www.figures.com Open in urlscan Pro
2606:4700:4400::ac40:9214 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.figures.com/
Effective URL:
https://www.figures.com/
Submission: On October 31 via api (October 31st 2022, 6:03:07 am UTC) from US — Scanned from DE

Summary HTTP 282 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 75 IPs in 11 countries across 56 domains to perform 282 HTTP transactions. The main IP is 2606:4700:4400::ac40:9214, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.figures.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 1st 2022. Valid for: a year.

This is the only time www.figures.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 43	2606:4700:440... 2606:4700:4400::ac40:9214	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	13.224.189.17 13.224.189.17	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1 3	13.225.78.28 13.225.78.28	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:a20d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.48.231.49 52.48.231.49	16509 (AMAZON-02) (AMAZON-02)
1	13.225.78.62 13.225.78.62	16509 (AMAZON-02) (AMAZON-02)
2	52.214.137.185 52.214.137.185	16509 (AMAZON-02) (AMAZON-02)
4	52.51.99.34 52.51.99.34	16509 (AMAZON-02) (AMAZON-02)
1	34.251.180.249 34.251.180.249	16509 (AMAZON-02) (AMAZON-02)
2 2	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 2	185.86.139.106 185.86.139.106	201081 (SMARTADSE...) (SMARTADSERVER)
7 22	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2 2	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
13	54.72.99.250 54.72.99.250	16509 (AMAZON-02) (AMAZON-02)
1	151.101.65.194 151.101.65.194	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:21f... 2600:9000:21f3:1000:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
3	13.224.195.78 13.224.195.78	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:106b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:21f... 2600:9000:21f3:f600:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	13.225.87.188 13.225.87.188	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	209.191.163.209 209.191.163.209	14744 (INTERNAP-...) (INTERNAP-BLOCK-4)
9	52.28.203.152 52.28.203.152	16509 (AMAZON-02) (AMAZON-02)
1	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2 3	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	185.83.142.19 185.83.142.19	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:2638:1::1a 2a02:2638:1::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	18.195.100.182 18.195.100.182	16509 (AMAZON-02) (AMAZON-02)
20	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
6	185.29.134.249 185.29.134.249	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 7	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
2	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2a00:1450:400... 2a00:1450:4001:829::2006	15169 (GOOGLE) (GOOGLE)
1 2	35.186.194.101 35.186.194.101	15169 (GOOGLE) (GOOGLE)
1	96.16.132.239 96.16.132.239	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	176.9.26.250 176.9.26.250	24940 (HETZNER-AS) (HETZNER-AS)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2	185.86.137.108 185.86.137.108	201081 (SMARTADSE...) (SMARTADSERVER)
2	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	35.205.207.25 35.205.207.25	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 3	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
1 2	2.18.232.7 2.18.232.7	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	18.193.243.10 18.193.243.10	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:11::215:14dc	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
4	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	159.65.196.12 159.65.196.12	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	162.55.80.222 162.55.80.222	24940 (HETZNER-AS) (HETZNER-AS)
1 2	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
13	37.157.2.249 37.157.2.249	198622 (ADFORM) (ADFORM)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	104.18.13.76 104.18.13.76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.35.236.188 23.35.236.188	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	3.126.145.45 3.126.145.45	16509 (AMAZON-02) (AMAZON-02)
5	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	51.68.39.188 51.68.39.188	16276 (OVH) (OVH)
1	54.247.105.151 54.247.105.151	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	37.157.3.28 37.157.3.28	198622 (ADFORM) (ADFORM)
282	75

43 2606:4700:4400::ac40:9214 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.figures.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-17.fra2.r.cloudfront.net

tags-cdn.deployads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.78.28 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-28.fra2.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a20d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.231.49 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-231-49.eu-west-1.compute.amazonaws.com

p.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-62.fra2.r.cloudfront.net

js.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.214.137.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-137-185.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.51.99.34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-99-34.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.251.180.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-180-249.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.110 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.106 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 172.217.16.130 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.82 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 54.72.99.250 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com

e.deployads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:21f3:1000:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.195.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-78.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:106b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.confiant-integrations.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:f600:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-188.fra2.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.191.163.209 (United States)

ASN14744 (INTERNAP-BLOCK-4, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

verticalscope-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.18.126 (Shahr, Iran, Islamic Republic Of) 2 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.83.142.19 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.195.100.182 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.29.134.249 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 138.201.63.157 (Nagold, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.194.101 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 101.194.186.35.bc.googleusercontent.com

ad.sxp.smartclip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.132.239 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-132-239.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.9.26.250 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.250.26.9.176.clients.your-server.de

hal900014.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.108 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.205.207.25 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 25.207.205.35.bc.googleusercontent.com

ads.avads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8::90 (Moscow, Russian Federation) 2 redirects

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.7 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.193.243.10 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-243-10.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:11::215:14dc (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.234 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Schopfheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.196.12 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.55.80.222 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.222.80.55.162.clients.your-server.de

sync-dmp.aura-dsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:7eb1:3826:be7e:d981 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 37.157.2.249 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.13.76 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.188 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-188.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.145.45 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-145-45.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.68.39.188 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3129809.ip-51-68-39.eu

dsp.nrich.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.247.105.151 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-105-151.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.3.28 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	figures.com 1 redirects www.figures.com	376 KB
42	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 135	258 KB
41	doubleclick.net 8 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 76 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 182 cm.g.doubleclick.net — Cisco Umbrella Rank: 213 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 295	243 KB
18	adform.net 1 redirects track.adform.net — Cisco Umbrella Rank: 3745 s1.adform.net — Cisco Umbrella Rank: 7792 c1.adform.net — Cisco Umbrella Rank: 638	247 KB
14	deployads.com tags-cdn.deployads.com — Cisco Umbrella Rank: 12807 e.deployads.com — Cisco Umbrella Rank: 12137	145 KB
11	yahoo.com 2 redirects c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1128 ups.analytics.yahoo.com — Cisco Umbrella Rank: 286	2 KB
10	openx.net verticalscope-d.openx.net — Cisco Umbrella Rank: 37028 rtb.openx.net — Cisco Umbrella Rank: 1413 eu-u.openx.net — Cisco Umbrella Rank: 1635 us-u.openx.net — Cisco Umbrella Rank: 414	2 KB
10	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 71	2 KB
9	redintelligence.net 2 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 46316 hal90007.redintelligence.net — Cisco Umbrella Rank: 506574 hal900014.redintelligence.net — Cisco Umbrella Rank: 405426	16 KB
9	mathtag.com 1 redirects tags.mathtag.com — Cisco Umbrella Rank: 3299 pixel.mathtag.com — Cisco Umbrella Rank: 937 sync.mathtag.com — Cisco Umbrella Rank: 458	7 KB
9	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 866	1 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 190	309 KB
6	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 436 ib.adnxs.com — Cisco Umbrella Rank: 210 acdn.adnxs.com — Cisco Umbrella Rank: 595	22 KB
5	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 257	149 KB
5	consensu.org quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2515 test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 10490	161 KB
5	pubmatic.com 3 redirects image2.pubmatic.com — Cisco Umbrella Rank: 874 hbopenbid.pubmatic.com — Cisco Umbrella Rank: 431 image6.pubmatic.com — Cisco Umbrella Rank: 668 ads.pubmatic.com — Cisco Umbrella Rank: 463	7 KB
5	cpx.to p.cpx.to — Cisco Umbrella Rank: 10907 s.cpx.to — Cisco Umbrella Rank: 2262	6 KB
5	google-analytics.com 1 redirects ssl.google-analytics.com — Cisco Umbrella Rank: 274 www.google-analytics.com — Cisco Umbrella Rank: 29 region1.google-analytics.com — Cisco Umbrella Rank: 2835	38 KB
4	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 291	2 KB
4	criteo.com 1 redirects bidder.criteo.com — Cisco Umbrella Rank: 735 gum.criteo.com — Cisco Umbrella Rank: 408 mug.criteo.com — Cisco Umbrella Rank: 3300	7 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 300 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 498	48 KB
4	smartadserver.com 1 redirects sync.smartadserver.com — Cisco Umbrella Rank: 1514 ssbsync.smartadserver.com — Cisco Umbrella Rank: 846	1 KB
4	gstatic.com fonts.gstatic.com	88 KB
3	yandex.ru 2 redirects an.yandex.ru — Cisco Umbrella Rank: 3449	1 KB
3	casalemedia.com 2 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 470 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 421	3 KB
3	viglink.com cdn.viglink.com — Cisco Umbrella Rank: 8545 api.viglink.com — Cisco Umbrella Rank: 11670	29 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 150	2 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6364 adservice.google.de — Cisco Umbrella Rank: 9167	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 765	1 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 658	56 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 822 s.tribalfusion.com — Cisco Umbrella Rank: 2171	1 KB
2	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 644	856 B
2	aura-dsp.com 2 redirects sync-dmp.aura-dsp.com — Cisco Umbrella Rank: 51265	800 B
2	linkedin.com 2 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 373	2 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1238	457 B
2	e-volution.ai rtb2-useast.e-volution.ai — Cisco Umbrella Rank: 5514	466 B
2	smartclip.net 1 redirects ad.sxp.smartclip.net — Cisco Umbrella Rank: 3842	485 B
2	media.net prebid.media.net — Cisco Umbrella Rank: 1165 contextual.media.net — Cisco Umbrella Rank: 553	8 KB
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	529 B
2	gumgum.com js.gumgum.com — Cisco Umbrella Rank: 3474 g2.gumgum.com — Cisco Umbrella Rank: 1333	39 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 51	178 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36 ajax.googleapis.com — Cisco Umbrella Rank: 293	33 KB
1	bidr.io match.prod.bidr.io — Cisco Umbrella Rank: 483	433 B
1	nrich.ai 1 redirects dsp.nrich.ai — Cisco Umbrella Rank: 2729	522 B
1	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 597	2 KB
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 551	537 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2566	549 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1615	583 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2754	104 B
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1396	63 KB
1	avads.net 1 redirects ads.avads.net — Cisco Umbrella Rank: 26169	440 B
1	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 4001	522 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 594	644 B
1	confiant-integrations.net cdn.confiant-integrations.net — Cisco Umbrella Rank: 1448	66 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 387	2 KB
1	fastly.net confiant-integrations.global.ssl.fastly.net — Cisco Umbrella Rank: 2421	16 KB
282	56

	Domain	Requested by
43	www.figures.com	1 redirects www.figures.com
22	cm.g.doubleclick.net	7 redirects ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com eu-u.openx.net
20	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
18	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
14	securepubads.g.doubleclick.net	www.googletagservices.com tags-cdn.deployads.com securepubads.g.doubleclick.net www.figures.com
13	s1.adform.net	track.adform.net s1.adform.net www.figures.com
13	e.deployads.com	tags-cdn.deployads.com
9	btlr.sharethrough.com	www.figures.com
9	c2shb.ssp.yahoo.com	www.figures.com
8	www.google.com	1 redirects tpc.googlesyndication.com securepubads.g.doubleclick.net ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
7	www.googletagservices.com	www.figures.com securepubads.g.doubleclick.net ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
6	tags.mathtag.com	ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com tags.mathtag.com
5	eu-u.openx.net	www.figures.com eu-u.openx.net
5	hal90007.redintelligence.net	1 redirects ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com hal90007.redintelligence.net
5	s0.2mdn.net	www.figures.com s0.2mdn.net ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com s1.adform.net
4	track.adform.net	hal90007.redintelligence.net s1.adform.net
4	x.bidswitch.net	4 redirects
4	ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	quantcast.mgr.consensu.org	tags-cdn.deployads.com quantcast.mgr.consensu.org
4	s.cpx.to	p.cpx.to www.figures.com
4	fonts.gstatic.com	fonts.googleapis.com
3	us-u.openx.net	eu-u.openx.net
3	an.yandex.ru	2 redirects
3	ib.adnxs.com	1 redirects www.figures.com acdn.adnxs.com
3	c.amazon-adsystem.com	www.figures.com c.amazon-adsystem.com
3	sb.scorecardresearch.com	1 redirects www.figures.com
3	ssl.google-analytics.com	1 redirects www.figures.com
2	pm.w55c.net	2 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	static.criteo.net	www.figures.com static.criteo.net
2	ups.analytics.yahoo.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	cms.quantserve.com	1 redirects ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
2	sync-dmp.aura-dsp.com	2 redirects
2	px.ads.linkedin.com	2 redirects
2	sync.teads.tv	1 redirects ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
2	rtb2-useast.e-volution.ai	ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
2	ssbsync.smartadserver.com	ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	www.figures.com
2	hal900014.redintelligence.net	1 redirects ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
2	ad.sxp.smartclip.net	1 redirects googleads.g.doubleclick.net
2	pixel.mathtag.com	tags.mathtag.com
2	hal9000.redintelligence.net	www.figures.com
2	googleads.g.doubleclick.net	ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com www.figures.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	secure.adnxs.com	2 redirects
2	sync.smartadserver.com	1 redirects www.figures.com
2	match.adsrvr.org	www.figures.com eu-u.openx.net
2	image2.pubmatic.com	2 redirects
2	api.viglink.com	cdn.viglink.com
2	www.googletagmanager.com	www.figures.com www.googletagmanager.com
1	c1.adform.net	1 redirects
1	sync.mathtag.com	1 redirects
1	match.prod.bidr.io	eu-u.openx.net
1	dsp.nrich.ai	1 redirects
1	contextual.media.net	www.figures.com
1	acdn.adnxs.com	www.figures.com
1	ads.pubmatic.com	www.figures.com
1	js-sec.indexww.com	www.figures.com
1	mug.criteo.com
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	image6.pubmatic.com	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	dclk-match.dotomi.com	ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
1	ajax.googleapis.com	hal90007.redintelligence.net
1	code.createjs.com	s0.2mdn.net
1	ads.avads.net	1 redirects
1	rtb.openx.net	ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
1	ad.yieldlab.net	googleads.g.doubleclick.net
1	bidder.criteo.com	www.figures.com
1	htlb.casalemedia.com	www.figures.com
1	verticalscope-d.openx.net	www.figures.com
1	prebid.media.net	www.figures.com
1	ap.lijit.com	www.figures.com
1	hbopenbid.pubmatic.com	www.figures.com
1	aax-dtb-cf.amazon-adsystem.com	c.amazon-adsystem.com
1	test.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	cdn.confiant-integrations.net	confiant-integrations.global.ssl.fastly.net
1	cdn.jsdelivr.net	www.figures.com
1	confiant-integrations.global.ssl.fastly.net	tags-cdn.deployads.com
1	g2.gumgum.com	js.gumgum.com
1	js.gumgum.com	www.figures.com
1	p.cpx.to	www.figures.com
1	cdn.viglink.com	www.figures.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google-analytics.com	www.googletagmanager.com
1	www.google.de	www.figures.com
1	stats.g.doubleclick.net	1 redirects
1	tags-cdn.deployads.com	www.figures.com
1	fonts.googleapis.com	www.figures.com
282	94

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.onesixthwarriors.com
www.yojoe.com
www.andersnoren.se
www.verticalscope.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-01` - `2023-06-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.deployads.com Amazon	`2022-05-04` - `2023-06-02`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
ssl1029306.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2022-06-01` - `2022-12-08`	6 months	crt.sh
p.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2022-01-13` - `2023-01-13`	a year	crt.sh
*.gumgum.com Amazon	`2022-09-14` - `2023-10-11`	a year	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
viglink.com Amazon	`2022-10-13` - `2023-11-10`	a year	crt.sh
s.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2022-01-17` - `2023-01-17`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-05-04` - `2023-06-05`	a year	crt.sh
*.cmp.quantcast.com R3	`2022-10-20` - `2023-01-18`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.confiant-integrations.net E1	`2022-09-26` - `2022-12-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-02` - `2023-01-25`	6 months	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-05-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-31` - `2023-01-26`	3 months	crt.sh
*.sharethrough.com Amazon	`2022-07-14` - `2023-08-12`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-18` - `2023-04-25`	a year	crt.sh
redintelligence.net R3	`2022-10-04` - `2023-01-02`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.e-volution.ai Sectigo RSA Domain Validation Secure Server CA	`2022-09-29` - `2023-10-30`	a year	crt.sh
tls.adobe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-29` - `2023-05-30`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-01` - `2022-11-30`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-12-10` - `2022-12-09`	a year	crt.sh
*.match.prod.bidr.io Amazon	`2022-01-27` - `2023-02-25`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://www.figures.com/
Frame ID: 43B4B3E17629FEB0950085216ADBF004
Requests: 134 HTTP requests in this frame

Frame: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6ED01A84232E99FFA4FD12097479C1AC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DAFD000CF7A4D145CF517E5620CC70F8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1A6B7EB77C807C7A1401E257306A3BA0
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsupVEPjDDF6s9zXmyI7BnvbuFfyj70XVFtlbFx_Dg48tmLtVOdfx1ERIBUXRyc4sJHmnLrSaugmUgvW-vpk70mVzL2YpBnQD8_-AGqvXnRsR2YwlXwgT36f86p0XmERfaqYv_j3hrLoZaS7bVdb1kIuHxF4SD2IuKqml5K40WU3ZPBElphuGEYdzDsZfYTRo4v9lQiyTU_og_YiPG2TXhdird24s2GV25A44UqMnsWZGhbsE54DWE_bCvqvIoqMKPpUgdQzIdcXH9sNedXnpgV4lO74GvUA9nfeTpIOXxuh3RZUcqLWF_sMcLYiP-5M_IK_4Lc7L5ktXx9ZdJ56JgHHbxuPNgn8_zU&sai=AMfl-YRqxig16256MMR3bo9SNYtOkiaLIOAASDakXsLgpANVyorNXMnIKezk-e3Bsihqox4vwpqRHwRjhGu8ALsbpDBP48Q-gH2arlzy-Tfyz2iG9MHzymoGy8FHtqIFGFfh-g&sig=Cg0ArKJSzIUs6ct3ULBtEAE&uach_m=[UACH]&adurl=
Frame ID: 9C210FA9BC97AF756E7519FA44005EBF
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssvjP7dqxJK6GAvm7bXkr-IDXyzT2kJVuqcQg2sLfpIMkAl6g3iuP4z4xrdqcnNoV7gIxRW8zJujM9Ma4NmLzJ8n-FQBZlXdtkF3C6YrmhrvK0ziCPD0xMQnQadDfOyUqciOpYVYZ5KT5r3CeMDaOwXmfWM5ZLcwOk7TI_Gx7KDRP_Ah7_vy436561kFNkIp2VJqZjUnFEI5_lQHW0YJt_hVdb4_ygKUvMX-uXYJxe4lLRqvg-iQR2gJcthZ8iHW7d5MBfW2pJ3gktaNJ0mxMrJWTRIlK-zoB4jidzEE8pdZrSPvy5phfqBqk-ZJZrn4PTBCMXGamoHshL-bY9GpexPKw&sai=AMfl-YSQFLNLFOQPU-tjb__8hfE_Gzh-bDcQJlAgw5N6gaBRD02Q77orhGW9cOm0ZkTfpwPDaLuD8Ryg-cWwOWQQJ67HODTnAA83k76ObDHCIQhS5-DwfnibE42NyArOu3ixpQ&sig=Cg0ArKJSzMHWadAPDf8ZEAE&uach_m=[UACH]&adurl=
Frame ID: B1073D4E6E19ADDA7228B19F1210D3EA
Requests: 8 HTTP requests in this frame

Frame: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BD7AE122C9CAC0B963CF7E834FEE5C66
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstkZGaC-zIvTgRBxYXa0bJwlobF_Yu7AeF2Tc4ce3wmkr96x4yYaFGBLnyEOUpVFT_m9-vwvFMmJl1JE5pj9dnxAXXzbfaPBcA4iWtx2t2K7Op-MU0tjXEOHv8YDxShEcwy3a-DBhb7j_Pocui-99oUAuuP2k_O84Z8l0fz1kkcKuQL1vDtpIhewHCnBUIz_ifVG2PTQdULaI9w4b7XnhHMY2CQ8N35uxQ8iIY0WBn7eEqDYdkEUnqfrpeKBO4sGuO7hjyNQYCvIrMx6VZNWsQ-OeQ9viUf_psfCDP42T5Z6OPbMNc3qgvb4C7cCNXsT8aEyttch1GMKINYwv9ZlXvdqWbEQiYqN9cIcQ&sai=AMfl-YSpmejHcE16MQ_Ii2I24F6bPHStSnNGij5JW7Lv2i8sLGR5OvLx_DS7tWtOr7evbn_z74fDOnH0x6gxVALcytY5RXk-jBuERmztszPYUuJJ0YD9QcBO3hUJ-T4kO9ZAZQ&sig=Cg0ArKJSzLnS1bElkG0vEAE&uach_m=[UACH]&adurl=
Frame ID: 48F581EE6775D0CADD5FBECA375B5E20
Requests: 8 HTTP requests in this frame

Frame: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A6A6A789B31073739545519851CF3318
Requests: 18 HTTP requests in this frame

Frame: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8E4D443C59AA77C6C39DBE3BF775D03F
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfE9eoCEOqfrYwDGJ3uudYBMAE&v=APEucNUE_YR7zcmUwol1VREiS1FTmReZldeyxtEv5DQasxC9C8iBCFr-oaO9D_ZEOokbMzQqeE_gKTd4oJLLJ52Mw8ugp4tymCPZFZUFenKs1xGNykTsAfc
Frame ID: 742811CDE9BEF627A6C4A990F5E9588E
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DEFF776D3F9EF0A184EB75D6878559BD
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 916F89BAC5A0245570CD238326B95DA8
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/Octopart_160x600_HTML5%20Canvas.html
Frame ID: B80ECC787B5E397BA5963245485F0957
Requests: 4 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=25719500014102605671049012129007&a=14dd7da3
Frame ID: 839E693C543E78AFF408C8DAD6E1F1ED
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 76C8636D5BA6EFD0C363FD98A8A2C407
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D3F45728BDCE77FE7EB0D6B7733B64F4
Requests: 9 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/11826009/11826009.js?ADFassetID=11826009&bv=258
Frame ID: AC14597050BA643A9296D9CA67D95B74
Requests: 12 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.figures.com&gdpr=0&gdpr_consent=
Frame ID: 9B560F1108FA3356051B7F2A129A3F62
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: BFE7CD78857FF2F15F9C50D3B9A6ACE8
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Frame ID: F47AA9D86DF7A30AFF175C2F299D0445
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158492&gdpr=0&gdpr_consent=
Frame ID: E7349FB52B4EB04040A1B1717320F98B
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: BE89090C16E9D5ADB87E1CF1BC5B1A94
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUP91F1X&prvid=77&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: F0B32ADC887F51AFA1506894E18F6169
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Figures.com | All The Toy And Action Figure News All The Time

Page URL History Show full URLs

http://www.figures.com/ HTTP 301
https://www.figures.com/ Page URL

Detected technologies

NextGEN Gallery (Photo Galleries) Expand

Overall confidence: 100%
Detected patterns

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

All in One SEO Pack (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- All in One SEO Pack ([\d.]+)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Choice (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

quantcast\.mgr\.consensu\.org

VigLink (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:^[^/]*//[^/]*viglink\.com/api/|vglnk\.js)

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

282
Requests

89 %
HTTPS

38 %
IPv6

56
Domains

94
Subdomains

75
IPs

11
Countries

2621 kB
Transfer

7195 kB
Size

68
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://www.facebook.com/pages/Figurescom/80240142457
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/figures_dot_com
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.onesixthwarriors.com/
Title: One Sixth Warriors

Search URL Search Domain Scan URL

URL: http://www.yojoe.com/
Title: Yo Joe!

