Fl%2FHV5GCsXqycZT3XDSe"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f39448e705d0-FRA
cf-request-id: 0aab1690ab000005d0e6980000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET
H2

200

prebid_v4_21.js Show response
hb.adpone.com/ Frame 1FE7
Redirect Chain

http://hb.adpone.com/prebid_v4_21.js
https://hb.adpone.com/prebid_v4_21.js

302 KB
88 KB

66ms
43ms

Script
application/javascript

2606:4700:20::681a:a19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid_v4_21.js
Requested by: Host: nichools.com
URL: http://nichools.com/user?i=bdsfyu86g9gsdn1e02&a=e86995c3ab7255d0309bc17b4d95628b5&cb=7332321623656854519
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6035
content-type: application/javascript
x-amz-request-id: 8X8Z2AAXWD3RZ6XD
x-amz-id-2: bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified: Mon, 08 Feb 2021 16:04:15 GMT
server: cloudflare
etag: W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XwlwCCN29KmVWuj15gGx74kc6lNYnqvqDfc4OUxM0l%2BOfX1PnVmguy39ObKMUyU3yaoYjny8hgXzRYwcN7mOeFWkKWbeCsaLm8rXKxI5IbpPz0XvjZ9IavMIq7vCMiLnh7sRkvxE"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cache-control: max-age=14400
cf-request-id: 0aab1691de0000dfffe9b47000000001
cf-ray: 65f1f3962a1adfff-FRA

Redirect headers

Date: Mon, 14 Jun 2021 07:47:35 GMT
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BrJ7yTo1HawOSs%2F1RAD2dNcV2zrci52geWECjHCdBP0QCIRRdOxU7QaDC0Q3eP0T7EbY5ZjFKkPHtBpxSIAAh71TT9B6p9Za9LCCyFsAGd808wIFgcgykCCIQ%2Bdwp9e5vb%2FSxWyR"}],"group":"cf-nel","max_age":604800}
Location: https://hb.adpone.com/prebid_v4_21.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 65f1f3945eb04a9e-FRA
cf-request-id: 0aab1690b600004a9e0f8ea000000001
Expires: Mon, 14 Jun 2021 08:47:35 GMT

GET fpi.js
ap.lijit.com/www/delivery/ Frame 1C93 0
0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame E074 107 B
165 B 22ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame E074 107 B
122 B 21ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame E074 460 B
283 B 221ms
220ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3508178008481069&correlator=2890384964209191&output=ldjh&impl=fif&eid=31060783%2C31061413%2C21064366%2C44744015&vrg=2021060901&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=53015287%2Ctravelmiso.com_d_300x250_1_dc&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=2&cookie_enabled=1&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1623656855&dt=1623656855793&dlt=1623656854419&idt=1324&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=923&adys=265&adks=3017842057&ucis=sqrbjshcsoae&ifi=1&ifk=2326542996&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=3&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fyl%2F300x250.html&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=1173121935.1623656856&ga_sid=1623656856&ga_hid=879784593&ga_fc=false&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9af58c26660897cc24be61c1436eb99c68976b2d54b6956e50de033e836e3db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 243
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
48fd90e908101a927f972cbb6b7d591f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E074 0
0 72ms
14ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://48fd90e908101a927f972cbb6b7d591f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame E074 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81676ec19a67d4e14f3f8e4289779a1e6e4063d626639a263768c334c8ca5180

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK / Show response
ads.projectagoraservices.com/ Frame D316 2 KB
1 KB 149ms
143ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.projectagoraservices.com/?id=11484&uref=https%3A%2F%2Fwww.travelmiso.com%2F&schain=
Requested by: Host: nichools.com
URL: http://nichools.com/sync?i=bdsfyu86g9gsdn1e02&a=85dc0a40cdabdf79cae78dee359d45d85&cb=4261821623656854534
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9089af99a246004f0fb2c0b095de0290d019304dc85ae446acb4d57a6f52c37a

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:36 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 909
Expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2748 318 KB
112 KB 33ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:35 GMT

GET
H2 204 /
ads.viralize.tv/track/ Frame 52DC 0
39 B 22ms
20ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTU2MNTbtGao6pCO~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22google_viewability_measurable%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame AEC3 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57468
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H2 204 /
ads.viralize.tv/track/ Frame 86D9 0
39 B 22ms
19ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTU1OPkpEx5nemgF~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22google_viewability_measurable%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:35 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6019 11 KB
8 KB 22ms
21ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6e737d0bf061550b1d81606ed282196559dada1ffba72c09aab52d60a48f612

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8493
x-xss-protection: 0

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7F9E 22 KB
8 KB 19ms
3ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 13 Jun 2021 10:48:52 GMT
expires: Mon, 13 Jun 2022 10:48:52 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 75524
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame F24F 43 B
2 KB 53ms
37ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=76&3pid=e7595fd5-1621-445a-9ee2-4e9524b515eb&gdpr=1&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:36 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame F24F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=437160c7-0997-4300-93fa-bb602690c95d

43 B
106 B

23ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=437160c7-0997-4300-93fa-bb602690c95d
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 14 Jun 2021 07:47:39 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x3
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=437160c7-0997-4300-93fa-bb602690c95d
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 14 Jun 2021 07:47:38 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F24F
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=NVWc9DNcxvsuVZv0YFHS8DFQy6YuAJvxYVUX4Car

43 B
106 B

21ms
21ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=NVWc9DNcxvsuVZv0YFHS8DFQy6YuAJvxYVUX4Car
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=NVWc9DNcxvsuVZv0YFHS8DFQy6YuAJvxYVUX4Car
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame F24F
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4610887547124996422

43 B
106 B

21ms
21ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4610887547124996422
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4610887547124996422
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame F24F 70 B
264 B 53ms
33ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=8bb78115-fc95-7e57-d95e-f8335c042ab9&gdpr=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame F24F 170 B
188 B 51ms
34ms Image
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTdkODUyZGYtMzVlMi0yMGYzLWNjYmUtYTI4YTk2ZTZlNGQ5

Requested by

Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F24F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEKcFttc0luMlyMGglrRCv4&google_cver=1

43 B
106 B

22ms
22ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEKcFttc0luMlyMGglrRCv4&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEKcFttc0luMlyMGglrRCv4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 59A7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpotOiAf-8zbFySO1MPJxA&google_cver=1

43 B
1014 B

51ms
37ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpotOiAf-8zbFySO1MPJxA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPqVhZkCEJaHo5kCGOuF4Z0BMAE&v=APEucNVuA1muoa1OB68-0dp_0XVvniAiQv-FeV_SGa8UiLUZ3MclZBY8T50yk9Hqqg-Whul5mXt19OEDCyXd48U61rw7cH0ukONvysXhrk9IRT4KxZOq00ofN4af9glSXt_nlMo13aKFBEWQw1t32rbw72KV-Ga9iYUajSLSAHcXo-kF7ToOaFs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Jun 2021 07:47:36 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpotOiAf-8zbFySO1MPJxA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 59A7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMcJmMXEkGhRJkXwQHIKbwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpotOiAf-8zbFySO1MPJxA&google_cver=1

43 B
1014 B

58ms
58ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpotOiAf-8zbFySO1MPJxA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPqVhZkCEJaHo5kCGOuF4Z0BMAE&v=APEucNVuA1muoa1OB68-0dp_0XVvniAiQv-FeV_SGa8UiLUZ3MclZBY8T50yk9Hqqg-Whul5mXt19OEDCyXd48U61rw7cH0ukONvysXhrk9IRT4KxZOq00ofN4af9glSXt_nlMo13aKFBEWQw1t32rbw72KV-Ga9iYUajSLSAHcXo-kF7ToOaFs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Jun 2021 07:47:37 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPpotOiAf-8zbFySO1MPJxA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 59A7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJgpJbkXBHA1cZkodetksws&google_cver=1

43 B
1023 B

1156ms
24ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJgpJbkXBHA1cZkodetksws&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPqVhZkCEJaHo5kCGOuF4Z0BMAE&v=APEucNVuA1muoa1OB68-0dp_0XVvniAiQv-FeV_SGa8UiLUZ3MclZBY8T50yk9Hqqg-Whul5mXt19OEDCyXd48U61rw7cH0ukONvysXhrk9IRT4KxZOq00ofN4af9glSXt_nlMo13aKFBEWQw1t32rbw72KV-Ga9iYUajSLSAHcXo-kF7ToOaFs

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:37 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.144:80
AN-X-Request-Uuid: 462ab21c-3fa8-4813-a5b9-0aabf1e96cf3
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJgpJbkXBHA1cZkodetksws&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 59A7
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjI4MzMyMTE2ODUzNTcxNDYxOQ%3D%3D

170 B
188 B

36ms
36ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjI4MzMyMTE2ODUzNTcxNDYxOQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:36 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.40:80
AN-X-Request-Uuid: 6050b1b8-93a4-49cf-844f-e39531de9494
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjI4MzMyMTE2ODUzNTcxNDYxOQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 edge.6.0.0.min.js Show response
s0.2mdn.net/9229046/1612520417718/300x600/ Frame C7DA 102 KB
33 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9229046/1612520417718/300x600/edge.6.0.0.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa1e6d5b976a4aaff8ee726d81538152b550a143a01c53f3ce9f4506f10ac617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:02:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6332
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33731
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 10:20:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 15 Jun 2021 06:02:04 GMT

GET
H2

200

b2
sb.scorecardresearch.com/ Frame D40F
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=15208452&c3=110&ns__t=1623656856096&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fadop%2F300x250.html&c9=http%3A%2F%2Fb.travelmis...
https://sb.scorecardresearch.com/b2?c1=7&c2=15208452&c3=110&ns__t=1623656856096&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fadop%2F300x250.html&c9=http%3A%2F%2Fb.travelmi...

64 B
329 B

64ms
63ms

Image
image/gif

99.86.241.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=15208452&c3=110&ns__t=1623656856096&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fadop%2F300x250.html&c9=http%3A%2F%2Fb.travelmiso.com%2F
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.241.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-241-23.vie50.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: GS2J_M4mr4LflexDVwjfS4L8y0N05bAsC7T2xfB4UcjysLs6752YKA==

Redirect headers

date: Mon, 14 Jun 2021 07:47:37 GMT
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=7&c2=15208452&c3=110&ns__t=1623656856096&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fadop%2F300x250.html&c9=http%3A%2F%2Fb.travelmiso.com%2F
content-length: 228
x-amz-cf-id: nNQCfhHdoLsk8BiF04FEcqBLafYmt0njWXsTMerneW7R2J1VcCt_Ww==

GET multi-sync.html
secure-assets.rubiconproject.com/utils/xapi/ Frame D62B 0
0

GET
H3-29

200

m
cm.mgid.com/ Frame D40F
Redirect Chain

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid
https://cm.mgid.com/m?cdsp=287839&c=1e5909af-14a4-4694-83f5-ae87d11f251b

43 B
575 B

77ms
76ms

Image
image/gif

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=287839&c=1e5909af-14a4-4694-83f5-ae87d11f251b
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 16f05d9b-f463-44f1-83c7-51d426976a7f
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f3a2ea54edb7-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab1699d30000edb7c607a000000001
server: cloudflare

Redirect headers

location: //cm.mgid.com/m?cdsp=287839&c=1e5909af-14a4-4694-83f5-ae87d11f251b
date: Mon, 14 Jun 2021 07:47:37 GMT
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
via: 1.1 google

GET sync
x.bidswitch.net/ Frame D40F 0
0

GET
H3-29

200

m
cm.mgid.com/ Frame D40F
Redirect Chain

https://creativecdn.com/cm-notify?pi=mgid
https://creativecdn.com/cm-notify?pi=mgid&tc=1
https://cm.mgid.com/m?cdsp=501037&c=FDk1EGEqV4dcJeTvBAjz&pi=mgid&tc=1

43 B
558 B

72ms
70ms

Image
image/gif

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=501037&c=FDk1EGEqV4dcJeTvBAjz&pi=mgid&tc=1
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:37 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 6ebeb492-83d1-40a1-b9f7-aa1d830295f1
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f39c7f2eedb7-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab1695c90000edb7c33da000000001
server: cloudflare

Redirect headers

location: https://cm.mgid.com/m?cdsp=501037&c=FDk1EGEqV4dcJeTvBAjz&pi=mgid&tc=1
pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT, Mon, 14 Jun 2021 07:47:36 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET /
cm.lentainform.com/setmuidn/ Frame D40F 0
0

GET sync
x.bidswitch.net/ Frame D40F 0
0

GET
H2

200

google
cm.mgid.com/ Frame D40F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDVleFA1Nldadkww&muidn=l5exP56WZvL0
https://cm.mgid.com/google?muidn=l5exP56WZvL0&google_ula={guid},5&google_gid=CAESEERlXxdudWPvg-zPjQ1HA-M&google_cver=1

0
177 B

78ms
77ms

Image
text/plain

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/google?muidn=l5exP56WZvL0&google_ula={guid},5&google_gid=CAESEERlXxdudWPvg-zPjQ1HA-M&google_cver=1
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: text/plain
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f3996b57ee48-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab1693de0000ee484c3df000000001

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.mgid.com/google?muidn=l5exP56WZvL0&google_ula={guid},5&google_gid=CAESEERlXxdudWPvg-zPjQ1HA-M&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
cm.idealmedia.io/setmuidn/ Frame D40F 0
0

GET
H2

200

m
cm.mgid.com/ Frame D40F
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1
https://cm.mgid.com/m?cdsp=371158&c=f045f152-f2cc-4b14-80ad-163e6e314e57&ttl=1626248856

43 B
337 B

71ms
71ms

Image
image/gif

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=371158&c=f045f152-f2cc-4b14-80ad-163e6e314e57&ttl=1626248856
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: d510ddf5-4535-4762-ba6e-83173e2c3009
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f3996b54ee48-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab1693de0000ee486a2d4000000001
server: cloudflare

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.mgid.com/m?cdsp=371158&c=f045f152-f2cc-4b14-80ad-163e6e314e57&ttl=1626248856
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 205

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 75FF 22 KB
8 KB 13ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 13 Jun 2021 10:48:52 GMT
expires: Mon, 13 Jun 2022 10:48:52 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 75524
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D0BD 10 KB
8 KB 26ms
21ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021061001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f14e74eec4bb5ff12e0a0789672347cf3c8c8bb33f7d85ca2ec9f36f9f310e6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7923
x-xss-protection: 0

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame CB25 236 KB
63 KB 26ms
21ms Script
text/javascript 2a02:26f0:6c00::210:ba1a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 14 Jun 2021 08:02:36 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame C463 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 931B 0
0 38ms
37ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstM_MRMlB8q-b_ldTAl08QLOqZykasm2v-4bj0yeIvZrTndmoKvMj9d83bh4IT6JEJ_hmFywGQNo31g0SHcMhMNY4FNQYwDTOm4k7izvYKscWqpDGy3ioWGlmh03CyVHNUunBtXUjJWa4KEjD5dczSsWQxyrVJiNb_CNK-cVmuZyRE9PFf-5Li7KLx0-a2MRcE5ROVCEHVmv9lFRiV_MznjvELiHP1c6P2Hy1zQzGhkKhTFbze7HxuIoIvy4IaYbgUvxZG0q-rv9g_pgITtOdofK0_X4NwHmhTcQqzU7Y-RRdy_VLrj8tGkkT6MitvZryDtgnM&sig=Cg0ArKJSzFXCmiB2ZscaEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 931B 10 KB
8 KB 25ms
22ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6d550a1be5c9e089dd233e00b1835aa997af8e37df7e3a5e25636864dc01277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7961
x-xss-protection: 0

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1A6C 0
0 53ms
49ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsujlLUI3OenE3AtB_taylGvFdo85fykZpk5A9YaROJSLfnAX1jZsgLGEOYTN4PDaX2adlQqoH0XuQysvwMBUFzUCnCRiMeCKVnD9XPobecXQBCaCqd-uNpabOKdqX7_wJaSmMb8D1Rt081WgXs851NPbd5Z4jFcJPxJjzp6SG8DBESFiPqwQ9VzEfaRli1kMwfhsJP9noaJMfm3xNtZvedTUQYrUwvmEh7NyRqQtr9IWiIf6jcq7R_stgeGrjnMO2Ax2H_hMIT1XFCBHbhSAAnL_ESyvY56h-KyGLXHmPRYCsfpknkDKbCQJpqwK7U1W5lS8Q&sig=Cg0ArKJSzEkoFGMUa4ZSEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1A6C 11 KB
8 KB 22ms
20ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af67e18881af781fdc027d96d6812a0a49a47dc4f295bce08c3af1fcb2ec8c80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8419
x-xss-protection: 0

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 036B 10 KB
8 KB 21ms
19ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2188f8241871ee91a97fde140715b3f4ad406699433e629cd1381854acfe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7933
x-xss-protection: 0

GET
H3-29 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame B341 318 KB
112 KB 48ms
43ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 img_rst_beer.png
s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/ Frame 5AAC 4 KB
4 KB 23ms
22ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/img_rst_beer.png?1610928118441

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7089e8b779e257ab935944a44a359f5c374c1bad95445ca5dbb2681e6e8de0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 20:08:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 19:30:33 GMT
server: sffe
age: 41960
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3840
x-xss-protection: 0
expires: Mon, 14 Jun 2021 20:08:16 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame E080 14 KB
6 KB 58ms
15ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H/1.1 200
OK Cookie set gmdef_728x90.asp Show response
www.travelmiso.com/acta/friends/ Frame 6EB2 1 B
388 B 1411ms
356ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.travelmiso.com/acta/friends/gmdef_728x90.asp
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570449&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=374824/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

Request headers

Host: www.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: ucfunnel_uid=1199424b-5208-3d1a-a051-6db0e30656d7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQCSSCCAC=BGMDPFDDENNPDCGFNHCLMKKI; path=/
Date: Mon, 14 Jun 2021 07:47:36 GMT
Content-Length: 120

GET

recv
cm.gammaplatform.com/adx/ Frame AB7E
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=ambient-digital&ttd_tpi=1
https://cm.gammaplatform.com/adx/recv?pid=5&uid=f045f152-f2cc-4b14-80ad-163e6e314e57

0
0

GET sync
x.bidswitch.net/ Frame AB7E 0
0

GET

recv
cm.gammaplatform.com/adx/ Frame AB7E
Redirect Chain

https://gocm.c.appier.net/ambient
https://cm.gammaplatform.com/adx/recv?pid=10&uid=gBISL6--Av-UKrUZmAnHYA

0
0

GET send
cm.ambientdsp.com/cm/ Frame AB7E 0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame DFDA 8 KB
3 KB 76ms
10ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570449&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=374824/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111758
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:36 GMT
vary: Accept-Encoding

GET

recv
cm.gammaplatform.com/adx/ Frame AB7E
Redirect Chain

https://cm.gammadsp.com/cm/send?vc=gdj
https://cm.gammaplatform.com/adx/recv?pid=50&uid=re4kg5jg7p9

0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 77E3 8 KB
3 KB 78ms
13ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570449&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=374824/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111758
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:36 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

sync
d.gammaplatform.com/ltm/ Frame AB7E
Redirect Chain

https://ad.crwdcntrl.net/5/c=13633/pe=y?https%3A%2F%2Fd.gammaplatform.com%2Fltm%2Fsync%3Fsegs%3D%24%7Baud_ids%7D
https://d.gammaplatform.com/ltm/sync?segs=

43 B
432 B

745ms
165ms

Image
image/gif

52.220.229.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d.gammaplatform.com/ltm/sync?segs=

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/728x90.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.220.229.2 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

lws: 90
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
time-ms: 0
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
accept-encoding: utf-8
content-length: 51

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://d.gammaplatform.com/ltm/sync?segs=
cache-control: no-cache
x-server: 10.45.7.180
content-length: 0
expires: 0

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame AB7E 2 KB
1 KB 121ms
26ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=83432313f553532313f5435393&cid=954&p=1505449937&s=http://travelmiso.com/&x=gammassp&nci=&adtg=1567570449&nai=&si=&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=1567569789&di=&mm=&os=&ua=&lat=&lon=
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570449&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=374824/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Jun 2021 15:09:31 GMT
server: cloudflare
age: 5796
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 65f1f3981e2aeddf-CDG
content-length: 1146
cf-request-id: 0aab16930b0000eddf4288e000000001
expires: Mon, 14 Jun 2021 09:47:36 GMT

GET

tpid=ny6ptqiol17s
bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/ Frame AB7E
Redirect Chain

https://bcp.crwdcntrl.net/5/c=13633/tp=GMMA/tpid=ny6ptqiol17s
https://bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/tpid=ny6ptqiol17s

0
0

GET
H/1.1 200
OK Cookie set gmdef_160x600.asp Show response
www.travelmiso.com/acta/friends/ Frame 7CE0 1 B
388 B 1579ms
167ms Document
text/html 203.76.174.123
SG-8-TO-SG 8 to I...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.travelmiso.com/acta/friends/gmdef_160x600.asp
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570861&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=644620/
Protocol: HTTP/1.1
Server: 203.76.174.123 , Singapore, ASN45470 (SG-8-TO-SG 8 to Infinity Pte Ltd, SG),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

Request headers

Host: www.travelmiso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: ucfunnel_uid=1199424b-5208-3d1a-a051-6db0e30656d7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQCSSCCAC=DGMDPFDDAHEBMLAODHDINCDG; path=/
Date: Mon, 14 Jun 2021 07:47:36 GMT
Content-Length: 120

GET

recv
cm.gammaplatform.com/adx/ Frame 54BB
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=ambient-digital&ttd_tpi=1
https://cm.gammaplatform.com/adx/recv?pid=5&uid=f045f152-f2cc-4b14-80ad-163e6e314e57

0
0

GET sync
x.bidswitch.net/ Frame 54BB 0
0

GET

recv
cm.gammaplatform.com/adx/ Frame 54BB
Redirect Chain

https://gocm.c.appier.net/ambient
https://cm.gammaplatform.com/adx/recv?pid=10&uid=RpkAPsWhDkKnBg5ymAnHYA

0
0

GET send
cm.ambientdsp.com/cm/ Frame 54BB 0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 40A7 8 KB
3 KB 73ms
11ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570861&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=644620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111758
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:36 GMT
vary: Accept-Encoding

GET

recv
cm.gammaplatform.com/adx/ Frame 54BB
Redirect Chain

https://cm.gammadsp.com/cm/send?vc=gdj
https://cm.gammaplatform.com/adx/recv?pid=50&uid=re4kg8byprb

0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3C9C 8 KB
3 KB 68ms
14ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570861&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=644620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111758
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:36 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

sync
d.gammaplatform.com/ltm/ Frame 54BB
Redirect Chain

https://ad.crwdcntrl.net/5/c=13633/pe=y?https%3A%2F%2Fd.gammaplatform.com%2Fltm%2Fsync%3Fsegs%3D%24%7Baud_ids%7D
https://d.gammaplatform.com/ltm/sync?segs=

43 B
432 B

911ms
166ms

Image
image/gif

52.220.229.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d.gammaplatform.com/ltm/sync?segs=

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/160x600.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.220.229.2 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

lws: 90
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
time-ms: 0
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
accept-encoding: utf-8
content-length: 51

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://d.gammaplatform.com/ltm/sync?segs=
cache-control: no-cache
x-server: 10.45.3.146
content-length: 0
expires: 0

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame 54BB 2 KB
1 KB 85ms
12ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=83432313f553532313f5435393&cid=954&p=1505449937&s=http://travelmiso.com/&x=gammassp&nci=&adtg=1567570861&nai=&si=&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=1567569789&di=&mm=&os=&ua=&lat=&lon=
Requested by: Host: tag.gammaplatform.com
URL: http://tag.gammaplatform.com/adx/request/?wid=1567569789&zid=1567570861&urf=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&zt=&cb=644620/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Jun 2021 15:09:31 GMT
server: cloudflare
age: 5796
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 65f1f3981e2ceddf-CDG
content-length: 1146
cf-request-id: 0aab16930b0000eddf3abec000000001
expires: Mon, 14 Jun 2021 09:47:36 GMT

GET

tpid=a0zusmm18rqw
bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/ Frame 54BB
Redirect Chain

https://bcp.crwdcntrl.net/5/c=13633/tp=GMMA/tpid=a0zusmm18rqw
https://bcp.crwdcntrl.net/5/ct=y/c=13633/tp=GMMA/tpid=a0zusmm18rqw

0
0

GET getuid
secure.adnxs.com/ Frame 81D2 0
0

GET sync
x.bidswitch.net/ Frame 81D2 0
0

GET redirectObuid
sync.outbrain.com/ Frame 81D2 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 81D2
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=c370ab16-b514-4aa1-9c59-28db1a573fba