Search URL Search Domain Scan URL

URL: http://www.andersnoren.se/
Title: Anders Norén

Search URL Search Domain Scan URL

URL: http://www.verticalscope.com/aboutus/tos.php?site=figures.com
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://www.verticalscope.com/copyright.html?site=figures.com
Title: Copyright

Search URL Search Domain Scan URL

URL: https://www.verticalscope.com/site-privacy-policy/index.php?site=figures.com
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.verticalscope.com/about-us/Data-Use-Consent-Notice.html?site=figures.com
Title: Tell me more

Search URL Search Domain Scan URL

URL: http://www.verticalscope.com/about-us/cookie-preferences.html?site=figures.com
Title: Cookie Preferences

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.figures.com/ HTTP 301
https://www.figures.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=103480030&utmhn=www.figures.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Figures.com%20%7C%20All%20The%20Toy%20And%20Action%20Figure%20News%20All%20The%20Time&utmhid=614155983&utmr=-&utmp=%2F&utmht=1667196179642&utmac=UA-91774835-12&utmcc=__utma%3D214787720.933595329.1667196180.1667196180.1667196180.1%3B%2B__utmz%3D214787720.1667196180.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=1301726883&utmredir=1&utmu=qBQAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-91774835-12&cid=933595329.1667196180&jid=1301726883&_v=5.7.2&z=103480030 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91774835-12&cid=933595329.1667196180&jid=1301726883&_v=5.7.2&z=103480030 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91774835-12&cid=933595329.1667196180&jid=1301726883&_v=5.7.2&z=103480030&slf_rd=1&random=3890029403

Request Chain 56

https://sb.scorecardresearch.com/cs/6036030/beacon.js HTTP 302
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

Request Chain 65

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D0a8f3f0a-1b9e-440c-a269-0a21f2782676 HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D0a8f3f0a-1b9e-440c-a269-0a21f2782676 HTTP 302
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=1C8DA32E-5AD0-45B1-801A-F95744E28874&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676

Request Chain 67

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D0a8f3f0a-1b9e-440c-a269-0a21f2782676&gdpr=0 HTTP 302
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&gdpr=0&cklb=1

Request Chain 68

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&google_tc= HTTP 302
https://s.cpx.to/ca.png?dsp=dbm&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&google_gid=CAESEMpFxYe6WP0j9wf1wJ7t6EI&google_cver=1

Request Chain 69

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D11825%26ref%3D%26url%3Dhttps%253A%252F%252Fwww.figures.com%252F%26hn_ver%3D40%26fid%3D0a8f3f0a-1b9e-440c-a269-0a21f2782676 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D11825%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Fwww.figures.com%25252F%2526hn_ver%253D40%2526fid%253D0a8f3f0a-1b9e-440c-a269-0a21f2782676 HTTP 302
https://s.cpx.to/an_fire?app_nexus_uid=6864416191012682273&pid=11825&ref=&url=https%3A%2F%2Fwww.figures.com%2F&hn_ver=40&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676

Request Chain 191

https://cm.g.doubleclick.net/pixel?google_nid=smartclip_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEMgoRyc4taHmejGi3tH36Zc&gdpr=0&google_cver=1 HTTP 302
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEMgoRyc4taHmejGi3tH36Zc&gdpr=0&google_cver=1&ang_testid=1

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm&gdpr=0 HTTP 302
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEDq5G0pbh8nLMmz6E-VJfL8&google_cver=1&gdpr=0

Request Chain 196

https://hal90007.redintelligence.net/request.php?zone=9jva1sfkle8t&nw=20&renderingType=javascript&namespace=3e0f294278&subid=&uid=e5ca148aded8f428&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAOmBsH_ZlcUgbQvg%26exch_seat%3D20035004448%26mt_aid%3D5197763193406564345%26mt_id%3D11050095%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_cid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=4818116271534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90007.redintelligence.net/request.php?zone=9jva1sfkle8t&nw=20&renderingType=javascript&namespace=3e0f294278&subid=&uid=e5ca148aded8f428&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAOmBsH_ZlcUgbQvg%26exch_seat%3D20035004448%26mt_aid%3D5197763193406564345%26mt_id%3D11050095%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_cid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=4818116271534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 197

https://hal900014.redintelligence.net/request.php?zone=llely5buqgjj&nw=20&renderingType=javascript&namespace=b17df31cf6&subid=&uid=66958cd47be951a2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAPK2wIu-e1cAMiow%26exch_seat%3D20035004448%26mt_aid%3D4044841693094684873%26mt_id%3D11050092%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_cid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=7302167652104&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900014.redintelligence.net/request.php?zone=llely5buqgjj&nw=20&renderingType=javascript&namespace=b17df31cf6&subid=&uid=66958cd47be951a2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAPK2wIu-e1cAMiow%26exch_seat%3D20035004448%26mt_aid%3D4044841693094684873%26mt_id%3D11050092%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_cid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=7302167652104&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 204

https://ads.avads.net/sync/ggl?google_gid=CAESELyV27R74g4sye6i74Uz_OE&google_cver=1&google_push=AZmPxg8-xaBdcejCqlCmWgqeiIDVAQIJ3zLuSkyEB2R9mGmZkXbtqPSMLwssAWRTKEfqj8thPuQzPm4eghxMEvTSZOfhJXm26ddy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=YjcxMDJhOTEtYWRjOS00YzFmLTllZWEtYjljNmUwZmYwYWMw&google_push=AZmPxg8-xaBdcejCqlCmWgqeiIDVAQIJ3zLuSkyEB2R9mGmZkXbtqPSMLwssAWRTKEfqj8thPuQzPm4eghxMEvTSZOfhJXm26ddy

Request Chain 205

https://an.yandex.ru/mapuid/google/CAESEKC-rED2dC-DBk5jRZjs5Ok?ext-param=AZmPxg_gPAxHqnUoah4WgguKgp8sCnoOX7J_JtGyt-dupqSshnqEy0zWFcaWvocpTexEdMad4YPd7vbSvKL9y24P8abfM0KrtvqM&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://an.yandex.ru/mapuid/google/CAESEKC-rED2dC-DBk5jRZjs5Ok?redir-setuniq=1&ext-param=AZmPxg_gPAxHqnUoah4WgguKgp8sCnoOX7J_JtGyt-dupqSshnqEy0zWFcaWvocpTexEdMad4YPd7vbSvKL9y24P8abfM0KrtvqM&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEKC-rED2dC-DBk5jRZjs5Ok&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

Request Chain 206

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJJymGDk2YRWVHrkiPX4Bto&google_cver=1&google_push=AZmPxg9BeMs3mzfUQqDBCPweIgDQoNsxxD_mgl5qrMA-9DsJQ21-jn-4xvdoq1bL8hNNApkKAgaqFhdqhI4SLTq2VVOblVoMHfZK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AZmPxg9BeMs3mzfUQqDBCPweIgDQoNsxxD_mgl5qrMA-9DsJQ21-jn-4xvdoq1bL8hNNApkKAgaqFhdqhI4SLTq2VVOblVoMHfZK HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 207

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26&google_push=AZmPxg9G-k1_KZ6V1uTi8bCzrWHhDCodSNWTp1IxzqaoalhWQ3G2rv5nJYAlnNnrMkMUFtPpxCJL-X0j1dRLVekXy3_-P1Vj1Hbk?google_gid=CAESECJmEjEgWRNZl7Ljqqk8E2k&google_cver=1 HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26&google_push=AZmPxg9G-k1_KZ6V1uTi8bCzrWHhDCodSNWTp1IxzqaoalhWQ3G2rv5nJYAlnNnrMkMUFtPpxCJL-X0j1dRLVekXy3_-P1Vj1Hbk?google_gid=CAESECJmEjEgWRNZl7Ljqqk8E2k&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&&google_push=AZmPxg9G-k1_KZ6V1uTi8bCzrWHhDCodSNWTp1IxzqaoalhWQ3G2rv5nJYAlnNnrMkMUFtPpxCJL-X0j1dRLVekXy3_-P1Vj1Hbk

Request Chain 222

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEFGubJFwkuoAJ-o8nXVEde8&google_cver=1&google_push=AZmPxg9NCOY8luUg-yv9OP-EUyskG4BA54-CS41b6J7nnxP0TeZaTovNEGJLnK15rD6ZLSaxWY_4dgGTjalSglQYfnqVzVp2rZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AZmPxg9NCOY8luUg-yv9OP-EUyskG4BA54-CS41b6J7nnxP0TeZaTovNEGJLnK15rD6ZLSaxWY_4dgGTjalSglQYfnqVzVp2rZI

Request Chain 223

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEH0u8Ji9r0WBtVfp0FgNIMk&google_cver=1&google_push=AZmPxg-JfOTdxTmLvzLF7N3gtUA7eyY4q4_N1IH0Cgcg9U4LcakGSq6Gkx4bdge38yoPCDt_m4jHhO8JAeidWR5sGmftg2Bu--M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE2MDU1MzA4MjAwMTg4MTIzMw%3D%3D&google_push=AZmPxg-JfOTdxTmLvzLF7N3gtUA7eyY4q4_N1IH0Cgcg9U4LcakGSq6Gkx4bdge38yoPCDt_m4jHhO8JAeidWR5sGmftg2Bu--M

Request Chain 224

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEAExetVWlXc9cQLjlmiCu8w&google_cver=1&google_push=AZmPxg8RcUeGbcKnLpxO5cUtLFe1Ll9zlRC32CFIVupCZiOXy-0Ty7fJscDpNpELUvbcRHNvV1COCpW33HFN4EKEUSdfVhtAkXk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AZmPxg8RcUeGbcKnLpxO5cUtLFe1Ll9zlRC32CFIVupCZiOXy-0Ty7fJscDpNpELUvbcRHNvV1COCpW33HFN4EKEUSdfVhtAkXk

Request Chain 225

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJ-WfaXbBfGpz__88BdEyn4&google_cver=1&google_push=AZmPxg9aO_2nj56_eU4sLB1o1l-jPJJVmP-c8rr50q8c4RUL_ARSWTR6ulq2l30nYwzmiLSJvZ4OLf6E8I93hSvUjDjYnsaSbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=HI2jLlrQRbGAGvlXROKIdA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AZmPxg9aO_2nj56_eU4sLB1o1l-jPJJVmP-c8rr50q8c4RUL_ARSWTR6ulq2l30nYwzmiLSJvZ4OLf6E8I93hSvUjDjYnsaSbg

Request Chain 227

https://sync-dmp.aura-dsp.com/match/google?google_gid=CAESEH73Kl7BOWg1xx-VVS0MkoU&google_cver=1&google_push=AZmPxg8hX4yoj9wacESJG-6OwhJK_TA2OGdN_spxB8iPkvatkF8Xan2eKpj3LM12kbKkxUV8xrYA6yPKOLNn-uYcNgJ2ZaCTLXC2 HTTP 302
https://sync-dmp.aura-dsp.com/match/google?google_gid=CAESEH73Kl7BOWg1xx-VVS0MkoU&google_cver=1&google_push=AZmPxg8hX4yoj9wacESJG-6OwhJK_TA2OGdN_spxB8iPkvatkF8Xan2eKpj3LM12kbKkxUV8xrYA6yPKOLNn-uYcNgJ2ZaCTLXC2&chk=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sol_networks_limited&google_hm=NmNhNzY0Y2IyNDVhZjkyMg&google_push=AZmPxg8hX4yoj9wacESJG-6OwhJK_TA2OGdN_spxB8iPkvatkF8Xan2eKpj3LM12kbKkxUV8xrYA6yPKOLNn-uYcNgJ2ZaCTLXC2

Request Chain 230

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHQFDJ4E09aYxGWNDHnDp8Q&google_cver=1&google_push=AZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHQFDJ4E09aYxGWNDHnDp8Q&google_cver=1&google_push=AZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 231

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEOeyltIejgu2ECRE6NvdaJY&google_cver=1&google_push=AZmPxg81ODsFrnORqdhoXn_fBjgpJmXoNElzd8bGpXKQuXRfR7_PjfG_5mYa11QuaHRgpaUIm3UVSePWWkgi2RS6Xjz49ddN7nEC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOeyltIejgu2ECRE6NvdaJY&google_push=AZmPxg81ODsFrnORqdhoXn_fBjgpJmXoNElzd8bGpXKQuXRfR7_PjfG_5mYa11QuaHRgpaUIm3UVSePWWkgi2RS6Xjz49ddN7nEC

Request Chain 232

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEFGubJFwkuoAJ-o8nXVEde8&google_cver=1&google_push=AZmPxg8CSBtvYYtXjINkK5xlXLTTR7GwTNtAV7J7LGONahHV1USk4ADfMo0V9T7ZBjESeCADE4Q3qxS2332H4byhEp6uF_YsfRld HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AZmPxg8CSBtvYYtXjINkK5xlXLTTR7GwTNtAV7J7LGONahHV1USk4ADfMo0V9T7ZBjESeCADE4Q3qxS2332H4byhEp6uF_YsfRld

Request Chain 233

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEMhQP6I6ssmxWxNA3ojKww&google_cver=1&google_push=AZmPxg85A5aSRhc2OQvFBwGoP6fnbtlLmRDB5HkRqEeT5IGdzjGhWYOnMXC08hK3pcImafPifOoKiwn0raKP-aS4WpaRbl2pGA8 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEMhQP6I6ssmxWxNA3ojKww&google_push=AZmPxg85A5aSRhc2OQvFBwGoP6fnbtlLmRDB5HkRqEeT5IGdzjGhWYOnMXC08hK3pcImafPifOoKiwn0raKP-aS4WpaRbl2pGA8&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEMhQP6I6ssmxWxNA3ojKww&google_hm=Y19lF3VG-m49ic0ISzhHUgAAFAEAAAIB&google_nid=index&google_push=AZmPxg85A5aSRhc2OQvFBwGoP6fnbtlLmRDB5HkRqEeT5IGdzjGhWYOnMXC08hK3pcImafPifOoKiwn0raKP-aS4WpaRbl2pGA8

Request Chain 235

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIzCOnYWwxEVTTKS1bIq0eM&google_cver=1&google_push=AZmPxg9Q89Nfe3lv-rNIQ4cE0Pz1YEzBrP-jMfAAlW7FBtphFTTrgTLfOqiyvSQg3SK8aGk8iTUob-wAYoC7Thn-jPKkVSHejz7FIg HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIzCOnYWwxEVTTKS1bIq0eM&google_cver=1&google_push=AZmPxg9Q89Nfe3lv-rNIQ4cE0Pz1YEzBrP-jMfAAlW7FBtphFTTrgTLfOqiyvSQg3SK8aGk8iTUob-wAYoC7Thn-jPKkVSHejz7FIg&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1NS0NWM0tGRTJ1RzNkdDNudGN2dWxzVndZM1NkWUlBNn5B&google_push=AZmPxg9Q89Nfe3lv-rNIQ4cE0Pz1YEzBrP-jMfAAlW7FBtphFTTrgTLfOqiyvSQg3SK8aGk8iTUob-wAYoC7Thn-jPKkVSHejz7FIg

Request Chain 254

https://gum.criteo.com/sid/json?origin=publishertag&domain=figures.com&sn=ChromeSyncframe&so=0&topUrl=www.figures.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=sFnTH3xWdFJia2oyeFV3WFJ5SDV6QXIrcnFBSDlDOVF4Y0gzcEwyQ2lxeG5NT3ZQT2hhRGFLRmVZN3V2WmRaV3JiOVRZaUJFaU1wdzNvSEtzSE1zeFJLM2w1azhJcVFXMjd5VGk3cTdFc3YvSE9hV2NVREMzRmFPNmoyTTU4Y1AzM0piMjRFLzk3bVhuQUJLdkJBUFNFYmtRdlMvRGJ3RXg1VG0wNHRDaUJFYjJqbmRqRzRjNm9lQXU2bFhyYlBqc1ZFUklhZzNtUS9TWTJWdU0zcDdYZlFSVWo0QTUwUTJhSUVpSHUyWitpVVZNZkFMRVdsQjNGcHBSSnNMeEVGNUdsVHZ4NW4xV2VTQW50aGk4RXh4Z1R5aE9nUT09fA&cppv=2

Request Chain 267

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=7iiNTFc01OPnT25

Request Chain 268

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=openx&bsw_custom_parameter=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=283&user_id=7b83b139-4df5-49dc-8f79-23619d64bb8b&expires=1&user_group=5&ssp=openx&bsw_param=63c21d0a-eca1-4c96-bb90-a8367a8f97b0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&gdpr=&gdpr_consent=

Request Chain 269

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=6864416191012682273

Request Chain 271

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=fd96635f-6516-4d01-b31f-303072438380

Request Chain 272

https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=tS3WorUr0vOuLoamsC_O9eAshvSuetD3ty4LVXaR

Request Chain 273

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2836264411958583388

Request Chain 276

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMr5ETZA1EhFiLEaHUXOoag&google_cver=1

282 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.figures.com/
Redirect Chain

http://www.figures.com/
https://www.figures.com/

91 KB
18 KB

474ms
450ms

Document
text/html

2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08a18f3e79d620f539db78e985b783a9456aad2c11f52f7d2351defaf9b1ba3a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0
cf-cache-status: DYNAMIC
cf-ray: 762a2f56aa229bca-FRA
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 31 Oct 2022 06:02:59 GMT
expires: Mon, 31 Oct 2022 06:02:59 GMT
link: <https://www.figures.com/wp-json/>; rel="https://api.w.org/"
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
vary: Accept-Encoding
via: 1.1 google
x-cluster-node: figures-7b674f6557-zh7gw
x-ua-compatible: IE=Edge,chrome=1

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 762a2f559be19a03-FRA
Cache-Control: max-age=0
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 31 Oct 2022 06:02:58 GMT
Expires: Mon, 31 Oct 2022 06:02:58 GMT
Location: https://www.figures.com/
Server: cloudflare
Transfer-Encoding: chunked
Via: 1.1 google

GET
H2 200 wppa-style.css
www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/theme/ 10 KB
3 KB 63ms
48ms Stylesheet
text/css 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/theme/wppa-style.css?ver=6-8-06-008

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4dddf4a2d56a35f5f2b97f2686f8eb8eef3c6a5a6b6a09ebf37018509922671b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 03 Apr 2018 17:10:35 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 907529
cf-cache-status: HIT
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800, public
cf-ray: 762a2f59af5a9bca-FRA
x-cluster-node: figures-7b674f6557-w7bvt
expires: Thu, 27 Oct 2022 17:57:30 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 57ms
18ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic&ver=4.5.23

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

434c8aaf5794440423cc8e48701840ba8730352d948bdd5e5e7b46edfdc35e41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 31 Oct 2022 06:02:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Oct 2022 06:02:59 GMT

GET
H2 200 font-awesome.css
www.figures.com/wordpress/wp-content/themes/rowling/fa/css/ 28 KB
6 KB 46ms
31ms Stylesheet
text/css 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/themes/rowling/fa/css/font-awesome.css?ver=4.5.23

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c374efba54279628793f04e10ebf5d0c1b4dbc36b3f4132d9235f01d64ca5c8e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 30 Jun 2016 21:01:15 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 2356951
cf-cache-status: HIT
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800, public
cf-ray: 762a2f59af649bca-FRA
x-cluster-node: figures-7b674f6557-2twzz
expires: Mon, 10 Oct 2022 23:20:28 GMT

GET
H2 200 style.css
www.figures.com/wordpress/wp-content/themes/rowling/ 65 KB
11 KB 53ms
39ms Stylesheet
text/css 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/themes/rowling/style.css?ver=4.5.23

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56961e86855b028e655b96d6191bc6b82d728da43bd8f8fe406fa02fa53d13ce

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 05 Jul 2016 14:35:17 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 895494
cf-cache-status: HIT
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800, public
cf-ray: 762a2f59af659bca-FRA
x-cluster-node: figures-7b674f6557-qqtpg
expires: Thu, 27 Oct 2022 21:18:05 GMT

GET
H2 200 jquery.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ 95 KB
33 KB 49ms
36ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 19 Jan 2021 19:43:44 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 2224001
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59af669bca-FRA
x-cluster-node: figures-7b674f6557-tq9m7
expires: Wed, 12 Oct 2022 12:16:18 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ 10 KB
4 KB 48ms
35ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 21 Jun 2016 17:52:23 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 30468
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59af689bca-FRA
x-cluster-node: figures-7b674f6557-rrmd7
expires: Sun, 06 Nov 2022 21:35:11 GMT

GET
H2 200 jquery.form.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ 14 KB
6 KB 35ms
23ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/jquery.form.min.js?ver=3.37.0

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b70376bcd266a20e83621e6f920073f3d51eb42fb75b533b46d716cf2b51be9a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:13 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 254128
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59af6a9bca-FRA
x-cluster-node: figures-7b674f6557-hqdg6
expires: Fri, 04 Nov 2022 07:27:31 GMT

GET
H2 200 wppa-utils.min.js Show response
www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/ 6 KB
2 KB 40ms
28ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/wppa-utils.min.js?ver=6-8-06-008

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8e7ab1164c47baf26da1737769a43f6c173366ca01f321ea518df2b665eb06a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 03 Apr 2018 17:10:35 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 1628201
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59af6d9bca-FRA
x-cluster-node: figures-7b674f6557-jr85f
expires: Wed, 19 Oct 2022 09:46:18 GMT

GET
H2 200 core.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ui/ 4 KB
2 KB 36ms
25ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

191622240e7646a2e888eb318557bcca854828b59b5b2e960545ee08ae142382

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:28 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 958352
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59af6e9bca-FRA
x-cluster-node: figures-7b674f6557-zh7gw
expires: Thu, 27 Oct 2022 03:50:27 GMT

GET
H2 200 widget.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ui/ 7 KB
3 KB 40ms
29ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf70d14e543cc6d2c59a90614f84c34d4dcd6d0a66813cf5a046a249a3d1a2a3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:32 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 2224001
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59af6f9bca-FRA
x-cluster-node: figures-7b674f6557-9h968
expires: Wed, 12 Oct 2022 12:16:18 GMT

GET
H2 200 mouse.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ui/ 3 KB
1 KB 51ms
41ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a873ec2fcf8748b20c3794ca506fa4c4de97073e553e30c77d860faef12ca31

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:31 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 175872
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59af709bca-FRA
x-cluster-node: figures-7b674f6557-zh7gw
expires: Sat, 05 Nov 2022 05:11:47 GMT

GET
H2 200 resizable.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ui/ 18 KB
5 KB 36ms
27ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/ui/resizable.min.js?ver=1.11.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a5031e567b8e2746e312346fd42a28e53585747550a1c1545822ef3fb1246cb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:31 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 1628201
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf749bca-FRA
x-cluster-node: figures-7b674f6557-w7bvt
expires: Wed, 19 Oct 2022 09:46:18 GMT

GET
H2 200 draggable.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ui/ 18 KB
5 KB 37ms
29ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/ui/draggable.min.js?ver=1.11.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ad6569f439422f0263c3471356a5ded62df94a689f308c6ca906b907408a605

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:29 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 188938
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf769bca-FRA
x-cluster-node: figures-7b674f6557-p7mjj
expires: Sat, 05 Nov 2022 01:34:01 GMT

GET
H2 200 button.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ui/ 7 KB
2 KB 35ms
27ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/ui/button.min.js?ver=1.11.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26984d8013ad2ad66660f5f0a36618d084230786b139b0b95b665ff879fdd717

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:28 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 877197
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf779bca-FRA
x-cluster-node: figures-7b674f6557-zh7gw
expires: Fri, 28 Oct 2022 02:23:02 GMT

GET
H2 200 position.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ui/ 6 KB
3 KB 37ms
30ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ac0d8dae396eed714b53c15ed0d4e8699fe0809b91da48fb1075a6403cc8b65

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:31 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 2356951
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf789bca-FRA
x-cluster-node: figures-7b674f6557-f9bs9
expires: Mon, 10 Oct 2022 23:20:28 GMT

GET
H2 200 dialog.min.js Show response
www.figures.com/wordpress/wp-includes/js/jquery/ui/ 12 KB
4 KB 41ms
34ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/jquery/ui/dialog.min.js?ver=1.11.4

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff6d900c437f03dff77033a65462cae784791ceb56620f3ffcc846eed71d29b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:25:28 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 1628201
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf7a9bca-FRA
x-cluster-node: figures-7b674f6557-w7bvt
expires: Wed, 19 Oct 2022 09:46:18 GMT

GET
H2 200 wppa.min.js Show response
www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/ 20 KB
6 KB 34ms
28ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/wppa.min.js?ver=6-8-06-008

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ba1793f34f5aa029e08644bc099b06cdb4ca2e4267fcf783adb49e55ce5191c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 03 Apr 2018 17:10:35 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 895494
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf7b9bca-FRA
x-cluster-node: figures-7b674f6557-zh7gw
expires: Thu, 27 Oct 2022 21:18:05 GMT

GET
H2 200 wppa-slideshow.min.js Show response
www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/ 33 KB
8 KB 32ms
26ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/wppa-slideshow.min.js?ver=6-8-06-008

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef4c21723394151507d7bdaef882050856ad9d2821400729e38320900ad446d6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 03 Apr 2018 17:10:35 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 254128
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf7d9bca-FRA
x-cluster-node: figures-7b674f6557-zh7gw
expires: Fri, 04 Nov 2022 07:27:31 GMT

GET
H2 200 wppa-ajax-front.min.js Show response
www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/ 16 KB
4 KB 36ms
30ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/wppa-ajax-front.min.js?ver=6-8-06-008

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b7855a9a0c9ac283b599084ea46572fc7c7fac556ea786dbaccb9feed604816