35 B
237 B

42ms
41ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=c370ab16-b514-4aa1-9c59-28db1a573fba
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
server: OXGW/16.208.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=c370ab16-b514-4aa1-9c59-28db1a573fba
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET sync
sync.srv.stackadapt.com/ Frame 81D2 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 81D2
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-LBp6bYpE2pf5Rc4NVIu9bZCYT.hFtFJPs5fr~A

35 B
237 B

44ms
41ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-LBp6bYpE2pf5Rc4NVIu9bZCYT.hFtFJPs5fr~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 14 Jun 2021 07:47:36 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-LBp6bYpE2pf5Rc4NVIu9bZCYT.hFtFJPs5fr~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame 81D2 0
0

GET
H2 204 services
sync.technoratimedia.com/ Frame 81D2 0
293 B 154ms
92ms Image
text/plain 193.122.174.27
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 193.122.174.27 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 253538996
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true

GET 142
match.deepintent.com/usersync/ Frame 81D2 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 81D2
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_65463c6f-29ae-47b2-b01c-f64a87d3e3cb&gdpr=1&gdpr_consent=&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

35 B
237 B

51ms
49ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:38 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 78
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 81D2
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=3340b085-8ff8-4f42-b06a-837fb39e0c81

35 B
237 B

46ms
45ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=3340b085-8ff8-4f42-b06a-837fb39e0c81
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=3340b085-8ff8-4f42-b06a-837fb39e0c81
date: Mon, 14 Jun 2021 07:47:37 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame 81D2
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2163714
https://sync.1rx.io/usersync/tradedesk/f045f152-f2cc-4b14-80ad-163e6e314e57
https://sync.targeting.unrulymedia.com/csync/RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003

35 B
237 B

50ms
49ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003
date: Mon, 14 Jun 2021 07:47:38 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX4dd4d7ee80ab4dcfac4dbfe26464020c003
content-type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame 81D2
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=Xari3MgKLqzt&ev=1&pid=558355

35 B
237 B

41ms
40ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=Xari3MgKLqzt&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:39 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=Xari3MgKLqzt&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-8474b759f8-2hvq9
expires: -1

GET merge
ce.lijit.com/ Frame 81D2 0
0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame ABA3
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=437160c7-0997-4300-93fa-bb602690c95d&gdpr=1&gdpr_consent=

35 B
237 B

36ms
36ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=437160c7-0997-4300-93fa-bb602690c95d&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=437160c7-0997-4300-93fa-bb602690c95d&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 14 Jun 2021 07:47:39 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3759 5f8f15b master zrh-pixel-x10
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=437160c7-0997-4300-93fa-bb602690c95d&gdpr=1&gdpr_consent=
Expires: Mon, 14 Jun 2021 07:47:38 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame A04B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YMcJmAABhOYQ8wBg
https://rtb.gumgum.com/usersync?b=atm&i=YMcJmAABhOYQ8wBg&gdpr=1&gdpr_consent=&_test=YMcJmAABhOYQ8wBg

35 B
237 B

38ms
37ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YMcJmAABhOYQ8wBg&gdpr=1&gdpr_consent=&_test=YMcJmAABhOYQ8wBg
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YMcJmAABhOYQ8wBg&gdpr=1&gdpr_consent=&_test=YMcJmAABhOYQ8wBg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YMcJmAABhOYQ8wBg&gdpr=1&gdpr_consent=&_test=YMcJmAABhOYQ8wBg
accept-ranges: bytes
date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 varnish
x-served-by: cache-fra19164-FRA
x-cache: HIT
x-cache-hits: 0
x-timer: S1623656856.485626,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3-29 200 pixel Show response
cm.g.doubleclick.net/ Frame C971 170 B
188 B 89ms
48ms Document
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82NTQ2M2M2Zi0yOWFlLTQ3YjItYjAxYy1mNjRhODdkM2UzY2I=&gdpr=1&gdpr_consent=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV82NTQ2M2M2Zi0yOWFlLTQ3YjItYjAxYy1mNjRhODdkM2UzY2I=&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkaEOF5I60pQw1z20S7oskrJrzw9e048mRx5tYhVpS9F2da3JcLsvidZn58QuU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Mon, 14 Jun 2021 07:47:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E1C1 8 KB
3 KB 69ms
33ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111758
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:36 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 4F70 0
0 454ms
120ms Document
text/plain 67.202.110.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.22 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-110.static.steadfastdns.net
Software: 33XP005 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP005
date: Mon, 14 Jun 2021 07:47:35 GMT

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 6C54 70 B
264 B 61ms
42ms Document
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

:method: GET
:authority: match.adsrvr.org
:scheme: https
:path: /track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TDID=f045f152-f2cc-4b14-80ad-163e6e314e57; TDCPM=CAESFwoIcHVibWF0aWMSCwiY1v7S1sTXORAFGAEgASgCMgsIwsi3hO3E1zkQBTgBWgdvbW42N2hsYAI.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame 2DA3 0
0 61ms
42ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: text/html
date: Mon, 14 Jun 2021 07:47:36 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame D510
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YMcJmMCo8XUAAGKjA18AAAAA

35 B
238 B

119ms
41ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YMcJmMCo8XUAAGKjA18AAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YMcJmMCo8XUAAGKjA18AAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YMcJmMCo8XUAAGKjA18AAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 1
X-SO-HostName: a-ad40040.dc2p.scaleout.jp
X-SO-LB-Hostname: m-tgng17.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"YMcJmMCo8XUAAGKjA18AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40040"}
X-SO-Key: YMcJmMCo8XUAAGKjA18AAAAA
X-SO-IP: 93.177.75.188
X-SO-Cluster-ID: 0
X-SO-Upstream-ID: a-ad40040

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame B4A0
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=2159827871644734340

35 B
237 B

35ms
34ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=2159827871644734340
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=2159827871644734340
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 14 Jun 2021 07:47:36 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAAFslxmtoZmRsZmpmYWpmYmQEAGEZSVkQAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 9 Jul 2022 07:47:36 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNjI0tbQwMrcwNzQzMTE3NjE2MRDiM9S1DPbMzswONsx3NIqQ4jU0MzI2MzWzMDUzMTICAEDR0GY0AAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 9 Jul 2022 07:47:36 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNjI0tbQwMrcwNzQzMTE3NjE2MRDiM9S1DPbMzswONsx3NIoAAHZixq8lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=2159827871644734340
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame F792
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://rtb.gumgum.com/usersync?b=rth&i=FDk1EGEqV4dcJeTvBAjz&pi=gumgum

35 B
237 B

37ms
34ms

Document
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=FDk1EGEqV4dcJeTvBAjz&pi=gumgum
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=FDk1EGEqV4dcJeTvBAjz&pi=gumgum
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Mon, 14 Jun 2021 07:47:36 GMT Mon, 14 Jun 2021 07:47:36 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=FDk1EGEqV4dcJeTvBAjz&pi=gumgum
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 8620 38 KB
14 KB 43ms
37ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29089
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:36 GMT
vary: Accept-Encoding

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6019 17 KB
6 KB 21ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.fr/adsid/ Frame 330C 107 B
122 B 19ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 330C 107 B
122 B 16ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 330C 24 KB
11 KB 341ms
341ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2885524450737917&correlator=3000957452531390&output=ldjh&impl=fifs&eid=31060979%2C31061224%2C31061290%2C31061030&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=21671350435%2C728x90-travelmiso.com&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cookie=ID%3Dea21d46e2bb64c4b%3AT%3D1623656855%3AS%3DALNI_MamQNW4ndhhQRKGevxhrqfjyF3IGg&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1623656856&dt=1623656856437&dlt=1623656854475&idt=1890&ea=0&frm=23&biw=1600&bih=1200&isw=728&ish=90&oid=3&adxs=48&adys=1555&adks=871169296&ucis=t9419sp3m2lk&ifi=1&ifk=2612708085&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&ref=http%3A%2F%2Fb.travelmiso.com%2F&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=728x90&msz=728x-1&ga_vid=877111994.1623656856&ga_sid=1623656856&ga_hid=1718617374&ga_fc=false&fws=256&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b1dcd5bfec405b29c6293eef2adc4932b60df8a3b548bcc638e313fdd363fa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10940
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 330C 0
0 45ms
14ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 / Show response
pips.taboola.com/ Frame 6040 64 B
237 B 45ms
5ms XHR
text/plain 2a04:4e42:3::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:3::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: b8d54469be918f4a8dee30d099dc5bcce1eb96307d53c68e6e4fac7f1e7b1783

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 varnish
server: Varnish
x-served-by: cache-fra19128-FRA
access-control-allow-methods: GET
access-control-allow-origin: http://nichools.com
cache-control: no-store
x-cache: HIT
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H2 200 Verizon_Media.png
cdn.aralego.net/ucfad/house/ucf/ Frame 4EEA 87 KB
87 KB 20ms
20ms Image
image/png 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.aralego.net/ucfad/house/ucf/Verizon_Media.png
Requested by: Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=970&height=250&click=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42818027891cd54585a88d6f81fc6b4bfdb7aa3424ee79d2e22a1cb35a0ea656

Request headers

Referer: https://cdn.aralego.net/ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=970&height=250&click=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2083
content-length: 88802
cf-request-id: 0aab1693b200004a86e82a9000000001
last-modified: Tue, 27 Apr 2021 01:41:12 GMT
server: cloudflare
etag: "60876bb8-15ae2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7K%2FK90PUSx13QZ8weCgeYhJcDH9h7gTkbOiycd%2B667dpjCNluETt9m8KcFL8Y73%2BX4Sd46HjhTO5L%2FdWU6lFF%2FoIf%2FmYlVzLURHcpEMUjFS2OvE6xmpEeY3bH5H2LPgakHGLlf0niYQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 65f1f3991bb84a86-FRA

GET
H2 200 Verizon_Media.png
cdn.aralego.net/ucfad/house/ucf/ Frame 6811 87 KB
87 KB 21ms
20ms Image
image/png 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.aralego.net/ucfad/house/ucf/Verizon_Media.png
Requested by: Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=300&height=250&click=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42818027891cd54585a88d6f81fc6b4bfdb7aa3424ee79d2e22a1cb35a0ea656

Request headers

Referer: https://cdn.aralego.net/ucfad/mobile/production_flurryTag.html?adid=d3ba746a-82fb-4032-b01e-ccb4c304c69a&width=300&height=250&click=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2083
content-length: 88802
cf-request-id: 0aab1693b900004a8613331000000001
last-modified: Tue, 27 Apr 2021 01:41:12 GMT
server: cloudflare
etag: "60876bb8-15ae2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=yOx7umuYk9xEG1JUD5w%2FcerMU1sJcnz3DjZKKJ6X38sPoCsm8l5JgGDxZw9Np%2B%2B1PP3EKc1snElaaMWYSRsNDfJkoIbkvg1fK8PJZKYlTagMa9NkWIacZ0jM30DHMsWopohmHv9Iuik%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 65f1f3992be74a86-FRA

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D0BD 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 931B 17 KB
6 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1A6C 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 036B 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H/1.1 204
No Content t.dhj Show response
pxdrop.lijit.com/1/d/ Frame 6049 0
225 B 299ms
31ms Script
text/plain 104.111.233.227
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://pxdrop.lijit.com/1/d/t.dhj?dmn=b.travelmiso.com&GDPR_v2=
Requested by: Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1
Protocol: HTTP/1.1
Server: 104.111.233.227 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-227.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 6049
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=1512&partner_device_id=f35e06d1217e66947e122508&gdpr=1&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=f35e06d1217e66947e122508&gdpr=1&gdpr_consent=

95 B
416 B

22ms
22ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=f35e06d1217e66947e122508&gdpr=1&gdpr_consent=

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adsp/300x250.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.36.v20210114) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

date: Mon, 14 Jun 2021 07:47:36 GMT
via: 1.1 google
server: Jetty(9.4.36.v20210114)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1512&partner_device_id=f35e06d1217e66947e122508&gdpr=1&gdpr_consent=
alt-svc: clear
content-length: 0

GET pixel
ps.eyeota.net/ Frame 6049 0
0

GET pv=y
bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=f35e06d1217e66947e122508/gdpr=1/gdpr_consent=/ Frame 6049 0
0

GET
H/1.1 200
OK ct
ap.lijit.com/data/ Frame 6049 43 B
206 B 2626ms
30ms Image
image/gif 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/data/ct?tid=a_861814_4c50c09387e64f85b0db26e8e13ca7f6&zoneid=861814&cid=18&geo=FR&all_tags=185%2C203%2C205%2C248%2C429%2C458%2C462%2C465%2C490%2C501%2C503%2C512%2C515%2C519%2C520%2C523%2C539%2C541%2C543%2C561%2C563%2C565%2C578%2C589%2C590%2C600&tss=959%2C960%2C961%2C970&fired_tags=519%2C520%2C541%2C590&count=4&status=8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C1%2C8%2C8%2C1%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C32&elapsed_ms=976
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adsp/300x250.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:39 GMT
Server: nginx
X-Sovrn-Pod: ad_ap7ams1
X-Powered-By: raptor
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CC50 42 B
64 B 22ms
21ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstx_CFpfXln1UC2dKMnoAH9xtbtBXJyvFHZcCVeCEiIuV8AYLAxadSVUemOcK43bxWUxaa5ZtDexEijy_DMPTKe_QujYF6PgBK9K0OWilQ4HERhtyTtgalmD6vSUQ&sai=AMfl-YSrWuKSs_TFzTQGcVIq9vA1v6f3SLAibLB6wcelppCgOJCnX9JIWjH8RvYJk2POUSrI6Pk5wxLeCW1TOUNkVnaCeflVrNo9GS29fwmKBls3AADSynrUNLyBUbh6&sig=Cg0ArKJSzOBQ1xguaDIxEAE&cid=CAASEuRogdnX5jqM2CZsPjGwYJ96mQ&id=lidar2&mcvt=1374&p=0,0,600,300&mtos=1374,1374,1374,1374,1374&tos=1374,0,0,0,0&v=20210611&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1576936405&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656851772&dlt=495&rpt=3687&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET impress
exchange.adtrue.com/delivery/ Frame BBA7 0
0

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B511 42 B
64 B 22ms
21ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst16cyX2EylG1he80M36ilBNjVHBhz1mTAVGEgmIMpUt5FPGihtAQaUzwTWrbe9VXCi1r980eu3ISiFnjxDi3FqoIZFP7MMjv1RB1UAoZR_brnv1b7tPTcB71FF1A&sai=AMfl-YTiXOh4bnmZG48KV__yYM6u9ATtNKUvnR_wLFl9uSBdMEvJlpzmKRvHIrnnqYH6kXPVdwtbdvMC9_4Vsqxfc2QEEmqMujPf2IMIKhlZEMP1Ws9FH7R74CRuHeCT&sig=Cg0ArKJSzEN0D92H5F9jEAE&cid=CAASEuRopKgHzxKTLjmhcI_qu-kDpg&id=lidar2&mcvt=1304&p=0,0,600,160&mtos=1304,1304,1304,1304,1304&tos=1304,0,0,0,0&v=20210611&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3266069665&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656852196&dlt=169&rpt=3351&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pav2_3.25.min.js Show response
projectagora.net/libs/ Frame D316 22 KB
5 KB 34ms
11ms Script
application/javascript 2606:4700:3035::6815:2f1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/pav2_3.25.min.js
Requested by: Host: ads.projectagoraservices.com
URL: http://ads.projectagoraservices.com/?id=11484&uref=https%3A%2F%2Fwww.travelmiso.com%2F&schain=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2f1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2889eb05f073f7d5b57871d886412e1330441ccac21d149403e94ebf869fa813

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5990
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 2K73VPDJC2M5EPP1
x-amz-id-2: CAXezVOloR5BM7k6KcBaygn90D5HIA2WkbxqFeDoQB9fNX1vTwRmisOeTbHB80NM+rWixnWhezo=
last-modified: Wed, 05 May 2021 10:07:24 GMT
server: cloudflare
etag: W/"5ad9313a3f5ac0b5de3249cbac8ff4c1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=K9pSDBz3mh%2Bp9h%2BsO9k%2B3ljhWV%2BAfSRnxs%2BVM7tjIYGjG83UfmhPtgpJGhxAg1WkphTNZJch07lE9sJeKeqcFvco1qUEXK4pXYTaIMAb7o2H4VuW%2BKFDvtaQrLIqb2Q7z2QjIF%2FvjtIGxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0aab16944b00002bade104e000000001
cf-ray: 65f1f39a1d9c2bad-FRA

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 7557 62 KB
21 KB 36ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cht_cookieSyncIframe.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

501a9391f2566e13d08d808678bfd47a7fef4c33eabbf1625b9494fa75db1071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "902 / 853 of 1000 / last-modified: 1623449396"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21627
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:36 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 656B 11 KB
8 KB 21ms
21ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b72b8f445b755f5e5716d6df65995f854b521cf34f0f437f886633e982b420e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8373
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D40F 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 178d0923127f644b497c0aba95fabd7a6c8d134730fb7e1810ca947d732e9f8a

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET /
cds.taboola.com/ Frame 6040 0
0

GET
H3-29 200 index_edge.js
s0.2mdn.net/9229046/1612520417718/300x600/ Frame C7DA 10 KB
10 KB 8ms
6ms Image
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9229046/1612520417718/300x600/index_edge.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:02:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6332
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2659
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 10:20:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 15 Jun 2021 06:02:04 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61659813/20201215140423349/ Frame D224 192 KB
44 KB 18ms
13ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61659813/20201215140423349/index.html?e=69&leftOffset=0&topOffset=0&c=fkTMyD5xpo&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c46fcafea5446321d2d0df79f45ab7a2174678441b4c5ff10b0042a99028c7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61659813/20201215140423349/index.html?e=69&leftOffset=0&topOffset=0&c=fkTMyD5xpo&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45012
date: Mon, 14 Jun 2021 07:47:36 GMT
expires: Tue, 15 Jun 2021 07:47:36 GMT
cache-control: public, max-age=86400
last-modified: Tue, 15 Dec 2020 22:04:23 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST view
googleads4.g.doubleclick.net/pcs/ Frame 2321 0
0

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2321 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 10:48:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 13 Jun 2022 10:48:52 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C18D 1 KB
749 B 15ms
15ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com
URL: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 13 Jun 2021 09:02:58 GMT
expires: Mon, 14 Jun 2021 09:02:58 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 81878
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2321 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e9c4d25f9a4040c4e649b141a4f1a5bd285edf44960821f3e817d2e1afda674

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 generic
data.adsrvr.org/track/cmf/ Frame 1E86 70 B
265 B 1403ms
47ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_861814_4c50c09387e64f85b0db26e8e13ca7f6&rand=2024&informer=13422783&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET

merge
ce.lijit.com/ Frame 1E86
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=87&3pid=97ab0b82-599e-49cd-b60d-a0335abf1d5a

0
0

GET

merge
ce.lijit.com/ Frame 1E86
Redirect Chain

https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=&_bee_ppp=1
https://ce.lijit.com/merge?pid=85&3pid=AADp4k7BjhMAADIHQd_qqw&gdpr=1

0
0

GET getuid
secure.adnxs.com/ Frame 1E86 0
0

GET sync
x.bidswitch.net/ Frame 1E86 0
0

GET cksync.php
contextual.media.net/ Frame 1E86 0
0

GET lj_match
um.simpli.fi/ Frame 1E86 0
0

GET sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 1E86 0
0

GET

merge
ce.lijit.com/ Frame 1E86
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=49&3pid=ZsVObEnzlJIe&ev=1&pid=558511&gdpr_consent=&gdpr=1

0
0

GET tum
ums.acuityplatform.com/ Frame 1E86 0
0

GET cm
p.rfihub.com/ Frame 1E86 0
0

GET sv
px.owneriq.net/eucm/p/ Frame 1E86 0
0

GET 101957
jadserve.postrelease.com/suid/ Frame 1E86 0
0

GET pixelSync
pixel-sync.sitescout.com/dmp/ Frame 1E86 0
0

GET ae12848777b41970a5f2
aax-eu.amazon-adsystem.com/s/x/ Frame 1E86 0
0

GET beacon
ap.lijit.com/dsp/google/cookiematch/ Frame 1E86 0
0

GET pv=y
bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=f35e06d1217e66947e122508/ Frame 1E86 0
0

GET dv
ap.lijit.com/dsp/google/cookiematch/ Frame 1E86 0
0

GET

merge
ce.lijit.com/ Frame 1E86
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

0
0

GET sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 1E86 0
0

GET pixel.gif
aorta.clickagy.com/ Frame 1E86 0
0

GET img
sync.mathtag.com/sync/ Frame 1E86 0
0

GET p-CXt61zNBpKUt1.gif
pixel.quantserve.com/pixel/ Frame 1E86 0
0

GET cm-notify
creativecdn.com/ Frame 1E86 0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 157A 8 KB
3 KB 92ms
26ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_861814_4c50c09387e64f85b0db26e8e13ca7f6&rand=2024&informer=13422783&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES; PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111757
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:37 GMT
vary: Accept-Encoding

GET

merge
ce.lijit.com/ Frame 8F87
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=1&3pid=3748544639322033683&gdpr=1&gdpr_consent=

0
0

GET cm
us-u.openx.net/w/1.0/ Frame 611F 0
0

GET
H2 200 0608867b Show response
rtb.gumgum.com/usync/ Frame F159 4 KB
2 KB 41ms
40ms Document
text/html 34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_861814_4c50c09387e64f85b0db26e8e13ca7f6&rand=2024&informer=13422783&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 3e5eab8fb7b9ff15c9bde1e6449dd5245267ae861b24346bb63c9e336dce1c49

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_f30c818c-f3bd-4ac6-b5d1-b47c99f0cdf8; Domain=.gumgum.com; Expires=Tue, 14-Jun-2022 07:47:37 GMT; Path=/; Secure; SameSite=None
etag: W/"0782ed10dfac7a46631e16e431bcf0fdb"
timing-allow-origin: *
content-encoding: gzip

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B6DF 8 KB
3 KB 78ms
29ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_861814_4c50c09387e64f85b0db26e8e13ca7f6&rand=2024&informer=13422783&type=fpads&loc=http%3A%2F%2Fb.travelmiso.com&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES; PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111757
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:37 GMT
vary: Accept-Encoding

GET
H3-29 200 integrator.js Show response
adservice.google.fr/adsid/ Frame 2748 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2748 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b.travelmiso.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2748 14 KB
8 KB 534ms
534ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1444084373060564&correlator=988859684526547&output=ldjh&impl=fifs&eid=21068030%2C21068110%2C31061004%2C31061354&vrg=2021060801&ptt=17&sc=0&sfv=1-0-38&ecs=20210614&iu_parts=152344380%2Cca-pub-8804303781641925-tag%2Ctravelmiso.com_728X90&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&cookie=ID%3Dea21d46e2bb64c4b%3AT%3D1623656855%3AS%3DALNI_MamQNW4ndhhQRKGevxhrqfjyF3IGg&cdm=b.travelmiso.com&bc=23&abxe=1&lmt=1595204518&dt=1623656857121&dlt=1623656853738&idt=3373&ea=0&frm=23&biw=1600&bih=1200&isw=728&ish=90&oid=3&adxs=802&adys=1555&adks=2093945874&ucis=8qql5i7lqw88&ifi=1&ifk=1575406150&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=http%3A%2F%2Fb.travelmiso.com%2Fads%2Fvls%2F728x90.html&ref=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&top=http%3A%2F%2Fb.travelmiso.com%2Ftravel%2F&vis=1&scr_x=0&scr_y=0&psz=728x90&msz=728x-1&ga_vid=114518539.1623656857&ga_sid=1623656857&ga_hid=1873595378&ga_fc=false&fws=256&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cca5234d7e250d047cee9550c69698be62684e18e3cbe13d41432913e009ed6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8635
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://b.travelmiso.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
34e89f3934861578abf3c84e47427048.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2748 0
0 60ms
13ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://34e89f3934861578abf3c84e47427048.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 img_rst_main_cover.png
s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/ Frame 5AAC 106 KB
106 KB 8ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/img_rst_main_cover.png?1610928118441