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 03 Apr 2018 17:10:35 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 2224000
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf7e9bca-FRA
x-cluster-node: figures-7b674f6557-tq9m7
expires: Wed, 12 Oct 2022 12:16:18 GMT

GET
H2 200 wppa-lightbox.min.js Show response
www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/ 23 KB
5 KB 39ms
34ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/wppa-lightbox.min.js?ver=6-8-06-008

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01f731cafb52515958e80814f69ab42a51a36b6fe6a8fa632f60d0ae93c40128

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 03 Apr 2018 17:10:35 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 2224000
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf809bca-FRA
x-cluster-node: figures-7b674f6557-9h968
expires: Wed, 12 Oct 2022 12:16:18 GMT

GET
H2 200 wppa-popup.min.js Show response
www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/ 6 KB
2 KB 35ms
31ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/wppa-popup.min.js?ver=6-8-06-008

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6ab82affb33d7378b756075fccddcc76eb1a00c72df7efba500dc21c57c78c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 03 Apr 2018 17:10:35 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 30468
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf819bca-FRA
x-cluster-node: figures-7b674f6557-p7hvt
expires: Sun, 06 Nov 2022 21:35:11 GMT

GET
H2 200 wppa-touch.min.js Show response
www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/ 3 KB
1 KB 44ms
39ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/plugins/wp-photo-album-plus/js/wppa-touch.min.js?ver=6-8-06-008

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb91d15f16171384a4b6332334fd62aa365a3b2c542482c9a1b554dc80943276

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 03 Apr 2018 17:10:35 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 1371216
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59bf829bca-FRA
x-cluster-node: figures-7b674f6557-w7bvt
expires: Sat, 22 Oct 2022 09:09:23 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
27 KB 43ms
15ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

075f0b96d3f5faf88ceadde797d80b24f65331ed73b6787306aad4823b6c16b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27393
x-xss-protection: 0
server: sffe
etag: "1379 / 697 of 1000 / last-modified: 1666994710"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 31 Oct 2022 06:02:59 GMT

GET
H2 200 NewFiguresLogo-1.png
www.figures.com/wordpress/wp-content/uploads/2016/07/ 5 KB
5 KB 30ms
23ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2016/07/NewFiguresLogo-1.png

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bff7f0e0b4271f2ed2c3a278f73ebe96da3704160a3bb07a3aee3808db07503

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 148466
cf-polished: origFmt=png, origSize=9908
content-disposition: inline; filename="NewFiguresLogo-1.webp"
content-length: 5236
x-cluster-node: figures-7b674f6557-p7mjj
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jul 2016 18:27:31 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a28649bca-FRA
expires: Mon, 28 Nov 2022 12:48:33 GMT

GET
H2 200 email-decode.min.js Show response
www.figures.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
830 B 11ms
10ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 Oct 2022 23:39:35 GMT
server: cloudflare
etag: W/"6359c537-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 762a2f59f8039bca-FRA
expires: Wed, 02 Nov 2022 06:02:59 GMT

GET
H2 200 DSCN6489-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 19 KB
20 KB 36ms
30ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/DSCN6489-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04d5e77da0d2dd5490f7666ed718c2aeaa84845a2335907d9385bce3d229b7a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 148466
cf-polished: qual=85, origFmt=jpeg, origSize=22487
content-disposition: inline; filename="DSCN6489-400x200.webp"
content-length: 19952
x-cluster-node: figures-7b674f6557-p7mjj
cf-bgj: imgq:85,h2pri
last-modified: Thu, 13 Oct 2022 20:25:35 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a28669bca-FRA
expires: Mon, 28 Nov 2022 12:48:33 GMT

GET
H2 200 309821585_5704026016326403_1066371755965662327_n-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 14 KB
14 KB 35ms
29ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/309821585_5704026016326403_1066371755965662327_n-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee9d9fe6b806d4b482759b443c2b82a3c25191211900f87ac1f624b644cc051d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 464721
cf-polished: qual=85, origFmt=jpeg, origSize=17638
content-disposition: inline; filename="309821585_5704026016326403_1066371755965662327_n-400x200.webp"
content-length: 14146
x-cluster-node: figures-7b674f6557-qqtpg
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 Oct 2022 13:29:45 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a28689bca-FRA
expires: Thu, 24 Nov 2022 20:57:38 GMT

GET
H2 200 Cowardly-Lion-DLX-IS_14-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 15 KB
15 KB 28ms
22ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/Cowardly-Lion-DLX-IS_14-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b28242ad4dfb76a00f8b38e8d811b17da90d0f72b55d8998d7de9e8a3853a0c9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 158756
cf-polished: qual=85, origFmt=jpeg, origSize=17674
content-disposition: inline; filename="Cowardly-Lion-DLX-IS_14-400x200.webp"
content-length: 15462
x-cluster-node: figures-7b674f6557-p7mjj
cf-bgj: imgq:85,h2pri
last-modified: Fri, 28 Oct 2022 19:47:53 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a28699bca-FRA
expires: Mon, 28 Nov 2022 09:57:03 GMT

GET
H2 200 MARVEL-LEGENDS-SERIES-RETRO-375-COLLECTION-GHOST-RIDER-5-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 12 KB
13 KB 40ms
35ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/MARVEL-LEGENDS-SERIES-RETRO-375-COLLECTION-GHOST-RIDER-5-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0e186e8f48abb67e5c58766bc63e84ca21399a971b719b4c8d368d863d8d619

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 158756
cf-polished: qual=85, origFmt=jpeg, origSize=15903
content-disposition: inline; filename="MARVEL-LEGENDS-SERIES-RETRO-375-COLLECTION-GHOST-RIDER-5-400x200.webp"
content-length: 12566
x-cluster-node: figures-7b674f6557-zh7gw
cf-bgj: imgq:85,h2pri
last-modified: Fri, 28 Oct 2022 12:17:20 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a286a9bca-FRA
expires: Mon, 28 Nov 2022 09:57:03 GMT

GET
H2 200 cig-cozy-gallery-884RrI-DRAGP_RAYLA_STATUE_DHD_PHOTO_DSP_GROUP-xxl-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 13 KB
13 KB 33ms
27ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/cig-cozy-gallery-884RrI-DRAGP_RAYLA_STATUE_DHD_PHOTO_DSP_GROUP-xxl-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

463c21036c3d869837928cfed75c7a0bade94abbcc28c0569de14d71aa5365c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 308848
cf-polished: qual=85, origFmt=jpeg, origSize=15511
content-disposition: inline; filename="cig-cozy-gallery-884RrI-DRAGP_RAYLA_STATUE_DHD_PHOTO_DSP_GROUP-xxl-400x200.webp"
content-length: 12948
x-cluster-node: figures-7b674f6557-zh7gw
cf-bgj: imgq:85,h2pri
last-modified: Thu, 27 Oct 2022 16:10:42 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a286b9bca-FRA
expires: Sat, 26 Nov 2022 16:15:30 GMT

GET
H2 200 1shran-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 10 KB
10 KB 33ms
28ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/1shran-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a41f61d432c09b9ebeec1ea50451efb21f2154db41139d484cbdd3c22ad0584f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 158756
cf-polished: qual=85, origFmt=jpeg, origSize=12628
content-disposition: inline; filename="1shran-400x200.webp"
content-length: 9826
x-cluster-node: figures-7b674f6557-p7mjj
cf-bgj: imgq:85,h2pri
last-modified: Thu, 27 Oct 2022 14:48:48 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a286e9bca-FRA
expires: Mon, 28 Nov 2022 09:57:03 GMT

GET
H2 200 311776029_5784054868323517_2911947664177594596_n-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 5 KB
5 KB 33ms
28ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/311776029_5784054868323517_2911947664177594596_n-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7018945fc8ab361323f0984fa6f68a43948b73f01ab24e55eb0026af0c84d7f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 148466
cf-polished: qual=85, origFmt=jpeg, origSize=8525
content-disposition: inline; filename="311776029_5784054868323517_2911947664177594596_n-400x200.webp"
content-length: 5270
x-cluster-node: figures-7b674f6557-zh7gw
cf-bgj: imgq:85,h2pri
last-modified: Thu, 27 Oct 2022 13:17:06 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a28709bca-FRA
expires: Mon, 28 Nov 2022 12:48:33 GMT

GET
H2 200 x800-13647-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 7 KB
7 KB 31ms
27ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/x800-13647-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62fc2495153856ea4eb7b7580c0e9cff1462df970bcf3f7f5de111a8c575ab38

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 148466
cf-polished: qual=85, origFmt=jpeg, origSize=10770
content-disposition: inline; filename="x800-13647-400x200.webp"
content-length: 7040
x-cluster-node: figures-7b674f6557-zh7gw
cf-bgj: imgq:85,h2pri
last-modified: Wed, 26 Oct 2022 17:44:18 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a28759bca-FRA
expires: Mon, 28 Nov 2022 12:48:33 GMT

GET
H2 200 1batgirl-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 16 KB
16 KB 157ms
153ms Image
image/jpeg 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/1batgirl-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47dc229ec92bda6d11943e48b878c8763ab0cdca84322aaad86443b11f720bcd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
last-modified: Wed, 26 Oct 2022 15:20:45 GMT
server: cloudflare
cf-cache-status: MISS
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a28789bca-FRA
content-length: 16483
x-cluster-node: figures-7b674f6557-zh7gw
expires: Wed, 30 Nov 2022 06:02:59 GMT

GET
H2 200 1BB-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 18 KB
18 KB 36ms
32ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/1BB-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd06a26e66795ac08400c2e72e7aafce88a4e34c85782f2e6fa1ffc83f5a74af

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 400268
cf-polished: qual=85, origFmt=jpeg, origSize=20273
content-disposition: inline; filename="1BB-400x200.webp"
content-length: 17930
x-cluster-node: figures-7b674f6557-qqtpg
cf-bgj: imgq:85,h2pri
last-modified: Wed, 26 Oct 2022 14:34:02 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a28799bca-FRA
expires: Fri, 25 Nov 2022 14:51:51 GMT

GET
H2 200 1criticalrole-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 19 KB
20 KB 32ms
28ms Image
image/jpeg 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/1criticalrole-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed51a40866cb1ba356568883a85dd33bbe245bda6cbee5e4ad06baaf63514007

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 402414
cf-polished: degrade=85, origSize=21714, status=webp_bigger
content-length: 19834
x-cluster-node: figures-7b674f6557-qqtpg
cf-bgj: imgq:85,h2pri
last-modified: Wed, 26 Oct 2022 12:48:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a287a9bca-FRA
expires: Fri, 25 Nov 2022 14:16:05 GMT

GET
H2 200 F7768_DIO_PRG_Daniel-LaRusso_F7772_0019-400x200.jpg
www.figures.com/wordpress/wp-content/uploads/2022/10/ 15 KB
15 KB 33ms
29ms Image
image/webp 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.figures.com/wordpress/wp-content/uploads/2022/10/F7768_DIO_PRG_Daniel-LaRusso_F7772_0019-400x200.jpg

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52fb53972f1c5355fc6ee8ee32ba26c933d094cb6879c41670cd7672ea089072

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 148466
cf-polished: qual=85, origFmt=jpeg, origSize=18322
content-disposition: inline; filename="F7768_DIO_PRG_Daniel-LaRusso_F7772_0019-400x200.webp"
content-length: 14906
x-cluster-node: figures-7b674f6557-zh7gw
cf-bgj: imgq:85,h2pri
last-modified: Tue, 25 Oct 2022 20:09:31 GMT
server: cloudflare
vary: Accept
content-type: image/webp
cache-control: max-age=2592000, public
accept-ranges: bytes
cf-ray: 762a2f5a287c9bca-FRA
expires: Mon, 28 Nov 2022 12:48:33 GMT

GET
H2 200 flexslider.js Show response
www.figures.com/wordpress/wp-content/themes/rowling/js/ 53 KB
11 KB 24ms
24ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/themes/rowling/js/flexslider.js?ver=4.5.23

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6c8293e02709c803f07fba9cf6667a4daf03a758a403e99cd696a3fcf75209e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 30 Jun 2016 21:01:15 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 2037320
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f59f80a9bca-FRA
x-cluster-node: figures-7b674f6557-fk4rp
expires: Fri, 14 Oct 2022 16:07:39 GMT

GET
H2 200 doubletaptogo.js Show response
www.figures.com/wordpress/wp-content/themes/rowling/js/ 926 B
676 B 43ms
36ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/themes/rowling/js/doubletaptogo.js?ver=4.5.23

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98e1b3475e2568cb240726ac6edcfab418ecedf64c96649b5a9c213943368915

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 30 Jun 2016 21:01:15 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 1644957
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f5a285f9bca-FRA
x-cluster-node: figures-7b674f6557-w7bvt
expires: Wed, 19 Oct 2022 05:07:02 GMT

GET
H2 200 global.js Show response
www.figures.com/wordpress/wp-content/themes/rowling/js/ 2 KB
928 B 34ms
27ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/themes/rowling/js/global.js?ver=4.5.23

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5203c4c90d60cd7a8613ad2ad7444e9891df2238677ffe563b84b8deb03d28b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 30 Jun 2016 21:01:15 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 2048390
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f5a28609bca-FRA
x-cluster-node: figures-7b674f6557-x6mv9
expires: Fri, 14 Oct 2022 13:03:09 GMT

GET
H2 200 wp-embed.min.js Show response
www.figures.com/wordpress/wp-includes/js/ 1 KB
882 B 30ms
23ms Script
application/javascript 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-includes/js/wp-embed.min.js?ver=4.5.23

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

892ecb8e84801900fbec1f9f340f9dd7d53a6444079d82dda76d41581c501891

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
via: 1.1 google
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 06 Jun 2016 16:24:46 GMT
server: cloudflare
strict-transport-security: max-age=3600; includeSubDomains
age: 907528
cf-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
cf-ray: 762a2f5a28639bca-FRA
x-cluster-node: figures-7b674f6557-w7bvt
expires: Thu, 27 Oct 2022 17:57:31 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 36ms
9ms Script
text/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 31 Oct 2022 04:50:53 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4326
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 31 Oct 2022 06:50:53 GMT

GET
H/1.1 200
OK vs.figures.com.js Show response
tags-cdn.deployads.com/a/ 456 KB
143 KB 568ms
519ms Script
text/javascript 13.224.189.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-17.fra2.r.cloudfront.net
Software: awselb/2.0 /
Resource Hash: d4c1d66077910338d2ea84b0d788e66a74a742345e3ae2b481773e4915c72c7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: public
Date: Mon, 31 Oct 2022 06:02:59 GMT
Content-Encoding: gzip
Via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
Last-Modified: Mon, 31 Oct 2022 06:02:59 GMT
Server: awselb/2.0
X-Amz-Cf-Pop: FRA2-C1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
X-Cache: Miss from cloudfront
Cache-Control: max-age=1800,public
Connection: keep-alive
X-Amz-Cf-Id: NmmdqbLfO1J2up3Z5SQxnQWAM1E9LtL7CVaeOEk-1zxcxZPJlJ_0ZA==
Expires: Mon, 31 Oct 2022 06:32:59 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 337 KB
113 KB 45ms
16ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WQHTT6Z

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4536a0f945b67cc3d929d77c49809075b3616ab1e3f7ffa2abd6a2e940e32b32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 115709
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 31 Oct 2022 06:02:59 GMT

GET
H2 200 fontawesome-webfont.woff2
www.figures.com/wordpress/wp-content/themes/rowling/fa/fonts/ 55 KB
56 KB 55ms
52ms Font
font/woff2 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/wordpress/wp-content/themes/rowling/fa/fonts/fontawesome-webfont.woff2?v=4.3.0

Requested by

Host: www.figures.com
URL: https://www.figures.com/wordpress/wp-content/themes/rowling/fa/css/font-awesome.css?ver=4.5.23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

Referer: https://www.figures.com/wordpress/wp-content/themes/rowling/fa/css/font-awesome.css?ver=4.5.23
Origin: https://www.figures.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: HIT
age: 678864
content-length: 56780
x-cluster-node: figures-7b674f6557-qqtpg
x-ua-compatible: IE=Edge,chrome=1
last-modified: Thu, 30 Jun 2016 21:01:15 GMT
server: cloudflare
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 762a2f5a28629bca-FRA
expires: Tue, 22 Nov 2022 09:28:35 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 38ms
11ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic&ver=4.5.23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.figures.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 478545
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Oct 2023 17:07:14 GMT

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 22 KB
22 KB 32ms
17ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic&ver=4.5.23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.figures.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 17:10:10 GMT
x-content-type-options: nosniff
age: 478369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22504
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Oct 2023 17:10:10 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 35ms
21ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic&ver=4.5.23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.figures.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 478545
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Oct 2023 17:07:14 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2
fonts.gstatic.com/s/merriweather/v30/ 19 KB
20 KB 23ms
9ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic&ver=4.5.23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6b9eebb05461840790fc804b4590323ef12a57fe5af7fcdeed2d798e572844b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.figures.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 23:25:54 GMT
x-content-type-options: nosniff
age: 542225
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19816
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:08:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Oct 2023 23:25:54 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=103480030&utmhn=www.figures.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Figur...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-91774835-12&cid=933595329.1667196180&jid=1301726883&_v=5.7.2&z=103480030
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91774835-12&cid=933595329.1667196180&jid=1301726883&_v=5.7.2&z=103480030
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91774835-12&cid=933595329.1667196180&jid=1301726883&_v=5.7.2&z=103480030&slf_rd=1&random=3890029403

42 B
501 B

42ms
19ms

Image
image/gif

2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91774835-12&cid=933595329.1667196180&jid=1301726883&_v=5.7.2&z=103480030&slf_rd=1&random=3890029403

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:02:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:02:59 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91774835-12&cid=933595329.1667196180&jid=1301726883&_v=5.7.2&z=103480030&slf_rd=1&random=3890029403
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2022102501.js Show response
securepubads.g.doubleclick.net/gpt/ 378 KB
128 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e140393a5c564a0373f5af25fb31419454e956674534b4acee7822a5d1586b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 00:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20238
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130606
x-xss-protection: 0
last-modified: Tue, 25 Oct 2022 08:35:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 31 Oct 2023 00:25:41 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 109 B
725 B 40ms
18ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.figures.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9990061b9ed004ba93efda14a6bf74cfc891fb266cbffe1fd2fc5a269155e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89
x-xss-protection: 0
expires: Mon, 31 Oct 2022 06:02:59 GMT

GET
H2 200 verify_user_eu_geoip.php Show response
www.figures.com/videoplayer/ 29 B
146 B 138ms
138ms XHR
application/json 2606:4700:4400::ac40:9214
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.figures.com/videoplayer/verify_user_eu_geoip.php?verifyUserGeoIp=true

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9214 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee14b9a6cb3f34835c285fee8f2bdbc6b0ded10a2760e587f424946cada05cf8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Request headers

Referer: https://www.figures.com/
X-Requested-With: xmlhttprequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Mon, 31 Oct 2022 06:02:59 GMT
date: Mon, 31 Oct 2022 06:02:59 GMT
content-security-policy: upgrade-insecure-requests
via: 1.1 google
strict-transport-security: max-age=3600; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/json
cache-control: max-age=0
accept-ranges: none
cf-ray: 762a2f5ae9939bca-FRA
content-length: 29
x-cluster-node: figures-7b674f6557-zh7gw
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQHTT6Z

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 31 Oct 2022 05:15:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 2825
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Mon, 31 Oct 2022 07:15:54 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 176 KB
65 KB 40ms
23ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P7SQZM3W78&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQHTT6Z

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ffe71e16386c8fd05591ca89b683793c201b9dbc702f65702c036948cc6d9b0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 66380
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 31 Oct 2022 06:02:59 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
347 B 37ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-P7SQZM3W78&gtm=2oeaq0&_p=614155983&cid=933595329.1667196180&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1667196179&sct=1&seg=0&dl=https%3A%2F%2Fwww.figures.com%2F&dt=Figures.com%20%7C%20All%20The%20Toy%20And%20Action%20Figure%20News%20All%20The%20Time&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P7SQZM3W78&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:02:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.figures.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

beacon.js Show response
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain

https://sb.scorecardresearch.com/cs/6036030/beacon.js
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

4 KB
2 KB

8ms
8ms

Script
application/javascript

13.225.78.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Server: 13.225.78.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-28.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
content-encoding: gzip
via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
last-modified: Thu, 04 Mar 2021 13:31:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 261
x-amz-server-side-encryption: AES256
etag: W/"5b0f9f0704a703b8da651007721fac57"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 6oma6myHg_A9McqbI4Hm_ma6ipteiHXJaOf0tD0H10I86F5VJpBD_g==

Redirect headers

location: /internal-cs/default/beacon.js
date: Mon, 31 Oct 2022 06:02:59 GMT
via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
content-length: 0
x-amz-cf-id: FuQ9ZNaNGnQcxB1J_PnAo7a5qPi7nP1J0v8G8XZsu2FlAMP_NgL2lg==
x-cache: Miss from cloudfront

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 81 KB
28 KB 65ms
38ms Script
text/javascript 2606:4700::6810:a20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a20d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 8Z98BWZE8K5D8GA6
age: 892635
content-length: 28567
x-amz-id-2: HU3mvt2c6BP6jTaRLNI3PCEs6R74oSm8DU9pqxe6oBpu82Rngx5Qoq40IKR0eJipBK+1A07xkEk=
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
server: cloudflare
etag: "072eaf64a771815874455704fca9301b"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 762a2f5bee209b9b-FRA
expires: Mon, 07 Nov 2022 06:02:59 GMT

GET
H/1.1 200
OK px.js Show response
p.cpx.to/p/11825/ 2 KB
2 KB 143ms
30ms Script
application/javascript 52.48.231.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.cpx.to/p/11825/px.js
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.231.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-231-49.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ac48ce13d4ca752955e80920fab7dba14a02d27a5e947898c465678902fd7fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:02:59 GMT
Cache-Control: max-age=2419200, public
Connection: keep-alive
Content-Length: 1990
Content-Type: application/javascript; charset=UTF-8

GET
H2 200 services.js Show response
js.gumgum.com/ 105 KB
39 KB 155ms
126ms Script
application/javascript 13.225.78.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.gumgum.com/services.js
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-62.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8714be2a868cfbf4f205f3d01f6ee6e1da9ae2babd4f23cf31c7d87bfc6d09cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id: Cin26cJbCfgQJxGATmqyJ0b3vHKM_0LU
content-encoding: gzip
via: 1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
date: Mon, 31 Oct 2022 06:03:00 GMT
last-modified: Mon, 17 Oct 2022 17:15:20 GMT
server: AmazonS3
x-amz-meta-timing-allow-origin: *
x-amz-cf-pop: FRA2-C2
etag: W/"73be9cdf25c84621cec690f87063add7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-meta-access-control-allow-origin: *
x-amz-cf-id: OXmlW0RxC83VsqBBGcsuj6x7Nc6qBG_NAvZWCelWcwi_DaSCsLJuAw==

GET
H2 204 b
sb.scorecardresearch.com/ 0
190 B 10ms
10ms Image
text/plain 13.225.78.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=6036030&c4=figures.com&cs_it=b2&cv=3.8.0.210223&ns__t=1667196179842&ns_c=UTF-8&c7=https%3A%2F%2Fwww.figures.com%2F&c8=Figures.com%20%7C%20All%20The%20Toy%20And%20Action%20Figure%20News%20All%20The%20Time&c9=
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-28.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:02:59 GMT
via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: BwlWfSyR77tQj8lYczqQbXKYRjVp5VbX3CrJnqrn7e6wLGoAOJE-1w==
x-cache: Miss from cloudfront

POST
H/1.1 200
OK ping Show response
api.viglink.com/api/ 180 B
628 B 155ms
57ms XHR
text/javascript 52.214.137.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/ping
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.137.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-214-137-185.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 08782f0ace6e59561e86e16894de2fcb76e9a23ddc74468a3502412840a97cda

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:02:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.figures.com
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 180
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK fire.js Show response
s.cpx.to/ 843 B
1 KB 137ms
33ms Script
application/javascript 52.51.99.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.cpx.to/fire.js?pid=11825&ref=&url=https%3A%2F%2Fwww.figures.com%2F&hn_ver=40&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676

Requested by

Host: p.cpx.to
URL: https://p.cpx.to/p/11825/px.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.51.99.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-51-99-34.eu-west-1.compute.amazonaws.com

Software

Resource Hash

0a1269a4c77c91ea5e886c1635e65271d5a67d49e55197d27184608d8077eb83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Date: Mon, 31 Oct 2022 06:03:00 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Permitted-Cross-Domain-Policies: none
X-Frame-Options: sameorigin
P3P: CP="NOI DEV ADM"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 843
Expires: Thu, 27 Oct 2022 09:00:08 UTC