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bccea26cce570194d455e5940e59cb52dd2d23dd450991ab4b5ef90bc5222a7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9631534/1612207833628/SquareOnline_NewYears_300x250_RST/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 17:22:54 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 19:30:33 GMT
server: sffe
age: 51883
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108301
x-xss-protection: 0
expires: Mon, 14 Jun 2021 17:22:54 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame E074 0
0 34ms
34ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst5SJQjrtP-V1hVs8k4fJ6E13OcGGGWQorSJRNG13JfGSbrtxG6w3yW9k9Cf7SpZe1aeXUECNBUtCvkVnFCZ4eTH1JHwoo6G-UV9au9aI63mKMRGB8iqvxAfLIetCy9KJSLfJo6MgP8POFHy0I63JrFpySBgmiJYacM_0Mh1BazPw_q3VP5iECn-KGDLjUX5NenRnMOkVIN1OLvY8CxXvcMOjyQVEdyeXZto95g0MBMeGlG2pc9gPlDEJFPPl6r1JsM1PPkTQ_cgS4aIrGq2irvc3nBUoNyPt2E-3ndNQ6G6f8LSpDLx4r5jF5t5m59IyxTGg&sig=Cg0ArKJSzPA-YP7dD3npEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E074 10 KB
8 KB 21ms
20ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce0eb2f472742efef500e261f07fae400f667a1a5c58e6181fb3bf15c8d653ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7878
x-xss-protection: 0

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame D785 0
0 37ms
34ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst4S74l6sXjbelDQLgxrM92wbJVTQNbBaRWe69CmnvzSk5bGzcYWyMt2Bpj3P067IOuBXrEzSIODED8Nfgb2mV7Vyx6K8AxZ0xPA25QunHGCu82k5Ds9FFhzXvLE45wSGdSkuF7aRzJ60xKFILdP3iFCBPTZ6abxjwYP44OzmpEzvcQpF6JqeVz7qLPpA6c5AVI81jZi0SYD2XmppUwxVQyBCZVLaA904ALv8rzRmMTg_TYGXWcosgjArmy4ngAR5glDpDXS_v7VHCof-hnIgh9B5cXUm2fGl17ZA7xsDHG3EzBf3SGjUv7f_QAuWFWDGYfhg&sig=Cg0ArKJSzFzgPVcA5lwJEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D785 10 KB
8 KB 23ms
20ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fae2f4aa844810c4f8698ac6e22364426d0045ec6e06effe530eae0d6ec38a26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7810
x-xss-protection: 0

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7BBE 10 KB
8 KB 21ms
21ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84c9f368b745738f6a4d62f488b1ae50a3091078b6e21dce556c3ef166ef42a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 34C5
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEOmAD9tS21M9zXGCG2Dgjew&google_cver=1&google_push=AYg5qPITAQF9arQyszvQbbB90hoKJWbf0KbVBXMMqRo_k0dXtmPaM74zjA...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPITAQF9arQyszvQbbB90hoKJWbf0KbVBXMMqRo_k0dXtmPaM74zjAQaR9R0NZesxq2Tu_xAnMCWwR0jKs--TzCADqqn_8Wa&google_hm=Om17cv...

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPITAQF9arQyszvQbbB90hoKJWbf0KbVBXMMqRo_k0dXtmPaM74zjAQaR9R0NZesxq2Tu_xAnMCWwR0jKs--TzCADqqn_8Wa&google_hm=Om17cvy2z9koj9lb91Ewgw

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPITAQF9arQyszvQbbB90hoKJWbf0KbVBXMMqRo_k0dXtmPaM74zjAQaR9R0NZesxq2Tu_xAnMCWwR0jKs--TzCADqqn_8Wa&google_hm=Om17cvy2z9koj9lb91Ewgw
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET img
sync.mathtag.com/sync/ Frame 34C5 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 34C5
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEJXkzoZiojKx26Gcy6PN_aM&google_cver=1&google_push=AYg5qPKO4vh4QFPGzdzbUQ6sNAu1o_I-PDo7eOXiY5DJxVajPwB6raDKorfQfEWz7wWCXneGvsXc4UWDtONkp4qWep3B2ERwcSI
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=UnBrQVBzV2hEa0tuQmc1eW1BbkhZQQ%3D%3D&google_push=AYg5qPKO4vh4QFPGzdzbUQ6sNAu1o_I-PDo7eOXiY5DJxVajPwB6raDKorfQfEWz7wWCXneGvsXc4UWDtONkp...

170 B
188 B

37ms
37ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=UnBrQVBzV2hEa0tuQmc1eW1BbkhZQQ%3D%3D&google_push=AYg5qPKO4vh4QFPGzdzbUQ6sNAu1o_I-PDo7eOXiY5DJxVajPwB6raDKorfQfEWz7wWCXneGvsXc4UWDtONkp4qWep3B2ERwcSI

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=UnBrQVBzV2hEa0tuQmc1eW1BbkhZQQ%3D%3D&google_push=AYg5qPKO4vh4QFPGzdzbUQ6sNAu1o_I-PDo7eOXiY5DJxVajPwB6raDKorfQfEWz7wWCXneGvsXc4UWDtONkp4qWep3B2ERwcSI
date: Mon, 14 Jun 2021 07:47:37 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 242
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET sync
x.bidswitch.net/ Frame 34C5 0
0

GET dds
rtb.openx.net/sync/ Frame 34C5 0
0

GET sync
ssbsync.smartadserver.com/api/ Frame 34C5 0
0

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame 34C5 43 B
67 B 15ms
14ms Image
image/gif 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEKQbNi9fSCz-aKbG65ni5sk&google_cver=1&google_push=AYg5qPKY2CU-s8ak_VdURVe0lDD7KKvQx5fq8nWOP17MXtwRR1WjA9umkYBgiI8OlqCJZ-TL8Unfia4fy8fYPpXjAMnsL53zF5kW

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Tue, 15 Jun 2021 07:47:37 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 34C5 0
12 B 32ms
31ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KqRU9uQjArQ4ojjIbdEASIYoHfKlta1csiWugmwbuaehDphkn8AwvpAFOt_62X6YqMZLg19A

Requested by

Host: a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com
URL: https://a15ac0e614c5002f10a5f47b2408de8c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 container.html Show response
25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 85A6 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:36 GMT
expires: Tue, 14 Jun 2022 07:47:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 330C 73 KB
28 KB 33ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 656B 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame BF23 70 B
265 B 106ms
38ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGbdj8wMHou1d2_FbryGUVE&google_cver=1&google_push=AYg5qPI5_wt1VdKvwrVKKHatAseBiV9kKJawOAGiDA647JzkrFgIbfseT8RbPnLqTDI_7mppJ6FL9QbOt9SXtxYP_4oViCpQ6x64
Requested by: Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:37 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET rub
px.adhigh.net/p/gm/ Frame BF23 0
0

GET /
sync3.sniperlog.ru/ Frame BF23 0
0

GET sync.cgi
ssp.adriver.ru/cgi-bin/ Frame BF23 0
0

GET sync
sync.srv.stackadapt.com/ Frame BF23 0
0

GET
H2 204 exptsync
ads.yieldmo.com/ Frame BF23 0
35 B 1390ms
34ms Image
text/plain 52.17.188.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESEN35TfEDpH5Jd5UgwOdtXFg&google_cver=1&google_push=AYg5qPIHKqEWL0dEgX2R1GHMZeITm2M0lmzoJOOsa7OEoT2QfW_k2-yvstaxtRglk7TxclCoXc3qyiSkkYbxRrV4Hn4lYDrVEHg
Requested by: Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.188.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT

GET sync
rtb2-useast.e-volution.ai/ Frame BF23 0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame BF23 0
12 B 33ms
32ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LNoUCoudrfYyOnujEAG0ONmz0qKolBtfyEKKmR53i14tE5P1Xi-my77PyagbOiO8__3i8F-g

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 _300x335.jpg
s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/images/ Frame CB25 11 KB
11 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/images/_300x335.jpg?1618349144015

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6107e89b5a9fe2fbde49bca6e57fb57a5276d424cae243d808c653f3528378c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:54:09 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Apr 2021 09:04:04 GMT
server: sffe
age: 3208
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11567
x-xss-protection: 0
expires: Tue, 15 Jun 2021 06:54:09 GMT

POST view
googleads4.g.doubleclick.net/pcs/ Frame B511 0
0

GET
H2 204 /
ads.viralize.tv/track/ Frame 52DC 0
39 B 1093ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTU2MNTbtGao6pCO~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22google_viewable%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H2 204 /
ads.viralize.tv/track/ Frame 86D9 0
39 B 1079ms
21ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2f72898a9f96e66b7e271%3A0%3ANTU1OPkpEx5nemgF~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22google_viewable%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E074 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D785 17 KB
6 KB 95ms
94ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 931B 42 B
64 B 15ms
14ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst9nMlEcmp2XKzd7pYKHDB7ztGQkT2IkTC-GqK2Nd7eCYSxdukjfLWbQxX2oVNG_LoHHGF9U9K8pVNtJUd88-ecBCNjmW4sbADSMDQWSvA&sig=Cg0ArKJSzLhA11YQ5axyEAE&id=lidar2&mcvt=1485&p=0,0,250,300&mtos=1485,1485,1485,1485,1485&tos=1485,0,0,0,0&v=20210611&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=722326227&rs=4&met=ce&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656853469&dlt=0&rpt=2674&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1A6C 42 B
64 B 18ms
15ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvhBSbnOZOzOPxc6L9vbyD9xcWHoDId7QDUsrHlLspeluAtonIwO5V8A4CrwOxFOnWcmR4F25SY-ToVbRukJZYUrdI3gBh1ltGLqOPKKR0&sig=Cg0ArKJSzFHafTprcdueEAE&id=lidar2&mcvt=1501&p=0,0,250,300&mtos=1501,1501,1501,1501,1501&tos=1501,0,0,0,0&v=20210611&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=1866056204&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656851630&dlt=0&rpt=4522&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7BBE 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:37 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame DFAA 83 KB
27 KB 83ms
41ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.viralize.tv
URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a98e1f08dd27c121a337ddc31691d4044f56ae83301b574728548b78d3068d3b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:09:58 GMT
server: nginx
etag: W/"60b79136-14aab"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:47:37 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.fr/adsid/ Frame B341 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame B341 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame B341 330 B
170 B 55ms
55ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1359373971600088&correlator=1057612372622440&output=ldjh&impl=fifs&eid=31061224%2C31061422%2C31061142&vrg=2021060801&ptt=17&sc=1&sfv=1-0-38&ecs=20210614&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cdm=cdn.aralego.net&bc=23&abxe=1&lmt=1597133702&dt=1623656857903&dlt=1623656854361&idt=3326&ea=0&frm=8&biw=-12245933&bih=-12245933&oid=3&adxs=-12245933&adys=-12245933&adks=64515409&ucis=31di3lcejgeq&ifi=1&ifk=923963767&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2Fcht_cookieSyncIframe.html&ref=http%3A%2F%2Fb.travelmiso.com%2F&top=http%3A%2F%2Fb.travelmiso.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x-1&ga_vid=1827435062.1623656858&ga_sid=1623656858&ga_hid=446442668&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc18b96616448c7d5e845de4a5753024912eaade8e97d5d465453b5e3c024cc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
071042b53cedb124791095f049055433.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B341 0
0 41ms
13ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://071042b53cedb124791095f049055433.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame B778 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4332
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3D4C 783 B
532 B 15ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7714500b2c8b1aed37781621ad8b1a16b7489171ffaf2a598cbfc1937119bc83

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1mMmBiQXFX5+8xScMh2D8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:37 GMT
date: Mon, 14 Jun 2021 07:47:37 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-1mMmBiQXFX5+8xScMh2D8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 c
c.mgid.com/ Frame D40F 43 B
177 B 110ms
109ms Image
image/gif 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.mgid.com/c?f=1&pv=3&v=300|250|12|KcYayaT5EmVWu8-4M2AdhG2wsJ2QxjkY-hQ0BzNF_g-ysp9cO1iUysZ7ipBenGh-&fw=1&extjs=66044&cid=1151336&h2=osGc9IG8QbaWdv591HpRpcB5_07rwZ0vLxcYTalSpKk*&rid=c7d7efa1-cce4-11eb-acb5-d094662c1c35&tt=Referral&ts=shoppinglifestyle.biz&iv=11&pageImp=1&pvid=17a097d7076ad179c6b&cbuster=1623656857948430246274&tpl=0
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/adop/300x250.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 4c81893c-8269-428a-ad3a-c3a0d4a0308f
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 65f1f3a23d7bee48-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aab1699660000ee486f0a9000000001
server: cloudflare

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 267B 38 KB
14 KB 27ms
26ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29088
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:37 GMT
vary: Accept-Encoding

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 330C 10 KB
8 KB 18ms
17ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

643c54b76ee23dd4cece7acc40268732e8c94ed402dbe7a8fbed346c21f83e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7857
x-xss-protection: 0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 0411 38 KB
14 KB 27ms
27ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29088
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:37 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame AFCE 38 KB
14 KB 32ms
31ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29088
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:37 GMT
vary: Accept-Encoding

POST view
googleads4.g.doubleclick.net/pcs/ Frame CC50 0
0

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 83F4 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.aralego.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.aralego.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 026F 783 B
531 B 16ms
16ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

953766ebf6f529fdeecf416321868dd001db6045faff75df7db844dd458f52ea

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WarUn9ZhMGruyaXqRqTtAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.aralego.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.aralego.net/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-WarUn9ZhMGruyaXqRqTtAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 41D3 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 018F 783 B
532 B 15ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b5fbff6261048b7829185310b4c62db31860827011ee53b532b44d041ade0161

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6WNNJ+/amRrnxAf8GUCg/A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-6WNNJ+/amRrnxAf8GUCg/A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 243B 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3C9A 783 B
532 B 15ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1f3b321af0e3218fd9f4d8cd038a4e423572f16898e9c010cfef14e2a6b40aaa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iWVgUpcK7LCkU67/obL/FQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-iWVgUpcK7LCkU67/obL/FQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 833C 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A588 783 B
532 B 16ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8018d32d797e84d6e8c79cf62530a44d8355ad62a1d3f4b6ebcb7b39a2b5e2d8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AXSjLh/1TGmM+Fc5oxRJmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-AXSjLh/1TGmM+Fc5oxRJmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
34e89f3934861578abf3c84e47427048.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6580 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://34e89f3934861578abf3c84e47427048.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 34e89f3934861578abf3c84e47427048.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Jun 2021 07:47:37 GMT
expires: Tue, 14 Jun 2022 07:47:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2748 73 KB
28 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410781212720"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28237
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:38 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 1AFD 38 KB
14 KB 27ms
26ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 6471 38 KB
14 KB 28ms
25ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK Cookie set beacon
ap.lijit.com/ Frame 86B0 2 KB
0 1083ms
27ms Document
text/html 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=12205132
Requested by: Host: static.viralize.tv
URL: https://static.viralize.tv/viralize_player_banner.min.07f50ce3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://b.travelmiso.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=f35e06d1217e66947e122508; _ljtrtb_42=d82a3280-4153-4c8a-bd9f-c3f658409d13-tuct7c08f14; ljtrtbexp=eJxdkDsWAzEIA%2B%2FiOgVgfs7V8nL3ZPdtw5QjY0nwWbremrbLt0W8lt3onekXZk7eE0snhwgUFTAC6gmw1Lz4nFNz4q%2F0VJqeKNlo2Q4OMP%2BjgdHv4D2fG4rI3Rj9rOaOG3kOf4d%2FYD6aN54Nvz8NrFyW; ctag=512:1623743255|561:1626248855|515:1626248855|563:1626248855|565:1623743255|520:1626248855|185:1623743255|203:1624866455|205:1623743255|541:1624866455|589:1626248855|462:1623743255; _ljtrtb_76=e7595fd5-1621-445a-9ee2-4e9524b515eb; ljtrtb=eJwNy8ERAyEIAMBefIcZQFBINyBaweWVSe%2Fxv%2Fttwu3dyjg6G4KQdpBlAVl%2BYPUz1AS9qMPzWc9caIekvZrN%2B3xGYhqDum8QXwU5sCCwd408VBrXznHtnup6SoEGE4hogO%2FNINuVJZV0Z%2Fv9AWIvJJg%3D; _ljtrtb_87=1e5909af-14a4-4694-83f5-ae87d11f251b
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

Server: nginx
Date: Mon, 14 Jun 2021 07:47:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxdkDkShTAMQ%2B%2BSmsL7wtX%2B%2FLsTGAqsUrYUv%2Bi3eJ0comkq3seSR1pFmPuxIqbWKZOndiKYMIH%2BHtj38j0gwXHvuztnYk9qZgrfBMhS8BtoBz%2FkBfNAVD33Em%2BHRPQQA5%2Fk54%2FbrzHzBq1aQ6vA59AH0yD2%2FwUtzFy%2B;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:39 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=f35e06d1217e66947e122508;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ctag=512:1623743255|561:1626248855|515:1626248855|563:1626248855|565:1623743255|520:1626248855|185:1623743255|203:1624866455|205:1623743255|541:1624866455|589:1626248855|462:1623743255;Path=/;Domain=.lijit.com;Expires=Wed, 14-Jul-2021 07:47:39 GMT;Max-Age=2592000;Secure;SameSite=None ljtrtb=eJwNy8ERAyEIAMBefIcZQFBINyBaweWVSe%2Fxv%2Fttwu3dyjg6G4KQdpBlAVl%2BYPUz1AS9qMPzWc9caIekvZrN%2B3xGYhqDum8QXwU5sCCwd408VBrXznHtnup6SoEGE4hogO%2FNINuVJZV0Z%2Fv9AWIvJJg%3D;Path=/;Domain=.lijit.com;Expires=Tue, 14-Jun-2022 07:47:39 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap7ams1

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame CCC5 38 KB
14 KB 27ms
27ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 16A5 38 KB
14 KB 27ms
27ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158212&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D35%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame D326 38 KB
14 KB 30ms
29ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 7ABC 38 KB
14 KB 27ms
26ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159249&predirect=https%3A%2F%2Fcm.gammaplatform.com%2Fadx%2Frecv%3Fpid%3D53%26uid%3D

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H3-29 200 prebid.3-25.js Show response
projectagora.net/libs/prebidv3/ Frame D316 360 KB
103 KB 46ms
31ms Script
application/javascript 2606:4700:3035::6815:2f1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://projectagora.net/libs/prebidv3/prebid.3-25.js
Requested by: Host: projectagora.net
URL: https://projectagora.net/libs/pav2_3.25.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:2f1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Referer: http://nichools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6037
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 7STB6VJT6WDA3MWJ
x-amz-id-2: /ys6rJm0v963RwJLIz1Vw+5I2kXtWUdGVY1NXs1SPMPvxGECyDtJJ9CarnGLKSFrT9GII9o7it0=
last-modified: Wed, 05 May 2021 10:36:16 GMT
server: cloudflare
etag: W/"fa7fdd65f39d0e16a18830e016d93050"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lTRbGO14yU8cYgk2G8lkXR4A0kWS3QXCglqWQBi9SBzOznTfylE1OpLAgSOTAOVq%2Byg2B3w%2BQveUVjKabQJpvN%2Br2zH70Kxs7I97MdTkENgYfGyYBWosH%2FIbvLPrqOwGaaYYW3rRyYbPTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 0aab169a2e00002c22a1b2b000000001
cf-ray: 65f1f3a37c8c2c22-FRA

GET
H/1.1 200
OK flimpobj.js
pixel.yabidos.com/ Frame 54BB 30 KB
24 KB 1070ms
37ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://pixel.yabidos.com/flimpobj.js?cb=1623656857914&ver1=2.2.3&qid=83432313f553532313f5435393&rnd=dxwdjq4hcevm&cid=954
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83432313f553532313f5435393&cid=954&p=1505449937&s=http://travelmiso.com/&x=gammassp&nci=&adtg=1567570861&nai=&si=&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=1567569789&di=&mm=&os=&ua=&lat=&lon=
Protocol: HTTP/1.1
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:39 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:31 GMT
Server: cloudflare
Age: 5803
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f3a9eff2048f-CDG
Content-Length: 23972
cf-request-id: 0aab169e2e0000048f37017000000001
Expires: Mon, 14 Jun 2021 09:47:39 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 8620 0
42 B 343ms
30ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=85648072&p=137711&s=137812&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
content-length: 0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 9E5D 38 KB
14 KB 27ms
26ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1; KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK flimpobj.js
pixel.yabidos.com/ Frame AB7E 30 KB
24 KB 1093ms
24ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://pixel.yabidos.com/flimpobj.js?cb=1623656857927&ver1=2.2.3&qid=83432313f553532313f5435393&rnd=7wiqfx9wx0mu&cid=954
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83432313f553532313f5435393&cid=954&p=1505449937&s=http://travelmiso.com/&x=gammassp&nci=&adtg=1567570449&nai=&si=&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=1567569789&di=&mm=&os=&ua=&lat=&lon=
Protocol: HTTP/1.1
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:39 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:31 GMT
Server: cloudflare
Age: 5803
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f3aa389a048f-CDG
Content-Length: 23972
cf-request-id: 0aab169e650000048f749cf000000001
Expires: Mon, 14 Jun 2021 09:47:39 GMT

GET
H3-29 200 pubads_impl_2021061001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 7557 326 KB
114 KB 35ms
35ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ce69465fa2284194ab3ec822ee452307e2f4b4ab202499e24a06f8215b1ead1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 08:39:38 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116947
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:38 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame D5B2 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2321 42 B
64 B 23ms
23ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvhiddl-jGrOyfAkueOefGe-_cEVCPwbro4gZtumdjmjuwKB-VcX2h4drGnZt4VPvBP0hy8jcQWlQLSj3MnmcT14K2sl3rLHDj_v5qzU34fGX65n5zB_VaFsjsp_Q&sai=AMfl-YRBlbRXA0LFpp9o-8txasL3SFLIUX5D1Z5rsXxAxo-dTMm-lkb8-bdG3w0CJQe720sPu3v1R1NbMW0LWhsP5mhDJ0ylHqGUbVIj7muI8NNDvw0b0LwluXtrZ5bD&sig=Cg0ArKJSzKB7YYFjGqM6EAE&cid=CAASEuRola203k65bFQvwLsq7DU0lg&id=lidar2&mcvt=1228&p=0,0,250,300&mtos=1228,1228,1228,1228,1228&tos=1228,0,0,0,0&v=20210611&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2714596404&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 index_edge.js Show response
s0.2mdn.net/9229046/1612520417718/300x600/ Frame C7DA 10 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9229046/1612520417718/300x600/index_edge.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9229046/1612520417718/300x600/edge.6.0.0.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

545aeab731198218f1f2ae4aafb7569c271d813ae13c56ef2713d9a77a7ef3c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:02:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6334
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2659
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 10:20:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 15 Jun 2021 06:02:04 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 330C 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:38 GMT

GET
H2 204 /
ads.viralize.tv/track/ Frame 0513 0
74 B 412ms
21ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2c9daba62d346954ed281%3A0%3ANTU1NS23zt7cdAyJ~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22viewable%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FBA9 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://df92c682cc13fd0720c1bc98348b7158.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 13 Jun 2021 10:48:52 GMT
expires: Mon, 13 Jun 2022 10:48:52 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 75526
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 _Orange5G_Pentagone.png
s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/images/ Frame CB25 5 KB
5 KB 8ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/images/_Orange5G_Pentagone.png?1618349144015

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4940ff7a15d8c00de5bd62664e5924c2132da2d683275b2565eb88ced63b9442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:54:10 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Apr 2021 09:04:04 GMT
server: sffe
age: 3208
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5074
x-xss-protection: 0
expires: Tue, 15 Jun 2021 06:54:10 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7A6E 0
750 B 24ms
24ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:38 GMT
X-Proxy-Origin: 93.177.75.188; 93.177.75.188; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.150:80
AN-X-Request-Uuid: 1e418870-101b-4ca9-8448-55871c3af459
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 5AD6 12 KB
5 KB 15ms
15ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.aralego.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.aralego.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 210D 783 B
532 B 16ms
16ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

afc2c326b105fbd0f56d8ff53236a5254f922a067398f8705f0b326b0b917f67

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WrkOJAzK+8BtiK0I+GXfLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.aralego.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.aralego.net/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-WrkOJAzK+8BtiK0I+GXfLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E074 42 B
64 B 16ms
15ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuuefCO07C1RHR4DXncCCWzdt7ZIzInkMNO4LInDtzrBIw4sYUxpfoQzljZUGPFLmHXyqYGU2Nc0aGhb3DCdHkUBqmc7OlA7tBUqE0ow70&sig=Cg0ArKJSzBIDVIaNp0euEAE&id=lidar2&mcvt=1201&p=0,0,250,300&mtos=1201,1201,1201,1201,1201&tos=1201,0,0,0,0&v=20210611&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=2309991019&rs=4&met=ce&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656854423&dlt=0&rpt=2708&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D785 42 B
64 B 15ms
14ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst8QrAvvU-z0d3TEjJX2U_IoC7uOyylOZSTyW5HB2wFdNBv44Gt37m95G_xKHMxBrzMfhgbEFZ6uj3vWm5_pBZcyxdTA2sErivZ2U_AM0U&sig=Cg0ArKJSzBQKlbPrJCPDEAE&id=lidar2&mcvt=1203&p=0,0,250,300&mtos=1203,1203,1203,1203,1203&tos=1203,0,0,0,0&v=20210611&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=882287229&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1623656852501&dlt=0&rpt=4640&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ Frame D224 94 KB
33 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61659813/20201215140423349/index.html?e=69&leftOffset=0&topOffset=0&c=fkTMyD5xpo&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 05:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8839
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33507
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Jun 2022 05:20:19 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame D224 110 KB
38 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61659813/20201215140423349/index.html?e=69&leftOffset=0&topOffset=0&c=fkTMyD5xpo&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61659813/20201215140423349/index.html?e=69&leftOffset=0&topOffset=0&c=fkTMyD5xpo&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 12:13:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Jun 2021 12:13:50 GMT