GET
H2 204 services Show response
g2.gumgum.com/publishers/2274/ 0
246 B 101ms
32ms XHR
text/plain 34.251.180.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/publishers/2274/services?dp=https%3A%2F%2Fwww.figures.com%2F&pu=https%3A%2F%2Fwww.figures.com%2F&rf=&r=3.87.22&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A2%2C%22ren%22%3A2%2C%22fc%22%3A0%2C%22ctx%22%3A%5B2%5D%2C%22jsv%22%3A%223.87.22%22%2C%22pbv%22%3A%220.0.0%22%7D&ns=10035&bf=3807cf5a81173aa922a4ebfa96ad7466af84bdb8&ce=true&fs=false&dpr=1&sch=1200&scw=1600&lt=1667196179967&to=0&vpii=false&vph=1200&vpw=1600
Requested by: Host: js.gumgum.com
URL: https://js.gumgum.com/services.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.180.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-180-249.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:00 GMT
access-control-allow-credentials: true
server: nginx
timing-allow-origin: *
etag: "0d41d8cd98f00b204e9800998ecf8427e"

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 41 B
488 B 35ms
34ms XHR
text/javascript 52.214.137.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.137.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-214-137-185.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e2801458918711b28a351d73175c1ed0f7b55083491c034eb6292708848b0e0c

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:02:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.figures.com
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 41
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

sync
s.cpx.to/
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D0a8f3f0a-1b9e-440c-a269-0a21f2782676
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D0a8f3f0a-1b9e-440c-a269-0a21f2782676
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=1C8DA32E-5AD0-45B1-801A-F95744E28874&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676

95 B
881 B

33ms
32ms

Image
image/png

52.51.99.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=1C8DA32E-5AD0-45B1-801A-F95744E28874&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

HTTP/1.1

Server

52.51.99.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-51-99-34.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Date: Mon, 31 Oct 2022 06:03:00 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Permitted-Cross-Domain-Policies: none
X-Frame-Options: sameorigin
P3P: CP="NOI DEV ADM"
Content-Type: image/png
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 95
Expires: Mon, 31 Oct 2022 06:03:00 UTC

Redirect headers

location: https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=1C8DA32E-5AD0-45B1-801A-F95744E28874&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676
date: Mon, 31 Oct 2022 06:02:59 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
265 B 112ms
33ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 31 Oct 2022 06:03:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

getuid
sync.smartadserver.com/
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D0a8f3f0a-1b9e-440c-a269-0a21f2782676&gdpr=0
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&gdpr=0&cklb=1

0
316 B

26ms
23ms

Image
text/plain

185.86.139.106
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&gdpr=0&cklb=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: HTTP/1.1
Server: 185.86.139.106 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:02:59 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location: https://sync.smartadserver.com:443/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&gdpr=0&cklb=1
pragma: no-cache
date: Mon, 31 Oct 2022 06:02:59 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1

200
OK

ca.png
s.cpx.to/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676
https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&google_tc=
https://s.cpx.to/ca.png?dsp=dbm&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&google_gid=CAESEMpFxYe6WP0j9wf1wJ7t6EI&google_cver=1

95 B
804 B

33ms
32ms

Image
image/png

52.51.99.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?dsp=dbm&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&google_gid=CAESEMpFxYe6WP0j9wf1wJ7t6EI&google_cver=1

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

HTTP/1.1

Server

52.51.99.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-51-99-34.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Date: Mon, 31 Oct 2022 06:03:00 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Permitted-Cross-Domain-Policies: none
X-Frame-Options: sameorigin
Content-Type: image/png
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 95

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://s.cpx.to/ca.png?dsp=dbm&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676&google_gid=CAESEMpFxYe6WP0j9wf1wJ7t6EI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

an_fire
s.cpx.to/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D11825%26ref%3D%26url%3Dhttps%253A%252F%252Fwww.figures.com%252F%26hn_ver%3D40%26fid%3D0a8f3f0a-1b9e...
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D11825%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Fwww.figures....
https://s.cpx.to/an_fire?app_nexus_uid=6864416191012682273&pid=11825&ref=&url=https%3A%2F%2Fwww.figures.com%2F&hn_ver=40&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676

95 B
865 B

31ms
31ms

Image
image/png

52.51.99.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/an_fire?app_nexus_uid=6864416191012682273&pid=11825&ref=&url=https%3A%2F%2Fwww.figures.com%2F&hn_ver=40&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

HTTP/1.1

Server

52.51.99.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-51-99-34.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Date: Mon, 31 Oct 2022 06:03:00 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Permitted-Cross-Domain-Policies: none
X-Frame-Options: sameorigin
P3P: CP="NOI DEV ADM"
Content-Type: image/png
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 95
Expires: Mon, 31 Oct 2022 06:03:00 UTC

Redirect headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:00 GMT
AN-X-Request-Uuid: 74cdc26c-5e08-4c2c-b13a-734236ef2553
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://s.cpx.to/an_fire?app_nexus_uid=6864416191012682273&pid=11825&ref=&url=https%3A%2F%2Fwww.figures.com%2F&hn_ver=40&fid=0a8f3f0a-1b9e-440c-a269-0a21f2782676
Connection: keep-alive
X-Proxy-Origin: 81.95.5.41; 81.95.5.41; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
127 B 94ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:00 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/qjvXa44Qfwp61in_jX9wKlFbhJw/gpt_and_prebid/ 63 KB
16 KB 30ms
7ms Script
text/javascript 151.101.65.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/qjvXa44Qfwp61in_jX9wKlFbhJw/gpt_and_prebid/config.js
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8efe4b47061f4df650d4e222cbd533693fb74754465e195a8a7121feebd05868

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:00 GMT
Content-Encoding: gzip
Via: 1.1 varnish
x-amz-request-id: E043KNH3MAPXF0K4
Age: 744
X-Cache: HIT
Connection: keep-alive
Content-Length: 16155
x-amz-id-2: hrFybRfRBIvS1UOoVtzV3A25owvuv9Za1ujzKrnCc1HCbF/0Tizsq9lZnx7pExzX/un1MhJp+Wo=
X-Served-By: cache-hhn4067-HHN
Last-Modified: Sun, 30 Oct 2022 16:11:22 GMT
Server: AmazonS3
X-Timer: S1667196181.523890,VS0,VE0
ETag: "f56b85c139dc90b9fcae356c5a544b30"
Content-Type: text/javascript
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
X-Cache-Hits: 13

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 35ms
16ms XHR
application/json 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20221031

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0fef6375247b362fb4aab15091b0551d35da961ebecdf5c831504422f000088

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10915
x-jsd-version: 1.0.1509
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19153-FRA, cache-yyz4541-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"66a-JVPGm7jCZ+U7b4H0rWUcXFN9zn4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YHqmuhVJ3LaeB5kA9zxbRr19Vg1kKFQCeAYXsE1gtoVDOjq2t1T%2FhYQa0Nz91y9GD0UUwAGHmLB7i6c773e9Z4gvcVwfgJkJ39X%2BN05WiR5pzHReGBO%2FW1dZGl9Z0mUF0Xx0l3d5ueRiCuHbWUE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 762a2f6049ab997a-FRA

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 37ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1378928ad08ba71f5d370a300b56117a3d710bd793a3c8546c1b3726fd5bfec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27396
x-xss-protection: 0
server: sffe
etag: "1379 / 287 of 1000 / last-modified: 1666994777"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 31 Oct 2022 06:03:00 GMT

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/rpuuC0TtTLKAz/www.figures.com/ 4 KB
2 KB 442ms
397ms Script
application/javascript 2600:9000:21f3:1000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/rpuuC0TtTLKAz/www.figures.com/choice.js?timestamp=1667196180501
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6416f3ee5c9d71c76623409ba4b1744bfaf41fd36e0033486ffa329b00dd19a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: br
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
last-modified: Tue, 14 Sep 2021 20:14:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
etag: W/"c67256696c031b3ff3a9f00c0c29e307"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-id: SxTvz920SmrCJYDJ7viHv2wiO95emChIomvL_69EUTiLOrvHVVJS_A==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 177 KB
44 KB 33ms
10ms Script
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6952d75a2aaa80c38068102af0b81541c127ce80a62b183f9a6d4197a4c2e31f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:51:22 GMT
content-encoding: gzip
via: 1.1 3141f89cca62ae5784a211a8d1176d1c.cloudfront.net (CloudFront), 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
last-modified: Wed, 26 Oct 2022 19:24:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 699
x-amz-server-side-encryption: AES256
etag: W/"95738dd931cd70a132d12a456f44b79f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: Q--DP1sFf6liCLoQSA4qseJ6hzibdvS1VeZnFAOgtmSYpF7LXdNCsQ==

GET
H2 200 wrap.js Show response
cdn.confiant-integrations.net/gptprebidnative/202210271001/ 209 KB
66 KB 55ms
27ms Script
application/javascript 2606:4700::6812:106b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/gptprebidnative/202210271001/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/qjvXa44Qfwp61in_jX9wKlFbhJw/gpt_and_prebid/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:106b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65622e9d48714f0fffd17f51dc0bf5bf1ca784c7225a6ec451ffda1307e05b51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 27 Oct 2022 14:04:01 GMT
server: cloudflare
x-amz-request-id: PR3BA48Y0TH2EQXY
age: 308057
etag: W/"eef946e938c3f6c3a618e1f4a39b3b7d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 762a2f60aa315bf5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: DzDcxX14Op67JDgn2xasM4mqeBflqJMPAiDeWL3MN1Ova+v9AOCdCUlHTujdkPUgTIo2Caxwlso=

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
301 B 111ms
110ms XHR
text/plain 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.figures.com&pubid=82ced0ff-f996-4780-a317-3a867a4dc64d
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:00 GMT
via: 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
access-control-allow-origin: https://www.figures.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: gzGmtXBfRPqOaG5XKk7fMGxC2HnoGfSxk-M04sHf-P7264YeEsIoYg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 25ms
8ms XHR
application/javascript 13.224.195.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-78.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id: GByBGE9Pk5QvO6waz.2OH5fe1oGEkMED
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
date: Mon, 31 Oct 2022 05:11:16 GMT
x-amz-cf-pop: FRA2-C1
age: 3105
x-cache: Hit from cloudfront
last-modified: Fri, 21 Oct 2022 19:58:26 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: fnrlofd9g_9mexc9dQ4LRE6C8ZGipmvskmUWJSz-KJiyQzp3IOiqWw==

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 30ms
30ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:00 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/23/ 266 KB
73 KB 21ms
20ms Script
text/javascript 2600:9000:21f3:1000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.figures.com
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/rpuuC0TtTLKAz/www.figures.com/choice.js?timestamp=1667196180501
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b3d7664a9bc1602bae1581a2bb4181109516fb2ae83e439e272954399a8adb12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:00 GMT
content-encoding: gzip
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 21
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 18 Dec 2020 15:09:38 GMT
server: AmazonS3
etag: W/"c6ce2ec2de0e055e2cd4aa8901f10de9"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: UwHrn1lRmC4qcGU_saLlbUtP6bC6uId-8dOkyc_RjxUbU9JBjm-ReQ==

GET
H2 200 google-atp-list.json Show response
quantcast.mgr.consensu.org/tcfv2/ 151 KB
36 KB 25ms
8ms XHR
application/json 2600:9000:21f3:1000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.figures.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 13d358cb1bfedfd784d1b178d8edb89a01d1226eac18db3ed1bb0d055319d4ec

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 03:00:32 GMT
content-encoding: br
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 10950
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 31 Oct 2022 03:00:26 GMT
server: AmazonS3
etag: W/"6e00d81229963f8ec69beb244de7d635"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: paXV2NENRu5-8i5kKNLv7XkNW_Dzjy0XBjRh_GvfhMqvCq-j-iLP8g==

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 29ms
29ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:01 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 cmp-list.json Show response
test.quantcast.mgr.consensu.org/GVL-v2/ 10 KB
3 KB 54ms
8ms XHR
application/json 2600:9000:21f3:f600:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.figures.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:f600:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a516850efa3ee956c74740838465b2d9ba0252e81a4056a3c646baaefad3d3b3

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 03:00:40 GMT
x-amz-version-id: kSZtBt_BZH2e6X4wkdwH4ToD1vwHbb6H
content-encoding: gzip
via: 1.1 06d36e78e8dfd9468327f09115761a9e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 10942
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 16 Oct 2022 19:52:29 GMT
server: AmazonS3
etag: W/"f44973b40f5b1f2c0d2efb33eb66a4ea"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: 3cnpFHSFbPHfNvaNYK6txZdznWhqBXjdkUnUXV-VvPQibUwCDRl0Dg==

GET
H2 200 vendor-list.json Show response
quantcast.mgr.consensu.org/GVL-v2/ 393 KB
47 KB 9ms
9ms XHR
application/json 2600:9000:21f3:1000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.figures.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f4573597c1f32225f10441bf89fc82031fd4ecc8f22b6152f51609d6dd19e5f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 03:00:40 GMT
content-encoding: br
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 10942
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 31 Oct 2022 03:00:34 GMT
server: AmazonS3
etag: W/"c17afda691ba6e72616b7932060b01ae"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: kwMqCpDYu1FXB9iZOrZTxKWtl4tBYmotuByVlFbLIhcHTFnBEJ4Ohg==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 42ms
18ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.figures.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.figures.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 33 KB
13 KB 722ms
721ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2912569033594321&correlator=1940571656498650&output=ldjh&gdfp_req=1&vrg=2022102501&ptt=17&impl=fifs&gdpr=0&iu_parts=1030735%2CFigures_com_120x60_Vendor1_COL_Homepage%2CFigures_com_120x60_Vendor2_COL_Homepage%2CFigures_com_120x60_Vendor3_COL_Homepage%2CFigures_com_120x60_Vendor4_COL_Homepage%2CFigures_com_120x60_Vendor5_COL_Homepage%2CFigures_com_120x60_Vendor6_COL_Homepage%2CFigures_com_120x60_Vendor7_COL_Homepage%2CFigures_com_120x60_Vendor8_COL_Homepage&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8&prev_iu_szs=120x60%2C120x60%2C120x60%2C120x60%2C120x60%2C120x60%2C120x60%2C120x60&ifi=1&adks=2213930210%2C1770687013%2C2309330264%2C506104914%2C640821033%2C2928327664%2C2311137904%2C2345048772&sfv=1-0-38&prev_scp=srt_sdbg%3D3%7Csrt_sdbg%3D3%7Csrt_sdbg%3D3%7Csrt_sdbg%3D3%7Csrt_sdbg%3D3%7Csrt_sdbg%3D3%7Csrt_sdbg%3D3%7Csrt_sdbg%3D3&eri=1&cust_params=tpid%3D0%26sitename%3DFigures.com%26srt_scv%3D2%26wrapper%3DV2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1667196181162&lmt=1667196181&dlt=1667196179444&idt=267&adxs=1070%2C1070%2C1070%2C1070%2C1070%2C1070%2C1070%2C1070&adys=248%2C248%2C248%2C248%2C248%2C248%2C248%2C248&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C0%7C0%7C0%7C0%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8&oid=2&color_bg=F1F1F1&color_border=F1F1F1&color_link=111111&color_text=000000&color_url=111111&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.figures.com%2F&frm=20&vis=1&psz=160x0%7C160x0%7C160x0%7C160x0%7C160x0%7C160x0%7C160x0%7C160x0&msz=160x0%7C160x0%7C160x0%7C160x0%7C160x0%7C160x0%7C160x0%7C160x0&fws=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ga_vid=933595329.1667196180&ga_sid=1667196181&ga_hid=614155983&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3446a4f01e4f115b65cea32b39a53121dd19e7ad18177cb1af32920e9136ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13044
x-xss-protection: 0
google-lineitem-id: 5730766308,-2,-2,-2,-2,-2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138313146280,-2,-2,-2,-2,-2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.figures.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 60ms
23ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022102501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6996b5a436ba09bbc1bacd19b81f91ab23d7591f7f70717895725bc8a08a4d30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11248
x-xss-protection: 0

GET
H2 200 container.html Show response
ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6ED0 6 KB
4 KB 69ms
15ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 31 Oct 2022 06:03:01 GMT
expires: Tue, 31 Oct 2023 06:03:01 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
461 B 164ms
94ms XHR
text/javascript 13.225.87.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.figures.com%2F&pid=fxV90Rge4N1G4&cb=0&ws=1600x1200&v=22.1021.827&t=2100&slots=%5B%7B%22sd%22%3A%22Figures_com_728x90_Top_COL_Homepage%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F1030735%2FFigures_com_728x90_Top_COL_Homepage%22%7D%2C%7B%22sd%22%3A%22Figures_com_728x90_Middle_COL_Homepage%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F1030735%2FFigures_com_728x90_Middle_COL_Homepage%22%7D%2C%7B%22sd%22%3A%22Figures_com_300x250_TopRight_COL_Homepage%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1030735%2FFigures_com_300x250_TopRight_COL_Homepage%22%7D%2C%7B%22sd%22%3A%22Figures_com_160x600_RightUpper_COL_Homepage%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F1030735%2FFigures_com_160x600_RightUpper_COL_Homepage%22%7D%2C%7B%22sd%22%3A%22Figures_com_160x600_RightUpper2_COL_Homepage%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F1030735%2FFigures_com_160x600_RightUpper2_COL_Homepage%22%7D%2C%7B%22sd%22%3A%22Figures_com_160x600_RightUpper3_COL_Homepage%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F1030735%2FFigures_com_160x600_RightUpper3_COL_Homepage%22%7D%2C%7B%22sd%22%3A%22Figures_com_300x250_MiddleRight_COL_Homepage%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F1030735%2FFigures_com_300x250_MiddleRight_COL_Homepage%22%7D%2C%7B%22sd%22%3A%22Figures_com_728x90_Bottom_COL_Homepage%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F1030735%2FFigures_com_728x90_Bottom_COL_Homepage%22%7D%5D&schain=1.0%2C1!sortable.com%2C196%2C1%2C%2C%2C&pubid=82ced0ff-f996-4780-a317-3a867a4dc64d&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-188.fra2.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C2
x-amz-rid: MY5V6YW8896990E9R17H
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: dt-wg2tA4wr197IW4BXgEVkb9k0uK_vrBzW_uLCZZamSr57PhpUaxQ==

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
116 B 111ms
65ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
644 B 508ms
169ms XHR
application/json 209.191.163.209
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.4
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 209.191.163.209 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software: /
Resource Hash: 3993bc72bc9738e83a56bdbcef9762167e518500f5c06c6989426db754e26a42

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 31 Oct 2022 06:03:01 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://www.figures.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3sfo1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 150ms
109ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdbc30074b&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 4cecb2156abee5cb4d4e0f8c5a7a6dc9b25857cabadeaf4a40dd77abf3bca4d5

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
293 B 149ms
109ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdbc30074b&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: b54821712a7e2135cf3a0fe8ab6b41ff00ff393926a47f558e3fc1031f7086bd

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 170ms
130ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdb9cb0749&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 8ee3f8d79dcda36f6ebe6d538db3c448c062eb5036d492ebf40ce12838c25fa4

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 149ms
109ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdb8970748&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 8db5ec917d4163c87d6395b02053d17a82f3a56eed21fca557b0719cae0fd6b0

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 151ms
111ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdb8970748&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 8965307f85b49dc8bbf46d5287b421f18e766ac2c0d917a96c789a3966a0b843

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 152ms
112ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdb8970748&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 2123e18d0151f7ef0593180b8867bd6395db8b5ced73064d061148daff5ea112

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 150ms
110ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdbafe074a&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: aeef6565a61fc9fd2776f895a240c0f5067157f991afe35425d23a962a04f8e9

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 149ms
110ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdb9cb0749&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: d0d03f314508f3bb6ece452b2da1e5f95ac57aa6922f5353a8c3e6e39cadf4f1

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 150ms
110ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9694d4017373968c709fb965fc0722&pos=8a9694d4017373968c709fbdbc30074b&cmd=bid&secure=1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 94b27b5de053d720d77b2d98fbdbf482103a503e147867b7f047003320ab6f8d

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
content-length: 62

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 338 B
456 B 42ms
19ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUP91F1X
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 004205799efc5404914c7f364cf4e082a4581ca401eb3235d69143db1f0431a8

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.figures.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear

GET
H2 200 arj Show response
verticalscope-d.openx.net/w/1.0/ 175 B
590 B 319ms
288ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://verticalscope-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.figures.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=a41dfebd-cd2a-4afb-af9f-424570c3a6ee%2C8cd32109-8186-4a56-b019-b18365a5b3a7%2C939ce553-171a-43ac-b73a-195bf81f900c%2Ca1724512-e30f-43c4-891f-9e12a89c87db%2C1f27c421-25da-487d-b405-438c5bce7f33%2C4d65da4f-bbab-4260-871d-7ab40db3b657%2C6f5f9ab4-734d-4dff-963c-d42adc8bc14e%2C3806c419-c92a-4b6f-bff7-ec27228f7838&nocache=1667196181219&gdpr=0&aus=728x90%7C728x90%7C300x250%7C160x600%7C160x600%7C160x600%7C300x250%2C300x600%7C728x90&divids=%252F1030735%252FFigures_com_728x90_Top_COL_Homepage_Figures_com_728x90_Top_COL_Homepage%2C%252F1030735%252FFigures_com_728x90_Middle_COL_Homepage_Figures_com_728x90_Middle_COL_Homepage%2C%252F1030735%252FFigures_com_300x250_TopRight_COL_Homepage_Figures_com_300x250_TopRight_COL_Homepage%2C%252F1030735%252FFigures_com_160x600_RightUpper_COL_Homepage_Figures_com_160x600_RightUpper_COL_Homepage%2C%252F1030735%252FFigures_com_160x600_RightUpper2_COL_Homepage_Figures_com_160x600_RightUpper2_COL_Homepage%2C%252F1030735%252FFigures_com_160x600_RightUpper3_COL_Homepage_Figures_com_160x600_RightUpper3_COL_Homepage%2C%252F1030735%252FFigures_com_300x250_MiddleRight_COL_Homepage_Figures_com_300x250_MiddleRight_COL_Homepage%2C%252F1030735%252FFigures_com_728x90_Bottom_COL_Homepage_Figures_com_728x90_Bottom_COL_Homepage&aucs=%252F1030735%252FFigures_com_728x90_Top_COL_Homepage_Figures_com_728x90_Top_COL_Homepage%2C%252F1030735%252FFigures_com_728x90_Middle_COL_Homepage_Figures_com_728x90_Middle_COL_Homepage%2C%252F1030735%252FFigures_com_300x250_TopRight_COL_Homepage_Figures_com_300x250_TopRight_COL_Homepage%2C%252F1030735%252FFigures_com_160x600_RightUpper_COL_Homepage_Figures_com_160x600_RightUpper_COL_Homepage%2C%252F1030735%252FFigures_com_160x600_RightUpper2_COL_Homepage_Figures_com_160x600_RightUpper2_COL_Homepage%2C%252F1030735%252FFigures_com_160x600_RightUpper3_COL_Homepage_Figures_com_160x600_RightUpper3_COL_Homepage%2C%252F1030735%252FFigures_com_300x250_MiddleRight_COL_Homepage_Figures_com_300x250_MiddleRight_COL_Homepage%2C%252F1030735%252FFigures_com_728x90_Bottom_COL_Homepage_Figures_com_728x90_Bottom_COL_Homepage&auid=540780254%2C540780254%2C540780255%2C540780255%2C540780255%2C540780255%2C540780255%2C540780254
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e29dc85dd7032d9c612f694c6b9f0aa6180d9961a67f2be9d0ddd8b728418378

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.figures.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
563 B 92ms
58ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=190318&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2249df65eb1b01285%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.figures.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%2C%22mfu%22%3A0%2C%22bu%22%3A8%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A8%2C%22ren%22%3Afalse%2C%22version%22%3A%225.20.4%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22505fcb619ec84fb%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22190318%22%2C%22sid%22%3A%22728x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2251a9ea245289dd2%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22190318%22%2C%22sid%22%3A%22728x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2252b82d0e9c1860d%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22190322%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2253e6491def1c7fd%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22190323%22%2C%22sid%22%3A%22160x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22546e888e61d9643%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22190323%22%2C%22sid%22%3A%22160x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2255df2136afc1c2b%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22190323%22%2C%22sid%22%3A%22160x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2256c8541ef3fbfdb%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22190322%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22190325%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22190322%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%225857cebfb03cd83%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22190318%22%2C%22sid%22%3A%22728x90%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f49fc48880ee693eff69fab7ae58caaa10ea7e7d7d787940e773d5ecde7259f8

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9R%2FrynfuisexD7x6GTk8TtLnK0usMDfGcgGjM1pNRbcUF3H2R6xBdIM0I1%2BPfgdnw4CtzjZm1SX6tdDI8M0pu0ktJjLyy32osCqaYoKJcYoI6OJcncsmN%2BE3EEUzvEbGd862XEL"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.figures.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 762a2f64ddef9b3d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
858 B 161ms
130ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:01 GMT
AN-X-Request-Uuid: 6570b7ed-3547-4f07-b5c3-85d50c9ab733
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.figures.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.41; 81.95.5.41; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
217 B 283ms
250ms XHR
text/plain 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.20.4&cb=68167041740

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 06:03:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://www.figures.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 73ms
25ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 234ms
186ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
158 B 71ms
24ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 83ms
36ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 80ms
32ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 81ms
34ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 76ms
29ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 74ms
27ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 77ms
31ms XHR
text/plain 18.195.100.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.100.182 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-100-182.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.figures.com
date: Mon, 31 Oct 2022 06:03:01 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 31ms
30ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:01 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 51ms
18ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DAFD 13 KB
5 KB 40ms
8ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 29460
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 30 Oct 2022 21:52:01 GMT
expires: Mon, 30 Oct 2023 21:52:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1A6B 783 B
535 B 54ms
20ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5685a77112ebb44c5c8b5b8b4eb224f0ca93d8f8d6e10b963812fc8c12c0ce82

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-o1hM4KnWJit0pEOP2m3yUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-o1hM4KnWJit0pEOP2m3yUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 31 Oct 2022 06:03:01 GMT
expires: Mon, 31 Oct 2022 06:03:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 vLbRz7g6TQ5oo3iSl-9A8cc-tNTKSUSKynQIdvKxkcY.js Show response
pagead2.googlesyndication.com/bg/ Frame DAFD 36 KB
16 KB 25ms
8ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vLbRz7g6TQ5oo3iSl-9A8cc-tNTKSUSKynQIdvKxkcY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcb6d1cfb83a4d0e68a3789297ef40f1c73eb4d4ca49448aca740876f2b191c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sat, 29 Oct 2022 06:14:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172088
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16061
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 29 Oct 2023 06:14:53 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1A6B 0
0 45ms
41ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022102501&jk=2912569033594321&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 28ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:01 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DAFD 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?uspygw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 __utm.gif
ssl.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/__utm.gif?utmwv=5.7.2&utms=2&utmn=1714604613&utmhn=www.figures.com&utmt=event&utme=5(Adblock*Unblocked*false)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Figures.com%20%7C%20All%20The%20Toy%20And%20Action%20Figure%20News%20All%20The%20Time&utmhid=614155983&utmr=-&utmp=%2F&utmht=1667196181513&utmac=UA-91774835-12&utmni=1&utmcc=__utma%3D214787720.933595329.1667196180.1667196180.1667196180.1%3B%2B__utmz%3D214787720.1667196180.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=&utmu=6BQAAAAAAAAAAAAAAAAAAAAE~

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 30 Oct 2022 23:19:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 24188
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 28ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:01 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 34ms
18ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.figures.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 35ms
18ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.figures.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 186 KB
36 KB 516ms
516ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2912569033594321&correlator=4024795193559553&output=ldjh&gdfp_req=1&vrg=2022102501&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=1030735%2CFigures_com_728x90_Top_COL_Homepage%2CFigures_com_728x90_Middle_COL_Homepage%2CFigures_com_300x250_TopRight_COL_Homepage%2CFigures_com_160x600_RightUpper_COL_Homepage%2CFigures_com_160x600_RightUpper2_COL_Homepage%2CFigures_com_160x600_RightUpper3_COL_Homepage%2CFigures_com_300x250_MiddleRight_COL_Homepage%2CFigures_com_728x90_Bottom_COL_Homepage&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8&prev_iu_szs=728x90%2C728x90%2C300x250%2C160x600%2C160x600%2C160x600%2C300x250%7C300x600%2C728x90&ifi=9&adks=3142667483%2C2728996594%2C4278815359%2C3632607776%2C2824496062%2C1417030345%2C2350583171%2C319716271&sfv=1-0-38&prev_scp=srt_st%3D8%26srt_sdbg%3D7%26s%3D0%26srt_u%3Dhb%26amznbid%3D2%26amznp%3D2%7Csrt_st%3D8%26srt_sdbg%3D7%26s%3D0%26srt_u%3D9f%26amznbid%3D2%26amznp%3D2%7Csrt_st%3D8%26srt_sdbg%3D7%26s%3D0%26srt_u%3Dgj%26amznbid%3D2%26amznp%3D2%7Csrt_st%3D8%26srt_sdbg%3D7%26s%3D0%26srt_u%3Dm3%26amznbid%3D2%26amznp%3D2%7Csrt_st%3D8%26srt_sdbg%3D7%26s%3D0%26srt_u%3Djg%26amznbid%3D2%26amznp%3D2%7Csrt_st%3D8%26srt_sdbg%3D7%26s%3D0%26srt_u%3Dmj%26amznbid%3D2%26amznp%3D2%7Csrt_st%3D8%26srt_sdbg%3D7%26s%3D0%26srt_u%3D6z%26amznbid%3D2%26amznp%3D2%7Csrt_st%3D8%26srt_sdbg%3D7%26s%3D0%26srt_u%3Dhu%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=tpid%3D0%26sitename%3DFigures.com%26srt_scv%3D2%26wrapper%3DV2&sc=1&cookie_enabled=1&abxe=1&dt=1667196181745&lmt=1667196181&dlt=1667196179444&idt=267&adxs=672%2C200%2C1075%2C1070%2C1240%2C1240%2C-9%2C436&adys=56%2C2779%2C238%2C243%2C243%2C248%2C-9%2C2834&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C1%7C0%7C0%7C0%7C0%7C-1%7C2&ucis=9%7Ca%7Cb%7Cc%7Cd%7Ce%7Cf%7Cg&oid=2&color_bg=F1F1F1&color_border=F1F1F1&color_link=111111&color_text=000000&color_url=111111&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.figures.com%2F&frm=20&vis=1&psz=728x0%7C816x0%7C330x10%7C160x0%7C160x0%7C160x0%7C0x-1%7C1600x5&msz=728x0%7C816x0%7C320x0%7C160x0%7C160x0%7C160x0%7C0x-1%7C1600x0&fws=0%2C0%2C0%2C0%2C0%2C0%2C2%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ga_vid=933595329.1667196180&ga_sid=1667196181&ga_hid=614155983&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dbc963827a680fc411653f0ae588db6163d160312f84ba069fa99d118cd756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,89167,89167,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36771
x-xss-protection: 0
google-lineitem-id: 5731812418,-2,-1,5730771060,-1,-1,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138312742487,-2,-1,138313146277,-1,-1,-1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.figures.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9C21 0
0 44ms
43ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsupVEPjDDF6s9zXmyI7BnvbuFfyj70XVFtlbFx_Dg48tmLtVOdfx1ERIBUXRyc4sJHmnLrSaugmUgvW-vpk70mVzL2YpBnQD8_-AGqvXnRsR2YwlXwgT36f86p0XmERfaqYv_j3hrLoZaS7bVdb1kIuHxF4SD2IuKqml5K40WU3ZPBElphuGEYdzDsZfYTRo4v9lQiyTU_og_YiPG2TXhdird24s2GV25A44UqMnsWZGhbsE54DWE_bCvqvIoqMKPpUgdQzIdcXH9sNedXnpgV4lO74GvUA9nfeTpIOXxuh3RZUcqLWF_sMcLYiP-5M_IK_4Lc7L5ktXx9ZdJ56JgHHbxuPNgn8_zU&sai=AMfl-YRqxig16256MMR3bo9SNYtOkiaLIOAASDakXsLgpANVyorNXMnIKezk-e3Bsihqox4vwpqRHwRjhGu8ALsbpDBP48Q-gH2arlzy-Tfyz2iG9MHzymoGy8FHtqIFGFfh-g&sig=Cg0ArKJSzIUs6ct3ULBtEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame 9C21 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 21:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29501
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 21:51:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C21 153 KB
47 KB 55ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H3 200 6321767338949108804
tpc.googlesyndication.com/simgad/ Frame 9C21 25 KB
25 KB 8ms
8ms Image
image/gif 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6321767338949108804

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82cf5b28018ece80ebdeb6a1b74335b5a7e2ded5a5629e33bf25e62ea8336dac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 16:12:20 GMT
x-content-type-options: nosniff
age: 568241
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25231
x-xss-protection: 0
last-modified: Wed, 13 May 2020 18:54:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 24 Oct 2023 16:12:20 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9C21 0
0 15ms
15ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTy39Y5w3-kAsBLhJoYfjCx4R_rjJsD7oY4wC-IyJqO1T0BkLF55H99SXp_kngsaaU6BKlM7R9W-v4WrF-mp3V1vtWSsw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 9C21 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b152db769c391b7cf809ddf6bbdc258f5feb771428f14c540f392eced489a5e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 28ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:01 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9C21 0
0 60ms
44ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst0GGBPylUoQ7OtZ0cZnW2mHy4smqEmox5kLT8V0aKpXC54d9iU2nS7czc6g9cNCE5xCyjaRc2j-Fe6IXYSBPjVgF290ZOzJhK2tB1AwueLDNELs1twuhvrMJRphedFKpi4CMNWpOsnEKI4qNu_ioaz7sFI8AAwCrLHeLevzYUP_vwLv5w-Wxuzpdg84wPxOn5GE7ZEY1HSBaMtW_pW6fUg_ISCneBp-Hb1aCQOtd3kFUFHA2UMTAzbNOvZYwUUgPHkkQ6vSZtiRko5Hsldib2zg9HZXE-cEolw_wk1R4LqMTGjepnx8HWv8_Mkk7ydFiwM8jQmF4eifolEMW8G-vbM754AQ8LMR0rJzQ&sai=AMfl-YQkdSL-Gkn-MX6DcUZXWhwpsP7o6Zjt2_YMQnJiCWFxjTmxZa1YZoNgf_ZNFu8vnMLg9rmG0ct6woT6qhF_WLj31q33BY36rxmsuj4fpvxAPikxSdxh3GbdRt7vHRSF9Q&sig=Cg0ArKJSzMFf5HUxjMfIEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 31 Oct 2022 06:03:02 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
45ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022102501&jk=2912569033594321&bg=!ERKlElbNAAZPh4lnb4c7ACkAdvg8Wo2Lutc4d5Iy24HFAqaChyEtDrc8TBnhvi4larKv7GTVXZaJDwIAAABFUgAAAAdoAQeZApy_-3gFj2xtucdn2h_STklO1osasi78bx-Zc0t1yrju5_1t9hg5KV0hsbFl4Q8oAkzL6Y9k2fMH2FUskPJmeS53tHxiYE9XXx9Pe8fQqn5R4akXZu0DPBeXyP0H22D4ZxgpcRI9Mj7rdc9X3Oe9KW-d9nqoyGZ6KWsCZYszA9nic-7PW-wV-DcNsYXSTrzSnb_mmcC88wMdYJfYlduxQdPc3TKCsjwE5dNgeRH9CHT9eJHENUgsTzXPHDMk-oww2KAv-iDO0sEmllxVToNg4mieicfABfUqN4-JaTJgg2Bmukxa6PnUKdtyfVJqoLJYSiWkC4YDwiDWqOiwkgDR0rdJXz5Wb4pDXz3FYWv2HtB6P0ojwMu0uiF-MUPkK_JsYG-ZSIkVH4sO4Icsoa2Cc7bkFJNVdUw1CByo_PCMAfWnvRswLsOwEK-Q1oBNdq9kyjp1Af165SAznPFcnh0GqFcQrT3Ux9siFhd4uJ5g8jROUniHLJEtkusWhuXQOCyMRkuSgDqd4hdsE7XADRK8vzYD9Y9ObFNa5pScYAe8DuNGO5Lib8gnGsKb1Td9D8FHl_R3n9IFETpiAUWi-pBW4RnuWzcvKpbb__9ov4Dqs21Pqm7x_p7v7nOnCVWpKLQhO84QinMISCpIMfHbdooroNAyBJp3VweLP0lFAFGlvitrkeFWbSPaosYSGfLTb_wv__oV3J5gqGXOboyyZ_RdGSSnsMFvdAHgh1_V-R5bpFDXtKoKr3hzBn4K0zxDDAk9mrHiZZ5DfG1U_3MPc0Jzp--Sb-ryT3sK6GGnagJQ0mvzI9LZ0SrTxT23KdpRFvqKQoCZnnZ4iTKJQpPBIHrrP-rldudwYdrb9wLA18TjKMqR3A6FY8lU6uXffmSREw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 28ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:02 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B107 0
0 44ms
43ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssvjP7dqxJK6GAvm7bXkr-IDXyzT2kJVuqcQg2sLfpIMkAl6g3iuP4z4xrdqcnNoV7gIxRW8zJujM9Ma4NmLzJ8n-FQBZlXdtkF3C6YrmhrvK0ziCPD0xMQnQadDfOyUqciOpYVYZ5KT5r3CeMDaOwXmfWM5ZLcwOk7TI_Gx7KDRP_Ah7_vy436561kFNkIp2VJqZjUnFEI5_lQHW0YJt_hVdb4_ygKUvMX-uXYJxe4lLRqvg-iQR2gJcthZ8iHW7d5MBfW2pJ3gktaNJ0mxMrJWTRIlK-zoB4jidzEE8pdZrSPvy5phfqBqk-ZJZrn4PTBCMXGamoHshL-bY9GpexPKw&sai=AMfl-YSQFLNLFOQPU-tjb__8hfE_Gzh-bDcQJlAgw5N6gaBRD02Q77orhGW9cOm0ZkTfpwPDaLuD8Ryg-cWwOWQQJ67HODTnAA83k76ObDHCIQhS5-DwfnibE42NyArOu3ixpQ&sig=Cg0ArKJSzMHWadAPDf8ZEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame B107 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 21:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29502
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 21:51:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B107 153 KB
47 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 31 Oct 2022 06:03:02 GMT

GET
H3 200 15681537304940353766
tpc.googlesyndication.com/simgad/ Frame B107 31 KB
31 KB 8ms
8ms Image
image/gif 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15681537304940353766

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6466ba3b9201c10be469a19a1450a7a528f813d143b556ed37429be3b2de7a85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 09:05:50 GMT
x-content-type-options: nosniff
age: 507432
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31273
x-xss-protection: 0
last-modified: Tue, 06 Mar 2018 20:39:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 25 Oct 2023 09:05:50 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B107 0
0 15ms
15ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSL16u59S-NNHLSFAhlQbz1WXPGcyeovT9agffwg4XApavwoUnGDoBOrm6XlzR6g-TWoBPh7ElpOULlf4CMu8UPa37kyQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame B107 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 820767e5a3715b65cf587e418f234ebf81bbc68380a50aea41e30e2229ced556

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BD7A 6 KB
3 KB 27ms
10ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 31 Oct 2022 06:03:01 GMT
expires: Tue, 31 Oct 2023 06:03:01 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 48F5 0
0 45ms
44ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstkZGaC-zIvTgRBxYXa0bJwlobF_Yu7AeF2Tc4ce3wmkr96x4yYaFGBLnyEOUpVFT_m9-vwvFMmJl1JE5pj9dnxAXXzbfaPBcA4iWtx2t2K7Op-MU0tjXEOHv8YDxShEcwy3a-DBhb7j_Pocui-99oUAuuP2k_O84Z8l0fz1kkcKuQL1vDtpIhewHCnBUIz_ifVG2PTQdULaI9w4b7XnhHMY2CQ8N35uxQ8iIY0WBn7eEqDYdkEUnqfrpeKBO4sGuO7hjyNQYCvIrMx6VZNWsQ-OeQ9viUf_psfCDP42T5Z6OPbMNc3qgvb4C7cCNXsT8aEyttch1GMKINYwv9ZlXvdqWbEQiYqN9cIcQ&sai=AMfl-YSpmejHcE16MQ_Ii2I24F6bPHStSnNGij5JW7Lv2i8sLGR5OvLx_DS7tWtOr7evbn_z74fDOnH0x6gxVALcytY5RXk-jBuERmztszPYUuJJ0YD9QcBO3hUJ-T4kO9ZAZQ&sig=Cg0ArKJSzLnS1bElkG0vEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame 48F5 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 21:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29502
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 21:51:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 48F5 153 KB
47 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 31 Oct 2022 06:03:02 GMT

GET
H3 200 8395661495472026053
tpc.googlesyndication.com/simgad/ Frame 48F5 47 KB
47 KB 8ms
8ms Image
image/gif 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8395661495472026053

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c963206d6111cbad6b81879f93b309b4af9449d28f181be403246d64bcfc8018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 14:21:13 GMT
x-content-type-options: nosniff
age: 574909
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47646
x-xss-protection: 0
last-modified: Wed, 07 Mar 2018 16:43:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 24 Oct 2023 14:21:13 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 48F5 0
0 15ms
15ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTwtymMez4wFcbLRhaSHNp-iYby2Rl1Mc93cQRYioH7bj_0P8UXcESdTXENyoWsMmCeuvCbwDVjCj6DCQdL_JjJY_LQfQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 container.html Show response
ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A6A6 6 KB
3 KB 26ms
10ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 31 Oct 2022 06:03:01 GMT
expires: Tue, 31 Oct 2023 06:03:01 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8E4D 6 KB
3 KB 23ms
8ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 31 Oct 2022 06:03:01 GMT
expires: Tue, 31 Oct 2023 06:03:01 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 48F5 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09e2d3fd7a3151caf23e1b12e31286877f94361fec10f76f5f895fc24a877546

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B107 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssl7snmKYs7i6Um1Q5xNPDg5S7i3ZAiXQteFMEDCAQyJGEFONpsKrioer2IXm4ygUyWlrYJ1b_TKMV80gQqzZyjiSGFxOdL_YoPRml0S23bwv9aVFa_-6UwYCL-ERzCSYiMXIfxMLdORgYupFNJntP-3X9Yv3Lo4IDAlcmJOHeGzyEYSC4ibCKBLJU7RoCewJAUp7_E37nyMGBDbsOKmR_nQeuWDIlVSsvRHd9aTZRqmCLIAA_ZdRTtsoUaNN4ibnEh_r0sPkGxzxqjKi4bOG9h_WOM2aBU9pLVmCxvbpmbVoElHsxaKfEC8JZzumFmGJ5Tn6DdVHRStPnegTpoH-KW6ZMK&sai=AMfl-YRxBVqDarKMJgECufnlAmsE8cGEJmPMl_CfDpfOL5Ks2vqleBFny6sVdAkAootIcuCvyskiM8ZlnXYQOa-7drJCLc9yoIYIOcwUXMWF8CTk53h60DIWmrK6gYBPvx4bFQ&sig=Cg0ArKJSzAM0BCAfPsX1EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 31 Oct 2022 06:03:02 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 48F5 0
0 47ms
47ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvpTDcK8xKKArSFQq_QzXcJLGWtosyX9Y9OgpOhl1_2WJrj5GGtEz6vHS-B3fBkWBUBKOA1DPYMdr02lGhrxkCULL4f-g5pqHlaAtVyjJAovWbzrLjwQf7s4b6WVyOwcbyxGJAjgQ_xfHdhrs3W3Qs3as--2PLS153z1GbJeHhNjjkpCW4B5wHrVnq4l8ZvAD51TEcpsl53l7j_fT1dyOWyuurPonrlXOcy6LLpNfbK9djoMyO92P_35IzA9KLpYpEWUxIKt3ZcSfjalnPeeiYvmYG8FCO01-YnPMakBf-5AS5wb4PCUCLO9gpUkUhneEhrkzBpgqXrDUQlS-2u9LVIgmlxGm0iAVFcG39r&sai=AMfl-YTbZBXwk0KedW6ChG6_9gdJzxtY80_a_NBdiTwY5gszPECmj-tqCd9CPwTLH6oCcq4R78iFLNI3TRLUFhuOB0gR3XaxVbYse63nO55dHhn2_Uak6GCx9_5A2X7RADZw9Q&sig=Cg0ArKJSzEIon8bW5Rp4EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 31 Oct 2022 06:03:02 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8E4D 0
0 51ms
51ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C5js0FWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSCAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmx8R0vVr6d3zBRUHQqClBa8iUHEtw7jKGLOUJwlIDg3kbWWaiDXGOAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzIwNjAyMTU1NDc5MzA0OBifrwc&sigh=QtOPvpUIB8U&uach_m=[UACH]&cid=CAQSPADq26N9-7WAbJ-15sFWshjmJ5IhqSIJK-UFgJV6ty3Zv50p3lp2trI2vBGu3MOb814ZaVMR4VxsBJYAuhgBIBM&tpd=AGWhJmu8hcKNj148RlKaHnutEAS46Tgayk_KpFdwwbpenebOrIbcsJfMSZTVuPQqbDBBrfEcZZ9edSLfsRIcfOgTE5J7ObSxemKjRUnBPPFZn7vfjsVCp7XI1RUsOmOyu3Jkv9T6EJmwyWOkVtrW2FuxSsTJYGqYd0QEZIEfs9h7WDFJ4yr-QaFN0AGdHU0uVlbSbVjP0j6QS38CtAW9y6Six_eQTNcS13gWvh9b6zIWLtraoBZ2oRRRs_NtZvteTd1kghHB4LH9Z7uNZqccUSkd1t0X1TqCzYfZDPJACuD0bRyuDrG8mrwaLuAhj3JE_4ePZMdko7bxf3Qe0b7J_oJwCwXmoUyqjGiGea46Rdi1JeyYTAhlsMtzb1T4ZhJTdV81FUpnPhAeLykH3CBfOPX7jPaOxkBaMFhWiZ6ViFVK4bAPJ301mLeyUK8GHdmYlbxDmj8qTCykgpSZeo5RurRs_7IruAT0W0zMReynZFZ3zCAqu7F2kuZnDLvHbMOy9qLL_RO32K4Uk8Wkd-UwdkineQREXjdFaLg47dkhXOBCZAwTBbFSyRoCkxw8meOTzXw4WUzP-IdP2zw1qRhdj3B_AlUWeYlDTAXoHIskcWWfUnOVb81z126AEUZZANjvSEJt4qJAgRNdXkQcUyS4zV-US-TupqOkyvmx6XIsCct1uMmYgRMoPhf_Ffs9qD6-2l_3aWqm1Y4ksNtxqyYi3Orh3KL6ViUqqNDILPtUCf6p-DC5nKsl7Nw5_ztu7rsOtXgglpkWCy5fAdVtsoBks_6dNukrWdPlAVl4_l4ZBbrlmZE4xt55XrTxYZ5N7I1BVFZOdbY9hydBjGDI5FpVBST6WX1tOals_k0zr8YMmNqr4R_E3KuD9EpPISlmiwfrEGKiDfHgJFHZREfs7n0nF0qNdaKhWVIa1iBT-hyyPoeD5ZDyD1dorVt2AgWq-Z9s33HOET2J_peft-KwHEppyTcdMyqw2XdWCExxqZzXDW3dboIutY7BJKZQLG2Cvhv6KC_u1RIVEmN3084UGlNrAR2HH2duk5DOdKVWbuN47dLD5kiZICUVkuIuzIXAHwveaokVlfo_QsOigp9LnQwDgnjhZROtjtmKiZ2iC2uCuPXxewaljyBpNuBYEG_4rzHt
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 8E4D 3 KB
2 KB 60ms
15ms Script
application/x-javascript 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpNMFpqQXpPRGd0TURnd01TMDBOamMzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQwNDQ4NDE2OTMwOTQ2ODQ4NzMvMTEwNTAwOTIvMTI0NjA5NDkvNC9TVWo5Y2txUG8xNG03bnpHakdOOXZyamI2VGFnQzJlcldCaGRUNUZXdS1BLzEvNC8wLzAvMTk5OTg0My8wLzIxNTU0My8xMjMwMjM4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDA0NDg0MTY5MzA5NDY4NDg3My9hbXMvMC83Njg1LzUvOTk5LzI1OC8yYTAxOjRhMDoyYjo6LzAuMDAwLzE2NjcxOTYxODIvMTY2NzIwODc4Mi80L3B1Yi03MjA2MDIxNTU0NzkzMDQ4Lw/YxdACv27GRQ3R4fEf3LFU8ipsp8&nodeid=3273&group=cdg&auctionid=4044841693094684873&pbs_auctionid=4044841693094684873&shardkey=4044841693094684873&sid=12460949&cid=11050092&bp=a_bdhgdj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%26client%3Dca-pub-7206021554793048%26adurl%3D
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.369.7 /
Resource Hash: 7bd84ce17a091eec59ea01acdad9f4b8469ca5bba911c1ecc0f77886111cb282

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1667196182
Last-Modified: Mon, 31 Oct 2022 06:03:02 GMT
Server: MMBD/3.369.7
x-mm-latency: 1 (1)
Content-Type: application/x-javascript; charset=UTF-8
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x80, cdg-bidder-x137
Connection: close
x-mm-lag: 0
Expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame 8E4D 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/window_focus_fy2021.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 21:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29502
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 21:51:20 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame 8E4D 17 KB
7 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 14:36:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7367
x-xss-protection: 0
server: cafe
etag: 4759548068123418343
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 14:36:43 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8E4D 0
0 17ms
16ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRoI7_i2d_l60iXA8Xud0_-rmGxuLSYLfsZNDmcYUNozx4zZAo_BbtdSzUbfFeSM1HG0blQnBrcstUhJBAtflJNc9WUtA
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 8E4D 22 KB
7 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 16:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 394321
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 26 Oct 2023 16:31:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8E4D 153 KB
47 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 31 Oct 2022 06:03:02 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BD7A 0
0 52ms
50ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CuwX2FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSCAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4DDqxlP5qFSyI9T5oq31MnNuf-98dJTEKbNrnoE7OhxwjD-KDEam-AEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzIwNjAyMTU1NDc5MzA0OBifrwc&sigh=jvyy-Xnc0Bo&uach_m=[UACH]&cid=CAQSPADq26N9-7WAbJ-15sFWshjmJ5IhqSIJK-UFgJV6ty3Zv50p3lp2trI2vBGu3MOb814ZaVMR4VxsBJYAuhgBIBM&tpd=AGWhJmvF4Nk-31wR3X73s79MB4OsnyHMDAF6hSNOrxmFhhOMHE28BEP5bDUOnbOL1aBW2r29QFZWlCVRDfJHh8v0ptO1xsLJjuNxQRz1CruamvBthbM7PnCcIYf7nFs4yeqBARA_-Ed6lenknMl5tcKA0ta45dUSVBzkoWEHmCCHjtXK9RnyqyGcFlbGjSNNfwGUoKGG79prR0wv5u-Fzv7T5d-f-Gtnin-UaZ4xPJc69fl9E5BwF2gq1t_Akry3pDFdtbGu9yzhmg0hXza-a_dYryMuRDEe4ineJwnUq8YWcljNADV7CrNOpFQ59w98j_pfv2VcuT5pHwpZC78dWe1bcStVwGOpzmhlpjypiJ6JNpIS7dGfIZOMpebOYPCrk522GUE40xfT74XtwFrwI0eWl5dl2j6Wup8B6aqHO1Q5a9kXHH5AN3vpEV7K6mX2XDSNK5A8N7F0u3gHTAAP4o77j0cxHW3a8S3qtdUHsZbISN46N06bKlRsHwCbrrBOp0LQmUwIOL-1SGyxvhse8QG7c7jUAHswv0CH7_LKPKtduE5OE1IkPkPkUL9QHaE0VdwWYAzOCdNfA32X5jNXK3qdNRjZnsT2jZe9eax8PrE2ihvOONPqMFPztoD2QtxhuppdY1FVMthobL48BBU4GT9MpPXDVdxCTbS66eJMTJvmZnFEvvn5YA9fC-eXhJm7eJUa3HFqeReEIMYaJ4SyVljEs-5ql7hbVK_5ez8QZF-aHKLdADEIzOZ-JZx4A3v_l52SbojrQj6Eg2d0ueCaC3-JGUfmNe3gae3G7Pn0u0J7_8GhP-Edsnpk7hWrDxrMowR6O6U2tFN1nDm38Z8Z4ia5feyQef4a6kq7nXd0jbtwgyth8hOIssbu-HynxG_3PPDOOu5gRXQDoKHr9P_WNUyEYuw-hkeY5a2eIBD5jHSLt1VxFFa5Tksqcpq_soLkGlMLJvLzFgtkV3Lb70czjXAK_6wbBPpCOGLN48Z44Lq5lZge__r3ioZe9LPcRC_SqUpZIWw6PbGcqsh3ivhnEPqjRmZiuqb6yQ0D3ej0a7m_ubGzVvOWLT8wc2ViI5tU4dvW-vEcZMpxlRCW8BIbXtlrCK1g8v7mKDkUXjI5XLLd8zr29Q5hEZcrOLKx_Cop
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame BD7A 3 KB
2 KB 58ms
16ms Script
application/x-javascript 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpNMFpqQXpPRGd0TURnd01TMDBOamMzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxOTc3NjMxOTM0MDY1NjQzNDUvMTEwNTAwOTUvMTI0NjA5NDkvNC9TVWo5Y2txUG8xNG03bnpHakdOOXZtUmxVM0RaVW5DWC00aUs3cGhucGs4LzEvNC8wLzAvMTk5OTg0My8wLzIxNTU0My8xMjMwMjM4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNTE5Nzc2MzE5MzQwNjU2NDM0NS9hbXMvMC83Njg1LzUvOTk5LzI1OC8yYTAxOjRhMDoyYjo6LzAuMDAwLzE2NjcxOTYxODEvMTY2NzIwODc4MS80L3B1Yi03MjA2MDIxNTU0NzkzMDQ4Lw/BqXzOEYh63kGKyehdCCtZmJZPlw&nodeid=3273&group=cdg&auctionid=5197763193406564345&pbs_auctionid=5197763193406564345&shardkey=5197763193406564345&sid=12460949&cid=11050095&bp=a_bdhgdj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.182&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%26client%3Dca-pub-7206021554793048%26adurl%3D
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.369.7 /
Resource Hash: 2b4f64ec721d11f5fb559e031c10e7932da25bca4e10f4e31db11cd434a5a65e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1667196181
Last-Modified: Mon, 31 Oct 2022 06:03:01 GMT
Server: MMBD/3.369.7
x-mm-latency: 2 (2)
Content-Type: application/x-javascript; charset=UTF-8
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x100, cdg-bidder-x137
Connection: close
x-mm-lag: 1
Expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame BD7A 3 KB
1 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/window_focus_fy2021.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 21:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29502
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 21:51:20 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame BD7A 17 KB
7 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 14:36:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7367
x-xss-protection: 0
server: cafe
etag: 4759548068123418343
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 14:36:43 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BD7A 0
0 18ms
17ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRHHXxf7RjvECSDFDCFjYED7gZf2CcHTZqMyMONAs8X0jgw3WRX853F-pRHdL6JKQSwiKSaw2gHetrMyyUEFungpzx9DA
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame BD7A 22 KB
7 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 16:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 394321
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 26 Oct 2023 16:31:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BD7A 153 KB
47 KB 31ms
29ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 31 Oct 2022 06:03:02 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A6A6 0
0 54ms
54ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CerhFFWVfY8GOMtHox_APnOmksAu4mfOiXOm17rv6AsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSAAk_Q8AFe7x9_VR8ogAQ_Ru-1lV4uQoIoI97MfbDTPczH9Eum1FASOn3E5B2IYkEox3pX_hGowUciXZfrNWfzBENcPA_xHNlEyER7PujkNlZgIGxN_qUufshKvOjPukvtHIZl5kVbF4XjBX2kALZp-H87otmeeNJimc_y0L3JsDNfC8l2lMRYxLq7YDOn0SWWAx0EImF4eXcjWkdiuaohwhpccdWbpZkyV0ahWtkMaT1lQ6wzNnxEy9f11lhLONyL7o--C4kcz_xdqg4KN5LoG42bJVqma98qWswGc105EBUU0cF4kIqvMzGIPouGl1FHDkc5iol6uHAs7zOGHz3Gbg7gBAGABuKa3qe2m5OFgQGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03MjA2MDIxNTU0NzkzMDQ4GJ-vBw&sigh=PjLqA359V40&uach_m=[UACH]&cid=CAQSPADq26N9-7WAbJ-15sFWshjmJ5IhqSIJK-UFgJV6ty3Zv50p3lp2trI2vBGu3MOb814ZaVMR4VxsBJYAuhgBIBM&tpd=AGWhJmv7PBBONJDhmfxWq3SentGGt41yPDdr6MKqVX-qnMG1WZDgmkjr1MISLfKDwOXw6S8CUzKlLNM2GBdZS-YgFXZjZRom6MoYq_FjdnKoIPGqEBiE1DQAx3gsH_QzN_8zyfPElWZ6XD8LZ-cdybgD_ywi8i9cO00N_kvQ5TuMYmSb7WFNqgyQIoRSPTdmLuyycSIBKIinFUidbrWBbkNePPJOC2V2QJNcNRlNEL945YRkEDdfdLZQn2q1oY0VolBDmVgKedmhxbK7FA3s7DdqrC77GL54mVZ09exPBBAHgQuDca5LVmDb6qEzx88q_Xuu61Wk-Cu_zEfv_MXTXnGtAq6mE1Rhfx83KbH5xVfFEZ3regP8TBAwGD_8AlQ2QdEXHXC-5h6Bm1Oq4rfaxAkaBsfjPrO8oqBe2yRdd9UuSorFCaYTmK17Dn2Og9Y2gh4vSIh81HxHodVomiMBeGRe2D4KGB2ApJLDLVl41WF_ebjrTtLNK1EUH-jg4i1A_u4tnmfg5aBG8qeG_sLZhAlvismj_AifJ0f0XMFQlq4yayQu94dprRHJMSWtQVhVB7WpK_dlmTWQ6ExhvvCFXxQna_8059gl-VtHq69YS0y5noSUVW-wEl3_DoFE9xtA8Y2ZgCVG_cUC3ZopprIWmJxgLpO5NYw6gfQ8953gq8RWh1L0CqwIk9lW0zHR70AqVTN0u5fwFD-bkyGLsKu_01a-Bq3grflax5m_nb_ZKUsLeRIzie8d0-5tMyNO8is-Kr1Ac93vUrL8vJ1kE_GNs-HiaCHO7yK17CD2HphkOL3gX1sjAS6mcdGSVlMh8_fMh_-9oqbRvzh7tRc91hL_ZViwnj3hsYRAGb8C2clLXHcI7oiuEbxgZ3S2rsHIZDNC08zFNzleFsCeh3aDgjGFSYGPWyBvqH2sH3kEKyiBGmobTKYomEoDJeGBLM3PN3Y9YF9eGrcCJ6dn4wxSUCRSGHaqFzViLMtRkw8Ilx0SYUjI_8dzbvQ5tDZvQQYKHNxK8VEgC1ByaS7qq9dcWM4L6UgwVqnHW7eH5YRMy-MGZn8youPai2Q673Lj0cVS0IE0e4oRDt1LDBtW86yhq22lDWOP1J4OEmreLhZSkevHshFQ2LsNC8FYN-dqYq_EbKfvptEMCmJQLy9_17pX5bVt-iCv_KI1m9Z-TXqFbVxzpvGeFHcVMx-c6d-A47L3sqvoQscxZPyNpJ2w_8TI6g5rJlcejZ76F3F7YO-2iBBjlo-g_GaZq63_QqyjzT3mgHoK3JBcgOdcB16YK9MOE0Pi8-A--WX3FwY2aH_wE1MYTJ9MSZGc7BcvO1BPbHYM4XN7kLri7RtIDC1YbI70hVcnZ7AbASNP4T4fB3sRxE-LmwT2fq9yfM74DsJfadj4eUXAtvWBlwuzlj-5prNdrcLIwzz90DmO0FsqFAJik1bYOk_hV_uWsud4WoC5B0DC3O3uF6SoUVM77-IIQiFaLGwwPXrpse1oHR4Q2EEQ99BOCGrZBg4fl3LHsi-kIHja14tOTnZ9ogu38xZklu8ev9sDKZ40B5bZGg
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7428 278 B
607 B 45ms
19ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfE9eoCEOqfrYwDGJ3uudYBMAE&v=APEucNUE_YR7zcmUwol1VREiS1FTmReZldeyxtEv5DQasxC9C8iBCFr-oaO9D_ZEOokbMzQqeE_gKTd4oJLLJ52Mw8ugp4tymCPZFZUFenKs1xGNykTsAfc

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a87985707fa8a2cd12b5d3879626eccd92c19372ed032b91a7c6f9ea00b6ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 151
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 31 Oct 2022 06:03:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A6A6 82 KB
34 KB 78ms
52ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CA9c6y8vrKyVqf3Lz29rKZILKWirQ1bTMRqEs-gp7qEdfdk0u1OwT9vlfUOpC41cPKBLn98VfrhHI4uWCmTCWclHcBSMCLgHeVStRfNGIWOmBmZXkyUBaV8VO9RQ7AP2F9P8NITUvrAZBleaxUBCTV88-0w8yy9ubYjq0GK2vQljOJ5-Y&dbm_d=AKAmf-DEJ3OHEr4p5sSwe4-cX9yr_6TCKCmHOaBwiGkvsBgYU_NUyDkqVnEK11v1hZn3i_5f_JIGzkK8KWHYpUfKfKX2-lu_PcSaLNGHsxtmFIC8zLQ4GvvQjieFxSkCeUJzO1NEReqUeMvPruKn5jDasuT6CQnZ-_NDaak7OqvuiQMXKrPN800C_Mkc-PavrLLdHr1ixOYwN3yO0PJPXsX1kIdBmN_pFEA_V41UxXVZrBr7NSXW0FBah2Xse-KlpqVsRLymIgYYBeiCaZWHEl-Qm7Z94ohz4krs_bvnrn9E9YVxKlLSLWHEjuDRwcmMQu7GCzEueWM0CGlp0FwDlRRNveMobSN-_zP0gCl3RPmWMYSAPLpf7CVsFGthFrbIyyCirXz0lgpZMkJTeyfJqFmCAQhtrDnKgIre4cQxy_n_FVYLU9fFl64xxrenJWAsp3Ao1JZUp9tP-E33kM-3NLLAD26wyAuRxcd0Zg9Q8ugYlNOZw87bMd18zq1PPH8Dkuq5FVWi2kJa_dTSSfZFqr_tUC1BDxXQhem9gCEUk5ZiJIqX8QwyM7O-mbMqQ7VBubAG-nsS_FNexogFfNh4HvPHE5Y0FG_1tba5oBLG2jwCF9CUMqhCUdAQXbrz3w7EoxZGa0bE91oHyIe37KztU4nJzLi4k28A2HGfz9oz3Nw6WSme_aj0aAgZuEHw64pRFdYQEtEudjxYTyRsnRctxCQBPIUJcLIijbWCSu8b7uTedJIFEUObAeBtuos4yV2jrbNnPAmuz86aiYZr9ND_he8jT_K8gzbJR1ZU8BMaKBHazhMlcs6zNA6tX2OX5Yr7PQFsx0iUVYc7R5Hxn3S7P9S4FUThY2SeR5S4sqB1C4MFwkLZ2rACptxudN1xmtw3dLA9odkuLwn1c7uZLJQpfi6uzqTXsy4KPoRdQ-Ex8hbHeR7Z0u90Xrzcr_tZZEAjniHrMawb6UIOaFwNznIRhtP-oI3EFntbQ9yLL6TeKsIHQm_hZ1WzJlh72tBlalWoro_sl_CYANEo0PmcmT4dxzx7SSsr4SeiN7qnaR2VOWqYcdgFnuJEK4PHDLD4J4D3iZ5WLpOrSTJoadLeeRE28ove_mksOtZW-MxHJRtlXhA6ill8gn8PWIEGme3k7VJ3nACIBcK3D8vGamQ1i0F8y7R4tpCM6Mq-6HKO6293djd-9XH4ZF_qwTMqd59zxHamWBGxWcclszl9Yu4Cw0L8_4EIokDY1mODZPua5XABWMfZIodJmgmrOFyG3IR_nU1Q2j-fGcyfw3RQrjWxRjuMg1ahK92nhCFuOamaXOkIsf5p3fF6nVqGRvOGuoPx9X2kv22j3zTGG79pcMrkX2SWZSNWckhK9lSAeQYRco7t4u82-A6e5unRwQSn1-TKK2REAys9OSAZLrRghe6XjVk-QXCLLQtnym1K7YvamQACBjm68ETbx_FOiu3XrhUPCYLBdJN5Ui7y4aXoVecI-oAA2Yk6K5dBYMob6curWHI6LiEkaIE-g_dRPwLx3QaDsMKvpwkF_ggTsnB55hzqDLUqahxHpAlYLRz9hSeJAw80hNPBLOX0c5WlH4Um7tFK5nyEoWjONhAvtDT3u_mULRZ8Cl1SMBHXKUjd0QMp2xh5wLMwPHXHcCdbb9d4ksKSqFC87Ys0IWOscau18s-IVMfQxLcn82cRpHP0Jkumch-AeN0Yx9N2zIyxriGZXMP0Go5t6_wOqaHgNvfQqGnLQpjHNrylzjuam8CUgczc6CWaLZ2rxv2WdTsdwo_R8jlJu9SFW3lg7yOP9EFqX7UAPiS0cU9KTYGw5Plfuzur8eIGsOZiz_krnz7jg16E5H7rznbnc2c0bfnqT_gyl8IQJXxy5pXDUKgTfmfAv1I2omG7x4_bykq4L1EuJFW3U1yA-kN6prbVguTXaBSUytQ84-4N-DIKhtHoxa2TcDeheO4rTFX6I3XHTZwtfLowMhwMLW9gJ48ORckI3qlMtJ6Qwm-eaja2oZQOj5SeVUYoF58dp4z_aNB-_uLSiOFsKj67G8WZa9Itm25Y0FfCyr5aGDXRw_g94KeEMLCAYMURfNAl8Xb_-GNCeWOtuXru6YIEfKR0Y4OB-u5hBYohYnQUT5ZxUcx35Fu1u8uycrqiZIq8pToDRcpYPWfJ8ZQpPE_81GGbnn0g2tfyoxamiWxd-yY0uFM-p2lkGbzBBg6ELJMF1KlKVHKOc-LH-hWhNGK4H10Dezxf6OJvk7gQ4y7Bie0BV_NOJaPuJOQY028n4YRaWry7I2WbGMdd6hz0QB-qUxJsG7_dlxzc_lKVQqohLDWofxAAnUTJs5mARerQwd9fF9vfdMCn68XUorGyB8gJLtpjmZId_tEQklb1Owt4vI45sAToJfjwdjH38PXZAZFRgyDIhf4P4JMHV86TONzQtY0344gg1zUcPgZDpIF0isKzhopVAJo8VFN8SumhHY-BlPPeCteCCQjMFWL1x7utivzXexEBRWAm9ftn7HD_ezrIa2ecUvCYJk9jZz0UGF1BgD848jFiUycyEoFksNRrO-cwMkuJNiqH2qQ93s3k_rnDFQIU-Zpa05t4CzHD7jYXTn4xgqFtJ9KbwzkOrf7MTquoK2253kMmGFyAhrNdoNL1iVV27f6Fhn4FRRxFhjftsqVHuqNsXsgifX-IU4jiYm7BeeEYLLYtAQyxbxtlZiHsvQoRgZjbTKKJPq5VdQKjOKYjeONMniFA7BHwdleFzxHy1vWQskxhr6lyR09cFCrs4Myo3yAv_Bcmau72UwaVjGbtzs8x3Ts65Q2HL9iL2yjpDm2tQzqal9Y9QBbEUAbc1jnklBVl7q8bjrssOWW6GPkcrTOD_uxYwxAwHnTCtE3R21DwfQ8r7buzRa-wrgzFIDhA1Scf8dQzyqWc7ZDM2tEJtb4hFNKsnnusSfA0O90slX4LfawBctavUL4zKW3oVW08MeNxvFqKdV91dJrhUVUW7WgRuxIQHKyxkPXgFury5IvbOQ16BHOk_Joav0x_aMjj-2LdQ97QOtEWH-HNJpRSuPHtKLcfABpBDcWntRBM-5RpBHMWj1qiUC-kbJMK7GIOzyL23oTkMAYy0Uwx7aOFQ1J1QNfz6TJ77_XazMwHlCDUgrwHhtUO1Vd4RJLa2V8FxWVdjCWtdX9Dclw5XzP8Zn1s15O_e-i3ZeGnYCGUQjZSfdmTsfwTAXklZv9EA7u7zMhftBWdzQ&pr=6:0.032726&cid=CAASBORoRcw&xfc=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODQ2MyZzaXRlSWQ9NjAwMzc1JmFkSWQ9MjI2MjEzMSZrYWRzaXplaWQ9MTAmdGxkSWQ9MCZjYW1wYWlnbklkPTIyOTg3JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xNzQ2MTkyNTY3MjYzMTI1ODI3NSZhZFNlcnZlcklkPTI0MyZpbXBpZD1ERTM4QjBERC1EMjVDLTRFNjAtQjlGMS1EMzY0MDc3QTMyRjkmcGFzc2JhY2s9MA%3D%3D_url%3D&rfl=1%2Chttps%253A%252F%252Fwww.figures.com%252F%240

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9eea97e8ca63a75841a86bc32d79aacc3bf47202ee9a3f51031f769407031db8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34900
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A6A6 42 B
63 B 47ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BrPDZjExB65j_j0gKpm3pJOXLBEnb49e66unv-7vlcNnDfCIfefxcezCqdguSozuA1LxalFmmyCwJJPfTPDBttWtLMjWIdGbeBpT8SjBYZn8nUMW0

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame A6A6 3 KB
1 KB 13ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/window_focus_fy2021.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 21:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29502
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 21:51:20 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame A6A6 17 KB
7 KB 14ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 14:36:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7367
x-xss-protection: 0
server: cafe
etag: 4759548068123418343
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 14:36:43 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A6A6 0
0 21ms
14ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSB75ECyXvCccUzCIkgMHW_gAv8oh0xc23HTaAKIPwl0gALb58-qdPGfAjv-hEc0SIFOz2dVX0lu2o_mjOwEPtGnE6GxA
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame A6A6 22 KB
7 KB 14ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 16:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 394321
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 26 Oct 2023 16:31:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A6A6 153 KB
47 KB 28ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 31 Oct 2022 06:03:02 GMT

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 65ms
65ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:02 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H/1.1 200
OK llely5buqgjj Show response
hal9000.redintelligence.net/zone/ Frame 8E4D 11 KB
4 KB 211ms
13ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/llely5buqgjj?subid=&gdpr=0&gdpr_consent=&rnd=4044841693094684873&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAPK2wIu-e1cAMiow%26exch_seat%3D20035004448%26mt_aid%3D4044841693094684873%26mt_id%3D11050092%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_cid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 44f566057eea9104558f074d8e70807a4d4895f4c7828b88023590aa211bcf1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3528
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 8E4D 49 B
330 B 44ms
16ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=4044841693094684873&node_id=3273&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpNMFpqQXpPRGd0TURnd01TMDBOamMzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQwNDQ4NDE2OTMwOTQ2ODQ4NzMvMTEwNTAwOTIvMTI0NjA5NDkvNC9TVWo5Y2txUG8xNG03bnpHakdOOXZyamI2VGFnQzJlcldCaGRUNUZXdS1BLzEvNC8wLzAvMTk5OTg0My8wLzIxNTU0My8xMjMwMjM4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDA0NDg0MTY5MzA5NDY4NDg3My9hbXMvMC83Njg1LzUvOTk5LzI1OC8yYTAxOjRhMDoyYjo6LzAuMDAwLzE2NjcxOTYxODIvMTY2NzIwODc4Mi80L3B1Yi03MjA2MDIxNTU0NzkzMDQ4Lw/YxdACv27GRQ3R4fEf3LFU8ipsp8&nodeid=3273&group=cdg&auctionid=4044841693094684873&pbs_auctionid=4044841693094684873&shardkey=4044841693094684873&sid=12460949&cid=11050092&bp=a_bdhgdj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%26client%3Dca-pub-7206021554793048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.369.7 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: MMBD/3.369.7
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x53, cdg-bidder-x137
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 8E4D 43 B
405 B 237ms
38ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=4044841693094684873&v3=1230238&v4=12460949&v5=11050092&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpNMFpqQXpPRGd0TURnd01TMDBOamMzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQwNDQ4NDE2OTMwOTQ2ODQ4NzMvMTEwNTAwOTIvMTI0NjA5NDkvNC9TVWo5Y2txUG8xNG03bnpHakdOOXZyamI2VGFnQzJlcldCaGRUNUZXdS1BLzEvNC8wLzAvMTk5OTg0My8wLzIxNTU0My8xMjMwMjM4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDA0NDg0MTY5MzA5NDY4NDg3My9hbXMvMC83Njg1LzUvOTk5LzI1OC8yYTAxOjRhMDoyYjo6LzAuMDAwLzE2NjcxOTYxODIvMTY2NzIwODc4Mi80L3B1Yi03MjA2MDIxNTU0NzkzMDQ4Lw/YxdACv27GRQ3R4fEf3LFU8ipsp8&nodeid=3273&group=cdg&auctionid=4044841693094684873&pbs_auctionid=4044841693094684873&shardkey=4044841693094684873&sid=12460949&cid=11050092&bp=a_bdhgdj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%26client%3Dca-pub-7206021554793048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master cdg-pixel-x35 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: MT3 4539 98cc2da master cdg-pixel-x35 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 8E4D 49 B
330 B 42ms
15ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=4044841693094684873&st=12460949&time=1667196182&nodeid=3273
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpNMFpqQXpPRGd0TURnd01TMDBOamMzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQwNDQ4NDE2OTMwOTQ2ODQ4NzMvMTEwNTAwOTIvMTI0NjA5NDkvNC9TVWo5Y2txUG8xNG03bnpHakdOOXZyamI2VGFnQzJlcldCaGRUNUZXdS1BLzEvNC8wLzAvMTk5OTg0My8wLzIxNTU0My8xMjMwMjM4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDA0NDg0MTY5MzA5NDY4NDg3My9hbXMvMC83Njg1LzUvOTk5LzI1OC8yYTAxOjRhMDoyYjo6LzAuMDAwLzE2NjcxOTYxODIvMTY2NzIwODc4Mi80L3B1Yi03MjA2MDIxNTU0NzkzMDQ4Lw/YxdACv27GRQ3R4fEf3LFU8ipsp8&nodeid=3273&group=cdg&auctionid=4044841693094684873&pbs_auctionid=4044841693094684873&shardkey=4044841693094684873&sid=12460949&cid=11050092&bp=a_bdhgdj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.146&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%26client%3Dca-pub-7206021554793048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.369.7 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: MMBD/3.369.7
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x49, cdg-bidder-x137
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H/1.1 200
OK 9jva1sfkle8t Show response
hal9000.redintelligence.net/zone/ Frame BD7A 11 KB
4 KB 209ms
13ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/9jva1sfkle8t?subid=&gdpr=0&gdpr_consent=&rnd=5197763193406564345&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAOmBsH_ZlcUgbQvg%26exch_seat%3D20035004448%26mt_aid%3D5197763193406564345%26mt_id%3D11050095%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_cid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2acf1f03f31894c74bc3c1c81b62f4fe2d8a38288af20517bd394ebfafbaca92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3535
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame BD7A 49 B
330 B 42ms
15ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=5197763193406564345&node_id=3273&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpNMFpqQXpPRGd0TURnd01TMDBOamMzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxOTc3NjMxOTM0MDY1NjQzNDUvMTEwNTAwOTUvMTI0NjA5NDkvNC9TVWo5Y2txUG8xNG03bnpHakdOOXZtUmxVM0RaVW5DWC00aUs3cGhucGs4LzEvNC8wLzAvMTk5OTg0My8wLzIxNTU0My8xMjMwMjM4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNTE5Nzc2MzE5MzQwNjU2NDM0NS9hbXMvMC83Njg1LzUvOTk5LzI1OC8yYTAxOjRhMDoyYjo6LzAuMDAwLzE2NjcxOTYxODEvMTY2NzIwODc4MS80L3B1Yi03MjA2MDIxNTU0NzkzMDQ4Lw/BqXzOEYh63kGKyehdCCtZmJZPlw&nodeid=3273&group=cdg&auctionid=5197763193406564345&pbs_auctionid=5197763193406564345&shardkey=5197763193406564345&sid=12460949&cid=11050095&bp=a_bdhgdj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.182&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%26client%3Dca-pub-7206021554793048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.369.7 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: MMBD/3.369.7
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x79, cdg-bidder-x137
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame BD7A 43 B
405 B 221ms
24ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=5197763193406564345&v3=1230238&v4=12460949&v5=11050095&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpNMFpqQXpPRGd0TURnd01TMDBOamMzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxOTc3NjMxOTM0MDY1NjQzNDUvMTEwNTAwOTUvMTI0NjA5NDkvNC9TVWo5Y2txUG8xNG03bnpHakdOOXZtUmxVM0RaVW5DWC00aUs3cGhucGs4LzEvNC8wLzAvMTk5OTg0My8wLzIxNTU0My8xMjMwMjM4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNTE5Nzc2MzE5MzQwNjU2NDM0NS9hbXMvMC83Njg1LzUvOTk5LzI1OC8yYTAxOjRhMDoyYjo6LzAuMDAwLzE2NjcxOTYxODEvMTY2NzIwODc4MS80L3B1Yi03MjA2MDIxNTU0NzkzMDQ4Lw/BqXzOEYh63kGKyehdCCtZmJZPlw&nodeid=3273&group=cdg&auctionid=5197763193406564345&pbs_auctionid=5197763193406564345&shardkey=5197763193406564345&sid=12460949&cid=11050095&bp=a_bdhgdj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.182&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%26client%3Dca-pub-7206021554793048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master cdg-pixel-x29 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: MT3 4539 98cc2da master cdg-pixel-x29 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame BD7A 49 B
331 B 42ms
15ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=5197763193406564345&st=12460949&time=1667196182&nodeid=3273
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpNMFpqQXpPRGd0TURnd01TMDBOamMzTFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxOTc3NjMxOTM0MDY1NjQzNDUvMTEwNTAwOTUvMTI0NjA5NDkvNC9TVWo5Y2txUG8xNG03bnpHakdOOXZtUmxVM0RaVW5DWC00aUs3cGhucGs4LzEvNC8wLzAvMTk5OTg0My8wLzIxNTU0My8xMjMwMjM4LzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNTE5Nzc2MzE5MzQwNjU2NDM0NS9hbXMvMC83Njg1LzUvOTk5LzI1OC8yYTAxOjRhMDoyYjo6LzAuMDAwLzE2NjcxOTYxODEvMTY2NzIwODc4MS80L3B1Yi03MjA2MDIxNTU0NzkzMDQ4Lw/BqXzOEYh63kGKyehdCCtZmJZPlw&nodeid=3273&group=cdg&auctionid=5197763193406564345&pbs_auctionid=5197763193406564345&shardkey=5197763193406564345&sid=12460949&cid=11050095&bp=a_bdhgdj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.182&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%26client%3Dca-pub-7206021554793048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.369.7 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: MMBD/3.369.7
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x104, cdg-bidder-x137
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 31 Oct 2022 06:03:01 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame A6A6 106 KB
38 KB 168ms
7ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
Origin: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 20:08:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35657
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 31 Oct 2022 20:08:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221026/r20110914/elements/html/ Frame A6A6 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221026/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CA9c6y8vrKyVqf3Lz29rKZILKWirQ1bTMRqEs-gp7qEdfdk0u1OwT9vlfUOpC41cPKBLn98VfrhHI4uWCmTCWclHcBSMCLgHeVStRfNGIWOmBmZXkyUBaV8VO9RQ7AP2F9P8NITUvrAZBleaxUBCTV88-0w8yy9ubYjq0GK2vQljOJ5-Y&dbm_d=AKAmf-DEJ3OHEr4p5sSwe4-cX9yr_6TCKCmHOaBwiGkvsBgYU_NUyDkqVnEK11v1hZn3i_5f_JIGzkK8KWHYpUfKfKX2-lu_PcSaLNGHsxtmFIC8zLQ4GvvQjieFxSkCeUJzO1NEReqUeMvPruKn5jDasuT6CQnZ-_NDaak7OqvuiQMXKrPN800C_Mkc-PavrLLdHr1ixOYwN3yO0PJPXsX1kIdBmN_pFEA_V41UxXVZrBr7NSXW0FBah2Xse-KlpqVsRLymIgYYBeiCaZWHEl-Qm7Z94ohz4krs_bvnrn9E9YVxKlLSLWHEjuDRwcmMQu7GCzEueWM0CGlp0FwDlRRNveMobSN-_zP0gCl3RPmWMYSAPLpf7CVsFGthFrbIyyCirXz0lgpZMkJTeyfJqFmCAQhtrDnKgIre4cQxy_n_FVYLU9fFl64xxrenJWAsp3Ao1JZUp9tP-E33kM-3NLLAD26wyAuRxcd0Zg9Q8ugYlNOZw87bMd18zq1PPH8Dkuq5FVWi2kJa_dTSSfZFqr_tUC1BDxXQhem9gCEUk5ZiJIqX8QwyM7O-mbMqQ7VBubAG-nsS_FNexogFfNh4HvPHE5Y0FG_1tba5oBLG2jwCF9CUMqhCUdAQXbrz3w7EoxZGa0bE91oHyIe37KztU4nJzLi4k28A2HGfz9oz3Nw6WSme_aj0aAgZuEHw64pRFdYQEtEudjxYTyRsnRctxCQBPIUJcLIijbWCSu8b7uTedJIFEUObAeBtuos4yV2jrbNnPAmuz86aiYZr9ND_he8jT_K8gzbJR1ZU8BMaKBHazhMlcs6zNA6tX2OX5Yr7PQFsx0iUVYc7R5Hxn3S7P9S4FUThY2SeR5S4sqB1C4MFwkLZ2rACptxudN1xmtw3dLA9odkuLwn1c7uZLJQpfi6uzqTXsy4KPoRdQ-Ex8hbHeR7Z0u90Xrzcr_tZZEAjniHrMawb6UIOaFwNznIRhtP-oI3EFntbQ9yLL6TeKsIHQm_hZ1WzJlh72tBlalWoro_sl_CYANEo0PmcmT4dxzx7SSsr4SeiN7qnaR2VOWqYcdgFnuJEK4PHDLD4J4D3iZ5WLpOrSTJoadLeeRE28ove_mksOtZW-MxHJRtlXhA6ill8gn8PWIEGme3k7VJ3nACIBcK3D8vGamQ1i0F8y7R4tpCM6Mq-6HKO6293djd-9XH4ZF_qwTMqd59zxHamWBGxWcclszl9Yu4Cw0L8_4EIokDY1mODZPua5XABWMfZIodJmgmrOFyG3IR_nU1Q2j-fGcyfw3RQrjWxRjuMg1ahK92nhCFuOamaXOkIsf5p3fF6nVqGRvOGuoPx9X2kv22j3zTGG79pcMrkX2SWZSNWckhK9lSAeQYRco7t4u82-A6e5unRwQSn1-TKK2REAys9OSAZLrRghe6XjVk-QXCLLQtnym1K7YvamQACBjm68ETbx_FOiu3XrhUPCYLBdJN5Ui7y4aXoVecI-oAA2Yk6K5dBYMob6curWHI6LiEkaIE-g_dRPwLx3QaDsMKvpwkF_ggTsnB55hzqDLUqahxHpAlYLRz9hSeJAw80hNPBLOX0c5WlH4Um7tFK5nyEoWjONhAvtDT3u_mULRZ8Cl1SMBHXKUjd0QMp2xh5wLMwPHXHcCdbb9d4ksKSqFC87Ys0IWOscau18s-IVMfQxLcn82cRpHP0Jkumch-AeN0Yx9N2zIyxriGZXMP0Go5t6_wOqaHgNvfQqGnLQpjHNrylzjuam8CUgczc6CWaLZ2rxv2WdTsdwo_R8jlJu9SFW3lg7yOP9EFqX7UAPiS0cU9KTYGw5Plfuzur8eIGsOZiz_krnz7jg16E5H7rznbnc2c0bfnqT_gyl8IQJXxy5pXDUKgTfmfAv1I2omG7x4_bykq4L1EuJFW3U1yA-kN6prbVguTXaBSUytQ84-4N-DIKhtHoxa2TcDeheO4rTFX6I3XHTZwtfLowMhwMLW9gJ48ORckI3qlMtJ6Qwm-eaja2oZQOj5SeVUYoF58dp4z_aNB-_uLSiOFsKj67G8WZa9Itm25Y0FfCyr5aGDXRw_g94KeEMLCAYMURfNAl8Xb_-GNCeWOtuXru6YIEfKR0Y4OB-u5hBYohYnQUT5ZxUcx35Fu1u8uycrqiZIq8pToDRcpYPWfJ8ZQpPE_81GGbnn0g2tfyoxamiWxd-yY0uFM-p2lkGbzBBg6ELJMF1KlKVHKOc-LH-hWhNGK4H10Dezxf6OJvk7gQ4y7Bie0BV_NOJaPuJOQY028n4YRaWry7I2WbGMdd6hz0QB-qUxJsG7_dlxzc_lKVQqohLDWofxAAnUTJs5mARerQwd9fF9vfdMCn68XUorGyB8gJLtpjmZId_tEQklb1Owt4vI45sAToJfjwdjH38PXZAZFRgyDIhf4P4JMHV86TONzQtY0344gg1zUcPgZDpIF0isKzhopVAJo8VFN8SumhHY-BlPPeCteCCQjMFWL1x7utivzXexEBRWAm9ftn7HD_ezrIa2ecUvCYJk9jZz0UGF1BgD848jFiUycyEoFksNRrO-cwMkuJNiqH2qQ93s3k_rnDFQIU-Zpa05t4CzHD7jYXTn4xgqFtJ9KbwzkOrf7MTquoK2253kMmGFyAhrNdoNL1iVV27f6Fhn4FRRxFhjftsqVHuqNsXsgifX-IU4jiYm7BeeEYLLYtAQyxbxtlZiHsvQoRgZjbTKKJPq5VdQKjOKYjeONMniFA7BHwdleFzxHy1vWQskxhr6lyR09cFCrs4Myo3yAv_Bcmau72UwaVjGbtzs8x3Ts65Q2HL9iL2yjpDm2tQzqal9Y9QBbEUAbc1jnklBVl7q8bjrssOWW6GPkcrTOD_uxYwxAwHnTCtE3R21DwfQ8r7buzRa-wrgzFIDhA1Scf8dQzyqWc7ZDM2tEJtb4hFNKsnnusSfA0O90slX4LfawBctavUL4zKW3oVW08MeNxvFqKdV91dJrhUVUW7WgRuxIQHKyxkPXgFury5IvbOQ16BHOk_Joav0x_aMjj-2LdQ97QOtEWH-HNJpRSuPHtKLcfABpBDcWntRBM-5RpBHMWj1qiUC-kbJMK7GIOzyL23oTkMAYy0Uwx7aOFQ1J1QNfz6TJ77_XazMwHlCDUgrwHhtUO1Vd4RJLa2V8FxWVdjCWtdX9Dclw5XzP8Zn1s15O_e-i3ZeGnYCGUQjZSfdmTsfwTAXklZv9EA7u7zMhftBWdzQ&pr=6:0.032726&cid=CAASBORoRcw&xfc=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE1ODQ2MyZzaXRlSWQ9NjAwMzc1JmFkSWQ9MjI2MjEzMSZrYWRzaXplaWQ9MTAmdGxkSWQ9MCZjYW1wYWlnbklkPTIyOTg3JmNyZWF0aXZlSWQ9MCZ1Y3JpZD0xNzQ2MTkyNTY3MjYzMTI1ODI3NSZhZFNlcnZlcklkPTI0MyZpbXBpZD1ERTM4QjBERC1EMjVDLTRFNjAtQjlGMS1EMzY0MDc3QTMyRjkmcGFzc2JhY2s9MA%3D%3D_url%3D&rfl=1%2Chttps%253A%252F%252Fwww.figures.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 18:22:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42051
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2998
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 18:22:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221026/r20110914/ Frame A6A6 30 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221026/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac32377ae624ac720172de6cd59d7fad67c0c78fe658c7a7b2b43be14b9d74ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 18:22:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42051
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11484
x-xss-protection: 0
server: cafe
etag: 16485072225624805710
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Nov 2022 18:22:11 GMT

GET
H3

200

sync
ad.sxp.smartclip.net/ Frame 7428
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartclip_dbm&google_cm&google_dbm&gdpr=0
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEMgoRyc4taHmejGi3tH36Zc&gdpr=0&google_cver=1
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEMgoRyc4taHmejGi3tH36Zc&gdpr=0&google_cver=1&ang_testid=1

42 B
60 B

35ms
10ms

Image
image/gif

35.186.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEMgoRyc4taHmejGi3tH36Zc&gdpr=0&google_cver=1&ang_testid=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfE9eoCEOqfrYwDGJ3uudYBMAE&v=APEucNUE_YR7zcmUwol1VREiS1FTmReZldeyxtEv5DQasxC9C8iBCFr-oaO9D_ZEOokbMzQqeE_gKTd4oJLLJ52Mw8ugp4tymCPZFZUFenKs1xGNykTsAfc
Protocol: H3
Server: 35.186.194.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 101.194.186.35.bc.googleusercontent.com
Software: openresty/1.19.9.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
via: 1.1 google
server: openresty/1.19.9.1
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Mon, 31 Oct 2022 06:03:02 GMT
via: 1.1 google
server: openresty/1.19.9.1
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEMgoRyc4taHmejGi3tH36Zc&gdpr=0&google_cver=1&ang_testid=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

204
No Content

m
ad.yieldlab.net/ Frame 7428
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm&gdpr=0
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEDq5G0pbh8nLMmz6E-VJfL8&google_cver=1&gdpr=0

0
522 B

42ms
17ms

Image
text/plain

96.16.132.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEDq5G0pbh8nLMmz6E-VJfL8&google_cver=1&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfE9eoCEOqfrYwDGJ3uudYBMAE&v=APEucNUE_YR7zcmUwol1VREiS1FTmReZldeyxtEv5DQasxC9C8iBCFr-oaO9D_ZEOokbMzQqeE_gKTd4oJLLJ52Mw8ugp4tymCPZFZUFenKs1xGNykTsAfc

Protocol

HTTP/1.1

Server

96.16.132.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-132-239.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:02 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Sun, 30 Oct 2022 06:03:02 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEDq5G0pbh8nLMmz6E-VJfL8&google_cver=1&gdpr=0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 299
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A6A6 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 12:01:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 410490
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 Oct 2023 12:01:32 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DEFF 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 58722
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 30 Oct 2022 13:44:20 GMT
etag: 48472445140208031
expires: Mon, 31 Oct 2022 13:44:20 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A6A6 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19414451d9c9b4450e4101d2133827fbb8486a3d0c41823bacb0297c048c5a84

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

request.php Show response
hal90007.redintelligence.net/ Frame BD7A
Redirect Chain

https://hal90007.redintelligence.net/request.php?zone=9jva1sfkle8t&nw=20&renderingType=javascript&namespace=3e0f294278&subid=&uid=e5ca148aded8f428&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90007.redintelligence.net/request.php?zone=9jva1sfkle8t&nw=20&renderingType=javascript&namespace=3e0f294278&subid=&uid=e5ca148aded8f428&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

612 B
935 B

61ms
48ms

Script
application/x-javascript

138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=9jva1sfkle8t&nw=20&renderingType=javascript&namespace=3e0f294278&subid=&uid=e5ca148aded8f428&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAOmBsH_ZlcUgbQvg%26exch_seat%3D20035004448%26mt_aid%3D5197763193406564345%26mt_id%3D11050095%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_cid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=4818116271534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.157 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a19978f8a281644fbf22666c070675e9f6691c2d6f59a7224201aeea351c977e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:02 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 25719500014102605671049012129007
Connection: close
Content-Length: 329
Expires: Mon, 31 Oct 2022 06:03:02 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=9jva1sfkle8t&nw=20&renderingType=javascript&namespace=3e0f294278&subid=&uid=e5ca148aded8f428&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAOmBsH_ZlcUgbQvg%26exch_seat%3D20035004448%26mt_aid%3D5197763193406564345%26mt_id%3D11050095%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_cid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=4818116271534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 31 Oct 2022 06:03:02 +0100

GET
H/1.1

200
OK

request.php Show response
hal900014.redintelligence.net/ Frame 8E4D
Redirect Chain

https://hal900014.redintelligence.net/request.php?zone=llely5buqgjj&nw=20&renderingType=javascript&namespace=b17df31cf6&subid=&uid=66958cd47be951a2&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900014.redintelligence.net/request.php?zone=llely5buqgjj&nw=20&renderingType=javascript&namespace=b17df31cf6&subid=&uid=66958cd47be951a2&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

0
557 B

74ms
60ms

Script
application/x-javascript

176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request.php?zone=llely5buqgjj&nw=20&renderingType=javascript&namespace=b17df31cf6&subid=&uid=66958cd47be951a2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAPK2wIu-e1cAMiow%26exch_seat%3D20035004448%26mt_aid%3D4044841693094684873%26mt_id%3D11050092%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_cid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=7302167652104&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 73814000016503005671051012129014
Connection: close
Content-Length: 0
Expires: Mon, 31 Oct 2022 06:03:02 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:02 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=llely5buqgjj&nw=20&renderingType=javascript&namespace=b17df31cf6&subid=&uid=66958cd47be951a2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAPK2wIu-e1cAMiow%26exch_seat%3D20035004448%26mt_aid%3D4044841693094684873%26mt_id%3D11050092%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_cid%3Dfc96635f-6516-4501-a6f0-fbb485ff1b56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCA7_QFWVfY8KOMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_Qff-yLbfFPre8G6Oby4XCZDVCtLji5O2DLAIJP3CF0Ya_JEcKSltJbWmezyazzFVDoxvWrvF63wwNRXi3GjtIonck70s15CQg9sz0GjFZjJkoOiyefAc62cJk4HlnGtfWxR7WuXHUX42XC-YXuYlYw06mpkCj39J4uT4RUw7SuMtxieMdsLn--5R5BItmTebbucNoshDtury28EIKPQ1jpwW8G7pSr_eu3HAPUIKxTCqKsJsgi8RmQJcj2iTVYNiM_YzqZc0aOAd5YgqmLWpDA8aBEDY_mcxbKmw-RWpHAxvTy5nwVaFa1LlMlFXOCwTNMINzkNyK2pkpva0485zQlWLH6OAEAYAGxdqJtu7m1Lt9oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2CGedo_IVobqIRJdAzGnK1HwU5KQ%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=7302167652104&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 31 Oct 2022 06:03:02 +0100

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 916F 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 410489
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 26 Oct 2022 12:01:33 GMT
expires: Thu, 26 Oct 2023 12:01:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Octopart_160x600_HTML5%20Canvas.html Show response
s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/ Frame B80E 6 KB
2 KB 25ms
8ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/Octopart_160x600_HTML5%20Canvas.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65dbdaf7d5a4e238728aba4a71dd2ec9a2fb1c59b9237ca6fa526613e354c3d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 231379
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2306
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 13:46:43 GMT
expires: Sat, 28 Oct 2023 13:46:43 GMT
last-modified: Tue, 18 Oct 2022 21:49:03 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A6A6 0
0 90ms
53ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuILyAtz8cvvM8llm_P_GC_IjlOMH1lw_QSHIjIHZfHdIOJkvxlg7y-xC7ltK7A3CSxub-TvIFapjhc0UfrZ4uwoJLRFs_RQk_UES8WghX3OYOhPxmGaetPHzvPOy3S_365cnVfurvWCG7ROzwJqJjuLFQrITW0Fl6pYkmyUv9OrmTMN6C4GdjG6g0qDADaNVQ4Y7Yim_BfzViovvr0xfxJWGeMnUmVtwTeDqbQz705etRiuVIlxy1zRS9yjFZ3PrjoO3kivxK-8txkqd_2rgdi8hCaVPieYnIdr2dp9EQmMDjfSw20tbS6uo4ofagfUcxd6OehzFTdXwI1vAyR2aGzvEC_t0Fi67VM0nvtHHm-9-upANT5pPfMOsSSt1n07-Eqdfx1YZ6aW7dmWaKtyP3mWnbAa12EpFPM7CSNtSeeTe3Evj_3ppvCDrcFTsRIxITfnOYaekEazNku3dSYJRRPP0J0ugEmGrNlCeSt3hYOdH3552qU-2XaqKA_o02eDvdIzrkFyYYsZd-k9y0CIGRJaJvl560wTVWDDnak8OAmIrsqwH3swLW8KFkYjzYSiGq6mm2Lh8bW7aL7IiW0XKuNS7Ek6Wcc0EFFSXkBEuFYSSZ_z0oiHdAp-5n4NLHRC0uJd1F-XWIbSJB-mCY8beDLL7N_Am9yLw71lAHSF0aGYp1NfYSJ-d_vS-pUZ_Jr689_0p_yji3u1iAQROQoiAPLGJ1RMbUY-uygCaU6TMmbICiw48waiw3FQb_CEwquUTqJc2pL9mLJkEz5q50CTBj9hYpn8PZnHAEVcUH4SYdKobImZuusWYT16Vyeq_lG0okwqK4zEsy3jYYQO6QTVW0Crft-4Y2Ccl_B-6jCUkcoiAudHQaZO56_RwshwzufVYOVoVyLzQ_aBo21_Gzu3kog88__vTNrB10bk8mMyKpXqtGlnO5WRhgRIMvvmBvzZ1eTBV3ZGFMVcvug-ZE-W1UUyMNpXCGwjiSB6zL4c_aYJGGfME6OE2iSX9VwXXbz834_UyF0M6PtMq06cPwRhAh-h5Xobop5ZfTzItVPMFzDWaAVaAfWRMEgcw0Ph77h-_yfAWW-05TzCTu0vLfm1EDGS4h5Sk0kh9QJ_goSv5c_1T8&sai=AMfl-YQuqq0C9czkoidlWOtp5BWa_ZDazzTtBaVh60qiYC3DKN1YrbKSbscD0AuglKUvaEmdjoITRTM-AhmDQaZg_HSinutwdjW0jGerqw-uf7zljgkZHn6X3jdLbbkabKmMGLb6fpx1cg&sig=Cg0ArKJSzNK5TOm4R0_cEAE&uach_m=[UACH]&pr=6:0.032726&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=226&cbvp=1&cstd=223&cisv=r20221026.50393&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 31 Oct 2022 06:03:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 31 Oct 2022 06:03:02 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame DEFF 43 B
351 B 39ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEBxKdOBoGDM6m50rdsxSJfk&google_cver=1&google_push=AZmPxg-ivVv9uTRa-w8s_wQ4Og7jZAEns53bICNU-VuC28ls1bH5OWjVQtyOQVLvWghhfZWcDwjXqje-gHZhpm5Y9Q4rDBKBWfk
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: ut95vj6lpcg96f8st8oph57ret3qisih

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame DEFF 0
75 B 107ms
20ms Image
text/plain 185.86.137.108
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEC6iygqqEP3CvAFrTOPtcUE&google_cver=1&google_push=AZmPxg_E8qA_XQoXqLu6oxKWfLtG15hRvfh_WI903MHACUYmENb7fdA7F6kwZ2Hhvj46UcDIT02byEFpIq0YzIJmIef3XkeAeug
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.108 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-length: 0

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame DEFF 42 B
233 B 281ms
95ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEBtw9G5GMiEXItgGvvEB8Lc&google_cver=1&google_push=AZmPxg_keo6xa5jaOGJ83HihGg8QCpFdlbiHxTS7TdtZkMWaNT_e4QqIgYab0HReXTZHUo8LqPUMpB0aVS-6RscH5yB7V-p5fWg
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:03 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEFF
Redirect Chain

https://ads.avads.net/sync/ggl?google_gid=CAESELyV27R74g4sye6i74Uz_OE&google_cver=1&google_push=AZmPxg8-xaBdcejCqlCmWgqeiIDVAQIJ3zLuSkyEB2R9mGmZkXbtqPSMLwssAWRTKEfqj8thPuQzPm4eghxMEvTSZOfhJXm26ddy
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=YjcxMDJhOTEtYWRjOS00YzFmLTllZWEtYjljNmUwZmYwYWMw&google_push=AZmPxg8-xaBdcejCqlCmWgqeiIDVAQIJ3zLuSkyEB2R9mGmZkXbtqPSMLwssAWRTKEfqj8t...

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=YjcxMDJhOTEtYWRjOS00YzFmLTllZWEtYjljNmUwZmYwYWMw&google_push=AZmPxg8-xaBdcejCqlCmWgqeiIDVAQIJ3zLuSkyEB2R9mGmZkXbtqPSMLwssAWRTKEfqj8thPuQzPm4eghxMEvTSZOfhJXm26ddy

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=YjcxMDJhOTEtYWRjOS00YzFmLTllZWEtYjljNmUwZmYwYWMw&google_push=AZmPxg8-xaBdcejCqlCmWgqeiIDVAQIJ3zLuSkyEB2R9mGmZkXbtqPSMLwssAWRTKEfqj8thPuQzPm4eghxMEvTSZOfhJXm26ddy
date: Mon, 31 Oct 2022 06:03:02 GMT
x-envoy-upstream-service-time: 2
server: istio-envoy
content-length: 0

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame DEFF
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEKC-rED2dC-DBk5jRZjs5Ok?ext-param=AZmPxg_gPAxHqnUoah4WgguKgp8sCnoOX7J_JtGyt-dupqSshnqEy0zWFcaWvocpTexEdMad4YPd7vbSvKL9y24P8abfM0KrtvqM&partner-tag=yandex_ag&g...
https://an.yandex.ru/mapuid/google/CAESEKC-rED2dC-DBk5jRZjs5Ok?redir-setuniq=1&ext-param=AZmPxg_gPAxHqnUoah4WgguKgp8sCnoOX7J_JtGyt-dupqSshnqEy0zWFcaWvocpTexEdMad4YPd7vbSvKL9y24P8abfM0KrtvqM&partner...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEKC-rED2dC-DBk5jRZjs5Ok&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
144 B

62ms
62ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Mon, 16 Oct 2023 06:03:03 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame DEFF
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJJymGDk2YRWVHrkiPX4Bto&google_cver=1&google_p...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AZmPxg9BeMs3mzfUQqDBCPweIgDQoNsxxD_mgl5qrMA-9DsJQ21-jn-4xvdoq1bL8hNNApkKAgaqFhdqhI4SLTq2VVOblVoMHfZK
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

32ms
31ms

Image
image/gif

2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Mon, 31 Oct 2022 06:03:02 GMT
pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEFF
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26&google_push=AZmPxg9G-k1_KZ6V1uTi8bCzrWHhDCodSNWTp1Ix...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26&google_push=AZmPxg9G-k1_KZ6V1uTi8bCzrWHhDCodSN...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&&google_push=AZmPxg9G-k1_KZ6V1uTi8bCzrWHhDCodSNWTp1IxzqaoalhWQ3G2rv5nJYAlnNnrMkMUFtPpxC...

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&&google_push=AZmPxg9G-k1_KZ6V1uTi8bCzrWHhDCodSNWTp1IxzqaoalhWQ3G2rv5nJYAlnNnrMkMUFtPpxCJL-X0j1dRLVekXy3_-P1Vj1Hbk

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&&google_push=AZmPxg9G-k1_KZ6V1uTi8bCzrWHhDCodSNWTp1IxzqaoalhWQ3G2rv5nJYAlnNnrMkMUFtPpxCJL-X0j1dRLVekXy3_-P1Vj1Hbk
Date: Mon, 31 Oct 2022 06:03:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DEFF 0
12 B 16ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LTuUfJTp1FASfOuGWiMxh2vrtIdDoK_YILY1vu6CewT-dBF97BeuHl712f7Ng0OKCwjZ74CPgkFf8

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame B80E 236 KB
63 KB 52ms
15ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/Octopart_160x600_HTML5%20Canvas.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Mon, 31 Oct 2022 06:18:02 GMT

GET
H3 200 Octopart_160x600_HTML5%20Canvas.js Show response
s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/ Frame B80E 187 KB
21 KB 9ms
9ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/Octopart_160x600_HTML5%20Canvas.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/Octopart_160x600_HTML5%20Canvas.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27615767f67d2b790010e1f813150da21ed85f6f5f413132bd0bcb334a26ff18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/Octopart_160x600_HTML5%20Canvas.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 05:23:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 347959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21807
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 21:49:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 27 Oct 2023 05:23:43 GMT

GET
H3 200 vLbRz7g6TQ5oo3iSl-9A8cc-tNTKSUSKynQIdvKxkcY.js Show response
pagead2.googlesyndication.com/bg/ Frame 916F 36 KB
16 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vLbRz7g6TQ5oo3iSl-9A8cc-tNTKSUSKynQIdvKxkcY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcb6d1cfb83a4d0e68a3789297ef40f1c73eb4d4ca49448aca740876f2b191c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sat, 29 Oct 2022 06:14:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172089
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16061
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 29 Oct 2023 06:14:53 GMT

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame 839E 7 KB
3 KB 21ms
8ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=25719500014102605671049012129007&a=14dd7da3
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=9jva1sfkle8t&nw=20&renderingType=javascript&namespace=3e0f294278&subid=&uid=e5ca148aded8f428&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DY19lFQAOmBsH_ZlcUgbQvg%26exch_seat%3D20035004448%26mt_aid%3D5197763193406564345%26mt_id%3D11050095%26mt_adid%3D215543%26mt_sid%3D12460949%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_cid%3Dfd96635f-6516-4d01-b31f-303072438380%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqnM3FWVfY8COMtHox_APnOmksAvPh46bXMCG2YLGAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03MjA2MDIxNTU0NzkzMDQ4yAEJ4AIAqAMBqgSFAk_QVlfTHUQbzt8QTNSg86Ttqb-IPc3OSGg5I03OU2HROyxjoB1tzyjjGINUcll6UUJAJTLzmHevPtX8n4JAdqfwPUywkjzn1UCsdQruyXChlh9fw-kcMFIE-0086ojtxdpyhTaKYw153s4STFZMeNKRIiyoTKOxxHZk0ZF4YWvgtyyi8JI79lRnExVUrdU3WcSfXgHirUCpheS-naOshJt9MtSpQ2m1jRXfiyWdVdMMd_FWVPDxjZMDca1uI-t1O6X4uxBjMEz3ebcqJcAjJ6X5132IQc2XI6J9x4CBqTjdSh32zwL3riFvlGY9pOu3Tdh9CEdwbjqrFklv7ihQsY0dFhp-OOAEAYAG-_eThpqvqY54oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1V_lFK1VBW06TgHUR2hJ1MpWunww%2526client%253Dca-pub-7206021554793048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.figures.com%2F&ancestorOrigins=https%3A%2F%2Fwww.figures.com&random=4818116271534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 4558288dedfc4d135632f91cbea38052692b0a0e37c7d8cafe25fdc0c627a2fd

Request headers

Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2300
Content-Type: text/html; charset=utf-8
Date: Mon, 31 Oct 2022 06:03:02 GMT
Expires: Mon, 31 Oct 2022 06:03:02 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 76C8 1 KB
643 B 8ms
8ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 58722
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 30 Oct 2022 13:44:20 GMT
etag: 48472445140208031
expires: Mon, 31 Oct 2022 13:44:20 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BD7A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d26727e8b515313272235704b0b822ff34a7fc6b618d505d60bff7242c880804

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 839E 89 KB
32 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=25719500014102605671049012129007&a=14dd7da3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sat, 29 Oct 2022 23:35:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109641
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Oct 2023 23:35:41 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 839E 730 B
924 B 85ms
20ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=58476417;click=https://hal90007.redintelligence.net/c/pw9k2tbh69oeq68?tprd=

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=25719500014102605671049012129007&a=14dd7da3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

753e3643548651bb65a49786305dd91b2866753f0319672b84b30a960896777b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 531
expires: -1

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D3F4 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 58722
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 30 Oct 2022 13:44:20 GMT
etag: 48472445140208031
expires: Mon, 31 Oct 2022 13:44:20 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 8E4D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00c716a471626c81fcb752120493826e36f3f7cbe2e1c80bc1a4475aa9c4cfb0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Octopart_160x600_HTML5%20Canvas_atlas_1.png
s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/images/ Frame B80E 42 KB
42 KB 9ms
8ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/images/Octopart_160x600_HTML5%20Canvas_atlas_1.png

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fded1d32a878df8bf2aa564379c606edc95089633e39a69f777cd0fcb6cd2bd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/877130349909764417/Octopart_160x600_HTML5/Octopart_160x600_HTML5%20Canvas.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 05:03:00 GMT
x-content-type-options: nosniff
age: 522002
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42844
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 21:49:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 25 Oct 2023 05:03:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame A6A6 0
0 62ms
45ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuILyAtz8cvvM8llm_P_GC_IjlOMH1lw_QSHIjIHZfHdIOJkvxlg7y-xC7ltK7A3CSxub-TvIFapjhc0UfrZ4uwoJLRFs_RQk_UES8WghX3OYOhPxmGaetPHzvPOy3S_365cnVfurvWCG7ROzwJqJjuLFQrITW0Fl6pYkmyUv9OrmTMN6C4GdjG6g0qDADaNVQ4Y7Yim_BfzViovvr0xfxJWGeMnUmVtwTeDqbQz705etRiuVIlxy1zRS9yjFZ3PrjoO3kivxK-8txkqd_2rgdi8hCaVPieYnIdr2dp9EQmMDjfSw20tbS6uo4ofagfUcxd6OehzFTdXwI1vAyR2aGzvEC_t0Fi67VM0nvtHHm-9-upANT5pPfMOsSSt1n07-Eqdfx1YZ6aW7dmWaKtyP3mWnbAa12EpFPM7CSNtSeeTe3Evj_3ppvCDrcFTsRIxITfnOYaekEazNku3dSYJRRPP0J0ugEmGrNlCeSt3hYOdH3552qU-2XaqKA_o02eDvdIzrkFyYYsZd-k9y0CIGRJaJvl560wTVWDDnak8OAmIrsqwH3swLW8KFkYjzYSiGq6mm2Lh8bW7aL7IiW0XKuNS7Ek6Wcc0EFFSXkBEuFYSSZ_z0oiHdAp-5n4NLHRC0uJd1F-XWIbSJB-mCY8beDLL7N_Am9yLw71lAHSF0aGYp1NfYSJ-d_vS-pUZ_Jr689_0p_yji3u1iAQROQoiAPLGJ1RMbUY-uygCaU6TMmbICiw48waiw3FQb_CEwquUTqJc2pL9mLJkEz5q50CTBj9hYpn8PZnHAEVcUH4SYdKobImZuusWYT16Vyeq_lG0okwqK4zEsy3jYYQO6QTVW0Crft-4Y2Ccl_B-6jCUkcoiAudHQaZO56_RwshwzufVYOVoVyLzQ_aBo21_Gzu3kog88__vTNrB10bk8mMyKpXqtGlnO5WRhgRIMvvmBvzZ1eTBV3ZGFMVcvug-ZE-W1UUyMNpXCGwjiSB6zL4c_aYJGGfME6OE2iSX9VwXXbz834_UyF0M6PtMq06cPwRhAh-h5Xobop5ZfTzItVPMFzDWaAVaAfWRMEgcw0Ph77h-_yfAWW-05TzCTu0vLfm1EDGS4h5Sk0kh9QJ_goSv5c_1T8&sai=AMfl-YQuqq0C9czkoidlWOtp5BWa_ZDazzTtBaVh60qiYC3DKN1YrbKSbscD0AuglKUvaEmdjoITRTM-AhmDQaZg_HSinutwdjW0jGerqw-uf7zljgkZHn6X3jdLbbkabKmMGLb6fpx1cg&sig=Cg0ArKJSzNK5TOm4R0_cEAE&uach_m=[UACH]&pr=6:0.032726&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=418&vt=11&dtpt=192&dett=3&cstd=223&cisv=r20221026.50393&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 31 Oct 2022 06:03:03 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 76C8 0
104 B 94ms
26ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOKBXKUGugZpjy3ZyJurdLM&google_cver=1&google_push=AZmPxg-56mLnLdUVJngJfs6PNmWwEpHyTKXRmlzXyZlch8ebss0fE0uWk3PPGVrYuMg87DRTNmH8SxVvqGErtWgZEc5jchOD8A4
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76C8
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEFGubJFwkuoAJ-o8nXVEde8&google_cver=1&google_push=AZmPxg9NCOY8luUg-yv9OP-EUyskG4BA54-CS41b6J7nnxP0TeZaTovNEGJLnK15rD6ZLSaxWY_4d...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AZmPxg9NCOY8luUg-yv9OP-EUyskG4BA54-CS41b6J7nnxP0TeZaTovNEGJLnK15rD6ZLSaxWY_4dgGTjalSglQYfnqVzVp2rZI

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AZmPxg9NCOY8luUg-yv9OP-EUyskG4BA54-CS41b6J7nnxP0TeZaTovNEGJLnK15rD6ZLSaxWY_4dgGTjalSglQYfnqVzVp2rZI

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 31 Oct 2022 06:03:02 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: FC5B142188084A6382C7FCAC89E52389 Ref B: FRAEDGE1922 Ref C: 2022-10-31T06:03:03Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AZmPxg9NCOY8luUg-yv9OP-EUyskG4BA54-CS41b6J7nnxP0TeZaTovNEGJLnK15rD6ZLSaxWY_4dgGTjalSglQYfnqVzVp2rZI
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXsTlxDYwdS6WeZaNjZ2w==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76C8
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEH0u8Ji9r0WBtVfp0FgNIMk&google_cver=1&google_push=AZmPxg-JfOTdxTmLvzLF7N3gtUA7eyY4q4_N1IH0Cgcg9U4LcakGSq6Gkx4bdge38yoPCDt_m4jHhO8JAeidWR...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE2MDU1MzA4MjAwMTg4MTIzMw%3D%3D&google_push=AZmPxg-JfOTdxTmLvzLF7N3gtUA7eyY4q4_N1IH0Cgcg9U4LcakGSq6Gkx4bdge38yoPCDt_m4jHhO8JAeidWR5sGm...

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE2MDU1MzA4MjAwMTg4MTIzMw%3D%3D&google_push=AZmPxg-JfOTdxTmLvzLF7N3gtUA7eyY4q4_N1IH0Cgcg9U4LcakGSq6Gkx4bdge38yoPCDt_m4jHhO8JAeidWR5sGmftg2Bu--M

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE2MDU1MzA4MjAwMTg4MTIzMw%3D%3D&google_push=AZmPxg-JfOTdxTmLvzLF7N3gtUA7eyY4q4_N1IH0Cgcg9U4LcakGSq6Gkx4bdge38yoPCDt_m4jHhO8JAeidWR5sGmftg2Bu--M
Date: Mon, 31 Oct 2022 06:03:03 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76C8
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEAExetVWlXc9cQLjlmiCu8w&google_cver=1&google_push=AZmPxg8RcUeGbcKnLpxO5cUtLFe1Ll9zlRC32CFIVupCZiOXy-0Ty7fJscDpNpELUvbcRHNvV1COCpW33HF...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AZmPxg8RcUeGbcKnLpxO5cUtLFe1Ll9zlRC32CFIVupCZiOXy-0Ty7fJscDpNpELUvbcRHNvV1COCpW33HFN4EKEUSdfVhtAkXk

170 B
188 B

19ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AZmPxg8RcUeGbcKnLpxO5cUtLFe1Ll9zlRC32CFIVupCZiOXy-0Ty7fJscDpNpELUvbcRHNvV1COCpW33HFN4EKEUSdfVhtAkXk

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AZmPxg8RcUeGbcKnLpxO5cUtLFe1Ll9zlRC32CFIVupCZiOXy-0Ty7fJscDpNpELUvbcRHNvV1COCpW33HFN4EKEUSdfVhtAkXk
Date: Mon, 31 Oct 2022 06:03:03 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76C8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=HI2jLlrQRbGAGvlXROKIdA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

19ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=HI2jLlrQRbGAGvlXROKIdA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AZmPxg9aO_2nj56_eU4sLB1o1l-jPJJVmP-c8rr50q8c4RUL_ARSWTR6ulq2l30nYwzmiLSJvZ4OLf6E8I93hSvUjDjYnsaSbg

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=HI2jLlrQRbGAGvlXROKIdA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AZmPxg9aO_2nj56_eU4sLB1o1l-jPJJVmP-c8rr50q8c4RUL_ARSWTR6ulq2l30nYwzmiLSJvZ4OLf6E8I93hSvUjDjYnsaSbg
date: Mon, 31 Oct 2022 06:03:02 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 76C8 42 B
233 B 159ms
85ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEBtw9G5GMiEXItgGvvEB8Lc&google_cver=1&google_push=AZmPxg9MWl2BEad2enX4uKbhneQ80HWTzgqMJ3arVIPsFSE8LxvbsLy2eVcGiFLBhmUqy09OXs2doG6gVIrbK76_xdr-sdVVa8_Q
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:03 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76C8
Redirect Chain

https://sync-dmp.aura-dsp.com/match/google?google_gid=CAESEH73Kl7BOWg1xx-VVS0MkoU&google_cver=1&google_push=AZmPxg8hX4yoj9wacESJG-6OwhJK_TA2OGdN_spxB8iPkvatkF8Xan2eKpj3LM12kbKkxUV8xrYA6yPKOLNn-uYcN...
https://sync-dmp.aura-dsp.com/match/google?google_gid=CAESEH73Kl7BOWg1xx-VVS0MkoU&google_cver=1&google_push=AZmPxg8hX4yoj9wacESJG-6OwhJK_TA2OGdN_spxB8iPkvatkF8Xan2eKpj3LM12kbKkxUV8xrYA6yPKOLNn-uYcN...
https://cm.g.doubleclick.net/pixel?google_nid=sol_networks_limited&google_hm=NmNhNzY0Y2IyNDVhZjkyMg&google_push=AZmPxg8hX4yoj9wacESJG-6OwhJK_TA2OGdN_spxB8iPkvatkF8Xan2eKpj3LM12kbKkxUV8xrYA6yPKOLNn-...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sol_networks_limited&google_hm=NmNhNzY0Y2IyNDVhZjkyMg&google_push=AZmPxg8hX4yoj9wacESJG-6OwhJK_TA2OGdN_spxB8iPkvatkF8Xan2eKpj3LM12kbKkxUV8xrYA6yPKOLNn-uYcNgJ2ZaCTLXC2

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 31 Oct 2022 06:03:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: nginx
x-frame-options: SAMEORIGIN
location: https://cm.g.doubleclick.net/pixel?google_nid=sol_networks_limited&google_hm=NmNhNzY0Y2IyNDVhZjkyMg&google_push=AZmPxg8hX4yoj9wacESJG-6OwhJK_TA2OGdN_spxB8iPkvatkF8Xan2eKpj3LM12kbKkxUV8xrYA6yPKOLNn-uYcNgJ2ZaCTLXC2
content-length: 0
x-xss-protection: 1; mode=block

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 76C8 0
12 B 16ms
16ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IazSDgW8GFJuCLoCEvyh8XepDiexUb0x5mSKKR3UuQxbs6oKytVRlyWfr5bSRACRdB39nFecc

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame D3F4 35 B
463 B 40ms
11ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEOwvtmCT1rrOPU8L27lPYJU&google_cver=1&google_push=AZmPxg8tjTSoBLBqg5xIXrBWR9NkdAekxLm7OOFmFJqbYZ0XODLwDrmpAH4zRuJBcCSuH7URfcPTBhedhqzSnJWUzcCRJhFW5lE7

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame D3F4
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHQFDJ4E09aYxGWNDHnDp8Q&google_cver=1&google_push=AZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHQFDJ4E09aYxGWNDHnDp8Q&google_cver=1&google_push=AZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWi...

43 B
418 B

173ms
163ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHQFDJ4E09aYxGWNDHnDp8Q&google_cver=1&google_push=AZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 762a2f716a1c68ec-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 160
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHQFDJ4E09aYxGWNDHnDp8Q&google_cver=1&google_push=AZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg-xnte9Pq-m82WdIUgnDj1YNbNdQfYncXTjQ3tFeB5-E6HPzS621Fw0WGxPYVR4QZUxKh_rS_4ZBNLOA3taAAVTTIGvMWic%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 762a2f701f9068ec-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3F4
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOeyltIejgu2ECRE6NvdaJY&google_push=AZmPxg81ODsFrnORqdhoXn_fBjgpJmXoNElzd8bGpXKQuXRfR7_PjfG_5m...

170 B
188 B

20ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOeyltIejgu2ECRE6NvdaJY&google_push=AZmPxg81ODsFrnORqdhoXn_fBjgpJmXoNElzd8bGpXKQuXRfR7_PjfG_5mYa11QuaHRgpaUIm3UVSePWWkgi2RS6Xjz49ddN7nEC

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn4042-HHN
pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1667196183.070541,VS0,VE92
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOeyltIejgu2ECRE6NvdaJY&google_push=AZmPxg81ODsFrnORqdhoXn_fBjgpJmXoNElzd8bGpXKQuXRfR7_PjfG_5mYa11QuaHRgpaUIm3UVSePWWkgi2RS6Xjz49ddN7nEC
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3F4
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEFGubJFwkuoAJ-o8nXVEde8&google_cver=1&google_push=AZmPxg8CSBtvYYtXjINkK5xlXLTTR7GwTNtAV7J7LGONahHV1USk4ADfMo0V9T7ZBjESeCADE4Q3q...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AZmPxg8CSBtvYYtXjINkK5xlXLTTR7GwTNtAV7J7LGONahHV1USk4ADfMo0V9T7ZBjESeCADE4Q3qxS2332H4byhEp6uF_YsfRld

170 B
188 B

19ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AZmPxg8CSBtvYYtXjINkK5xlXLTTR7GwTNtAV7J7LGONahHV1USk4ADfMo0V9T7ZBjESeCADE4