GET
H/1.1 200
OK vbl.gif
pre.glotgrx.com/ Frame C527 26 B
451 B 30ms
23ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pre.glotgrx.com/vbl.gif?cb=1623656858457&rnd=shjzvjyiwtqq&ifm=2&uai=4&cid=954&s=http%253A//travelmiso.com/&p=1505449937&x=gammassp&adtg=1567570933&ats=0&atf=&nsi=&si=&nci=&nai=&pft=1&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=1567569789&icp=http%253A//b.travelmiso.com/travel/&impid=
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/ads/gam/300x250.html
Protocol: HTTP/1.1
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
CF-Cache-Status: HIT
Last-Modified: Wed, 02 Jun 2021 15:09:22 GMT
Server: cloudflare
Age: 6023
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: public, max-age=7200
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 65f1f3a56b1c4e31-FRA
Content-Length: 26
cf-request-id: 0aab169b6200004e31e61ff000000001
Expires: Mon, 14 Jun 2021 09:47:38 GMT

GET getuid
secure.adnxs.com/ Frame F159 0
0

GET sync
x.bidswitch.net/ Frame F159 0
0

GET redirectObuid
sync.outbrain.com/ Frame F159 0
0

GET cm
us-u.openx.net/w/1.0/ Frame F159 0
0

GET sync
sync.srv.stackadapt.com/ Frame F159 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame F159
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-LBp6bYpE2pf5Rc4NVIu9bZCYT.hFtFJPs5fr~A

35 B
237 B

57ms
45ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-LBp6bYpE2pf5Rc4NVIu9bZCYT.hFtFJPs5fr~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 14 Jun 2021 07:47:38 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-LBp6bYpE2pf5Rc4NVIu9bZCYT.hFtFJPs5fr~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame F159 0
0

GET services
sync.technoratimedia.com/ Frame F159 0
0

GET 142
match.deepintent.com/usersync/ Frame F159 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame F159
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_f30c818c-f3bd-4ac6-b5d1-b47c99f0cdf8&gdpr=1&gdpr_consent=&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

35 B
237 B

120ms
41ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:39 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Pragma: no-cache
Date: Mon, 14 Jun 2021 07:47:38 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 78
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame F159
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=3340b085-8ff8-4f42-b06a-837fb39e0c81

35 B
237 B

46ms
44ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=3340b085-8ff8-4f42-b06a-837fb39e0c81
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=3340b085-8ff8-4f42-b06a-837fb39e0c81
date: Mon, 14 Jun 2021 07:47:38 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET

sync
x.bidswitch.net/ Frame F159
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-4dd4d7ee-80ab-4dcf-ac4d-bfe26464020c-003&rndcb=5820487150

0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame F159
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=1q0QKD0n1PX4&ev=1&pid=558355

35 B
237 B

41ms
40ms

Image
image/gif

34.251.173.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=1q0QKD0n1PX4&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.173.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:39 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=1q0QKD0n1PX4&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-8474b759f8-2hvq9
expires: -1

GET merge
ce.lijit.com/ Frame F159 0
0

GET img
sync.mathtag.com/sync/ Frame D3A4 0
0

GET
H2 200 URnmbSKM
sync-tm.everesttech.net/upi/pid/ Frame 2627 85 B
391 B 122ms
118ms Document
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash

Request headers

:method: GET
:authority: sync-tm.everesttech.net
:scheme: https
:path: /upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: everest_g_v2=g_surferid~YMcJmAABhOYQ8wBg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
set-cookie: everest_g_v2=g_surferid~YMcJmAABhOYQ8wBg;Max-Age=31536000;Domain=everesttech.net;Path=/;SameSite=None;Secure
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Mon, 14 Jun 2021 07:47:38 GMT
via: 1.1 varnish
x-served-by: cache-fra19164-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1623656859.505948,VS0,VE94
cache-control: no-cache
pragma: no-cache
content-length: 85

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 0B11 170 B
188 B 36ms
33ms Document
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9mMzBjODE4Yy1mM2JkLTRhYzYtYjVkMS1iNDdjOTlmMGNkZjg=&gdpr=1&gdpr_consent=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV9mMzBjODE4Yy1mM2JkLTRhYzYtYjVkMS1iNDdjOTlmMGNkZjg=&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkaEOF5I60pQw1z20S7oskrJrzw9e048mRx5tYhVpS9F2da3JcLsvidZn58QuU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Mon, 14 Jun 2021 07:47:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D42E 8 KB
3 KB 27ms
25ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1; KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

last-modified: Tue, 01 Jun 2021 06:44:25 GMT
etag: "1300708-2080-5c3aeac410031"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2586
content-type: text/html; charset=UTF-8
cache-control: max-age=111756
expires: Tue, 15 Jun 2021 14:50:14 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 2DDF 0
0 110ms
107ms Document
text/plain 67.202.110.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.22 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-110.static.steadfastdns.net
Software: 33XP003 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP003
date: Mon, 14 Jun 2021 07:47:38 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame BF04 70 B
264 B 35ms
33ms Document
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: match.adsrvr.org
:scheme: https
:path: /track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TDID=f045f152-f2cc-4b14-80ad-163e6e314e57; TDCPM=CAESFwoIcHVibWF0aWMSCwiY1v7S1sTXORAFGAEgASgCMgsIqPOyke3E1zkQBTgBWgthZGNvbmR1Y3RvcmAC
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET um
cs.emxdgt.com/ Frame EAB2 0
0

GET idsync
tg.socdm.com/aux/ Frame C9D8 0
0

GET cm
p.rfihub.com/ Frame 87D4 0
0

GET cm-notify
creativecdn.com/ Frame F9B7 0
0

GET
H2 200 showad.js
ads.pubmatic.com/AdServer/js/ Frame 8EE9 38 KB
14 KB 29ms
28ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1; KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H2 200 showad.js
ads.pubmatic.com/AdServer/js/ Frame 6D76 38 KB
14 KB 29ms
26ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PUBMDCID=3; KRTBCOOKIE_153=19420-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu&KRTB&22979-CTJU5Q87DuoSMlPlXDYa4Q03A7cSZ1PgXTIl2sGu; PugT=1623656856; KRTBCOOKIE_57=22776-2283321168535714619; KRTBCOOKIE_80=22987-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&16514-CAESEBnAxSSMgoPxEpjTuPM-W04&KRTB&23025-CAESEBnAxSSMgoPxEpjTuPM-W04; KADUSERCOOKIE=E9C1170E-919E-41E6-A9B2-E408ED6F4B95; SPugT=1623656857; repi=1; KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=29087
expires: Mon, 14 Jun 2021 15:52:25 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
vary: Accept-Encoding

GET
H3-29 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 5905 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe
www.google.com/recaptcha/api2/ Frame C9BB 783 B
531 B 16ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lmuy8MDAaFqPzFlAqyeC7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-lmuy8MDAaFqPzFlAqyeC7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 22F5 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe
www.google.com/recaptcha/api2/ Frame CA01 783 B
532 B 16ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VKHht3gtGRwmwDAsxPCX+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-VKHht3gtGRwmwDAsxPCX+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 7F9E 14 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H2 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame 38A0 624 B
754 B 38ms
18ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNrHLRDe5dcCGIiPgKkBMAE&v=APEucNWolmnDbr-fAGeRXy4tjZ9vGPoqIrqlqAZTrsOXLczx13uRZCFpR4zjMc5LVH9lvWrr3t_XzcLmGPBd9Qeg70tx5FwHhpYf0OLsKvXQcklHfoeVEimUkbAaC4jRWTMmyfZnED7dPiQUYZRTEdDRa7xyq2zKahiaqccCkaGosb4oRrNPjxo

Requested by

Host: 25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com
URL: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CNrHLRDe5dcCGIiPgKkBMAE&v=APEucNWolmnDbr-fAGeRXy4tjZ9vGPoqIrqlqAZTrsOXLczx13uRZCFpR4zjMc5LVH9lvWrr3t_XzcLmGPBd9Qeg70tx5FwHhpYf0OLsKvXQcklHfoeVEimUkbAaC4jRWTMmyfZnED7dPiQUYZRTEdDRa7xyq2zKahiaqccCkaGosb4oRrNPjxo
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkaEOF5I60pQw1z20S7oskrJrzw9e048mRx5tYhVpS9F2da3JcLsvidZn58QuU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Jun 2021 07:47:38 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 85A6 11 KB
8 KB 54ms
35ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cvblp2ikOn2Z00gGGWgaMKx0lwKBmxAvkhUGgRJaf_CoQUr5DRD-Pp0Bsj4-31lV053R8qp_6PUv6In0a9in-Bt6zCmSe8GuEmYexVis0eWNi0dDMISRp8x1wo-0wFL0elhAOOjZCWkp7IX22dmhOjkusehw&dbm_d=AKAmf-Bn1jSX19Xl9tP6LIEa6bdit8BFEZNl6pCv1_TNYqKB7vPxglh0ZN3oT8q7szEqzJnPXm42LcvB32hEZ0T-HxMEnjY2-09RUBd3bF37-skrobt8VsXN15xiXOM7HGsVTX4FHAxvOoI2UsIIEHGW4hpsnfpu5eypTcw47KP2ytmlN545HE_YdYRtQImJyxU1QlfWPEwHSYzNlG7ZXkRIoBM9Voujde-iHhaoIjTJRahT18XJDDe3PhbpTW-OzmHW7bhyPjZ7PzZ-V6r7ShMCGH0XbATao10o86ti2XZhAg4_tJi08HcF5V0_PiNYbSdsBVrk4f89HQDAaBJvrEmqz5lmGzw1eNI21WXSFc1brhvT2TePVJhQ-4sAhUdvdr6x5NzCiNL-D1p9Ra3c_PsUNYpeWHisEZjs2PSAF-uV3oWgEZZCmFFQHBKquECAM2V0dZHiyiJ1rhZOsYgz94yA2vo1f9DFTUrPO3DOXrLbTCkZFlTjczEgkkl1aaDSY1qnFNEckjQlSXdIqHzzO3uL1_m0sGC7-g0RJRrIXoJfjmMe3TCZdRk7MwqIWM0YaN3V2zxlIEpHB3aqg4B-3C1fRhfqze9d-fCTCGhmUCdXfIUl-W2CnzsPBJKRdfBYXshgRtajOSDzIKH4s6JfentDTmFmTvGzl5W1MkFE4eraUApNOFuMmfjEViuvsDzn936JL3bowPRD3T2UYmumCplLf1g_X_aFxDuIldoTITQDOmvCi0OIAlSSimNT3vc11NH_VmvUNgoGwa2rNzHdt7BRbwMFsx8ZPOxnaFoN_9t3uEMa114ba13E75YrgOc_ZXB12y-UQpmN4PnSJ1TWBXB85bK59JMyb6q50RY3UucGo7mqK_kdk_Ffc1uehW8WuncodQonSLkSiy5_QpJgN_RVNl28uck1RtCuBr5fiOgKItNeEE5RrSY4SzXLHJuN8cGypUSNk-JRQEJIHxAs0sljwk88vf_wSUAjRg9STvNjKHhyYODBOMKjQq2HktY1fBL0oIgKYGx9i94rl6V4yUy0la2mU3q0KcVa6mS95ekvfCSw7kbtuFbpKinnWDnyNteP5nNgHqj6JY67_vtDV_MmyY3VnDsaoiph_8NrDbPuVHOaJCx0xLLlitT7_uKNfwWjJnvkcteorjZCbtCvY4R8WG0bQI9yN7TrlRIWpIJv9WggAs9ZKIeuVDPmU-2TAvUAOMLaMX5zuD_yAYf6tz_7n0ZeUVhOdx3M9-BUdd_-kFKc4WoQHhvZYOmcGOO4FikYDNx5GisCxk377Ab2RcqVuLJO_3GAatrbVnydlLAJRXuXjPF_8mCePadgEPKYNrbKoIHr-Up4O0cmiiB40_uVHS3q6lva8ycRvjgzhbRxOWqF89NVSDAGaIp0OoKCMWPGTxLBSs2ZRfZJYqGxvHGXKV7z6q1VKBYAk0_5PVRxxZ8clx75zCBqIAGnQc1bZWR5kVZBJiuN9KWTLH0MjMI0CixoSS1hJvCXxcDMq6pGd854MTJPkChwPYQATl1eU3ttMbSPpqF_JEnwaf7Sv7XlKCwOAZkLnq_w-XThA69UMdZqjSzf_747FwldhLwZxQQsNaQpYGMZIYQXdI96KVlt2Ses2CPiPHisiU_NwUQ0M-wyCO3ra3ETCqAdy3IqPwBfODJtxcrSyuUgiFgD7R7zRtve4_Wfh0COfprb2mtVoUfO5-FQT5Z2aaFSuO2LPJmJB3klzert0lNjxWsbPLMX1wdsc_M3qAqhfn-WFCcJt09U4qTxdDPfs4POqPdZbiH9Mw03Eqw-ZDCYHxD-on0GYOZKHs3rbsdOfHXsTco8MBijugRC9QINpChFHZ2FFARxEz7GH0PFn7Wss6hkbyQfRNNwj-rMGBtziWJVOkND1cYt6QJGRKBIf41q_3CKDKqsNGYohItzuh4sMwmld4fmGyLEAS08VAmeXA7G1Xa4mOHesyCVzWJ7IlR8IGTLqh6PF9iaeZ6bJaUWHeCcSmZXeJC2lJ1ahIVpeOkVuazB2KF_rNy1vdt1n6s5SW21c6B0Z59APH4FWxXyQA7LqF8flTdJMzw3SWR33E4zHPNjyOGzeSMXLhXn6XwRpp5CP4BhnBvUe7EJKdDFsRH6TvoULmPT8XJI7_ajHvd1WcJBslNW6zrUlxxQEgshwdo6GewpP8zFn3sQnrCFo1mWFA2DqOZdzcl0IB2M3Oixj_uCFUH9Lnlf81MKCtI8K7lewAdBnEBwETQ8fyVOnPixuLUOc6yZTJSjcI9cQ8AxkNaDuJ8smaif8pwEfyppsRa5rGVZR4Zr59AI3X9fq0ktTnj0YhxS2hesFHl-h9Sxzs70vLPubM4zbGZqBIveE0xiN9aqtQ8POmJgRoMkyTp3fWIUTVNKDn0zLil1NE7fJe46aPUiCIpH7xtHwfidDdUemdz80tweOvaSd1G2w4vodXq8-GBcqIlIly0109sIOplA9uJmmHK6_CfTf1XO-Bbab6A25oCbGsGlc32kEnLXHAVeHlHfGeJBtOgzidbhC3ZEEaeNeqG_Gni7ORTwFfUkcgdh2vzhzksBen1PQ6I3GDMuL9gDTxeyOgSHKXbbBxrwZy_1NboBFYrjnOiEoqhhSv_NP9WAyfG0oITQg_epwDdFZa78nZsaGSpuWVWRVjd83LE7bZFwKd1CRWyLoMae0DUvrbEINhD9rZacnq--8ovueqOH_9xcZmUae8aavit56vMocKSA72XHo6_LPG3tFWFXV5n2xNnU&cid=CAASEuRoCELNASH-c4eR4M47hbW0yw&rfl=2%2Chttp%253A%252F%252Fb.travelmiso.com%242%2Chttp%253A%252F%252Fb.travelmiso.com%252F%240

Requested by

Host: shoppinglifestyle.biz
URL: http://shoppinglifestyle.biz/go/?r=3&a=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91f655392960cfdc620e2d427fecfbd4226b265be328a5041699363af0fe11c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85A6 42 B
63 B 40ms
38ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CFokjSKFDzTpZGWEsVMwI1QUNW4rYJcMfpq_XzHX9kjO6KhEpcKG6zFno1Zg29pLW6FtsoYY_0ZddUwfWPgiH8HthtcQ0k0H8TWFEQnsq2t3s6rSU

Requested by

Host: 25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com
URL: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 07:47:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 85A6 2 KB
2 KB 24ms
6ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=3758893&cmp=25703423&plc=303644554&sid=5775970&dvregion=0&unit=728x90
Requested by: Host: 25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com
URL: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 92f7a73eeec9544e6ba1cef5320b7ff1518bef5a5325a15d6d638e2996092b58

Request headers

Referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 07:47:38 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 15:19:29 GMT
Server: Microsoft-IIS/10.0
ETag: "3947272c5ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1338

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 85A6 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com
URL: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:48 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 85A6 122 KB
37 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com
URL: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623410775224219"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38028
x-xss-protection: 0
expires: Mon, 14 Jun 2021 07:47:38 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 85A6 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com
URL: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:45:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 07:45:12 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 85A6 0
0 15ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaThQQjqAuvooMm4f0rEZSbkfZcbFV77OtsqFHBo7RLgRn8aWmUXoLLmhReYvBKDKXHGuZYx5srjp8BavT75lhAEOPZZEQ
Requested by: Host: 25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com
URL: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://25e9c38e0773fef06e0b63e528e4f7eb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 75FF 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 15:49:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 15:49:47 GMT

GET
H2 204 /
ads.viralize.tv/track/ Frame 52DC 0
39 B 22ms
22ms Image
text/plain 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.viralize.tv/track/?multi=true&serialization=json&events=%5B%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTU2MNTbtGao6pCO~wp9sc1%3A0%3A0~1%22%2C%22format%22%3A%22banner%22%2C%22loader%22%3A%22gpt%22%2C%22linear%22%3Afalse%2C%22content_type%22%3A%22%22%2C%22duration%22%3A0%2C%22adsystem%22%3A%22google%22%2C%22wrappers_count%22%3A0%2C%22creativity_id%22%3A%22%22%2C%22creativity_width%22%3A300%2C%22aspect_ratio%22%3A%22unknown%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22impression%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTU2MNTbtGao6pCO~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22start%22%7D%2C%7B%22reason%22%3A%22ok%22%2C%22ver%22%3A7%2C%22category%22%3A%22creativity_session%22%2C%22session_id%22%3A%2201ebcce4c3c2ea8c58b46cce1d6fbb61%3A0%3ANTU2MNTbtGao6pCO~wp9sc1%3A0%3A0~1%22%2C%22creativity_session_id%22%3A%220~1%22%2C%22type%22%3A%22event%22%2C%22label%22%3A%22viewable_start%22%7D%5D
Requested by: Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.232 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: uvicorn, Unknown /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
via: 1.1 google
server: uvicorn, Unknown
alt-svc: clear

GET
H3-29 200 pictomobile.png
s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/images/ Frame CB25 1 KB
1 KB 16ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/images/pictomobile.png?1618349144015

Requested by

Host: 936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com
URL: https://936d127cbdbc54abf728632a04e16713.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76ea50bbd29329093f4c8660b35cde7979479f9955b83d01de4a6fcba4b29246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1619773444666/fil-rouge_or_mobile-changermobilet22021_160x600_dis-iab/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:54:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Apr 2021 09:04:04 GMT
server: sffe
age: 3207
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1114
x-xss-protection: 0
expires: Tue, 15 Jun 2021 06:54:11 GMT

GET
H3-29 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 1F61 12 KB
0 21ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe
www.google.com/recaptcha/api2/ Frame E46C 783 B
0 44ms
31ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kJOt7Mx/ya6pGmo8WHyI9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-kJOt7Mx/ya6pGmo8WHyI9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame DFAA 83 KB
27 KB 97ms
47ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.ravenjs.com
URL: http://cdn.ravenjs.com/3.17.0/raven.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a98e1f08dd27c121a337ddc31691d4044f56ae83301b574728548b78d3068d3b

Request headers

Referer: http://b.travelmiso.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:38 GMT
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 14:09:58 GMT
server: nginx
etag: W/"60b79136-14aab"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 15 Jun 2021 07:47:38 GMT

GET /
adx.adform.net/adx/ Frame D316 0
0

POST prebid
ib.adnxs.com/ut/v3/ Frame D316 0
0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 267B 3 KB
4 KB 31ms
30ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=22588215&p=158212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: d5ed414d9314065d9d09f95f87b994411ed5ac1b1e5fa9e25a5aed70d5788462

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 07:47:37 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 v_300x600.jpg
s0.2mdn.net/9229046/1612520417718/300x600/ Frame C7DA 45 KB
45 KB 28ms
8ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9229046/1612520417718/300x600/v_300x600.jpg

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ce6c1f78b689dc768e13afa7e448e693631c69889d92706c25497c59f0949ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:02:05 GMT
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 10:20:17 GMT
server: sffe
age: 6333
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46201
x-xss-protection: 0
expires: Tue, 15 Jun 2021 06:02:05 GMT

GET
H2 200 Logo.svg
s0.2mdn.net/9229046/1612520417718/300x600/ Frame C7DA 569 B
453 B 35ms
15ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9229046/1612520417718/300x600/Logo.svg

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6799dafbc3b132aee4d8a4534a4834ecdedca0c5995bdf5b03a0df017fe832b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:02:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6333
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 390
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 10:20:17 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 15 Jun 2021 06:02:05 GMT

GET
H2 200 bt_300x600.svg
s0.2mdn.net/9229046/1612520417718/300x600/ Frame C7DA 668 B
488 B 34ms
14ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9229046/1612520417718/300x600/bt_300x600.svg

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

676664a5f3c64f33cdc4d9d4da929d22143d4e3d1e4fad144bf39d665d13c81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:02:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6333
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 425
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 10:20:17 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 15 Jun 2021 06:02:05 GMT

GET
H2 200 txt_300x600.svg
s0.2mdn.net/9229046/1612520417718/300x600/ Frame C7DA 2 KB
1 KB 27ms
7ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9229046/1612520417718/300x600/txt_300x600.svg

Requested by

Host: b.travelmiso.com
URL: http://b.travelmiso.com/travel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4879572e0cd7c7ad914db5810e0a1a2b49a75b12fd26f5113a4fd931c8928ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9229046/1612520417718/300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 06:02:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6333
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 769
x-xss-protection: 0
last-modified: Fri, 05 Feb 2021 10:20:17 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 15 Jun 2021 06:02:05 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 5908 12 KB
0 25ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 14 Jun 2021 06:35:25 GMT
expires: Tue, 14 Jun 2022 06:35:25 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe
www.google.com/recaptcha/api2/ Frame 2A52 783 B
0 34ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZyClURLFox19K+D82jmWjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://b.travelmiso.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://b.travelmiso.com/

Response headers

expires: Mon, 14 Jun 2021 07:47:38 GMT
date: Mon, 14 Jun 2021 07:47:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-ZyClURLFox19K+D82jmWjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ Frame 7557 107 B
853 B 38ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7557 107 B
570 B 36ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Jun 2021 07:47:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7557 330 B
885 B 106ms
51ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=256696159674467&correlator=540539883579651&output=ldjh&impl=fifs&eid=31061040%2C31061224%2C31061429%2C44744016&vrg=2021061001&ptt=17&sc=1&sfv=1-0-38&ecs=20210614&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cdm=cdn.aralego.net&bc=23&abxe=1&lmt=1597133702&dt=1623656859001&dlt=1623656855850&idt=3137&ea=0&frm=8&biw=-12245933&bih=-12245933&oid=3&adxs=-12245933&adys=-12245933&adks=64515409&ucis=3hi2tf9xbqlg&ifi=1&ifk=923963767&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=4&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2Fcht_cookieSyncIframe.html&ref=http%3A%2F%2Fwww.travelmiso.com%2F&top=http%3A%2F%2Fwww.travelmiso.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x-1&ga_vid=1785899269.1623656859&ga_sid=1623656859&ga_hid=1437796142&ga_fc=false&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061001.js?31061429

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS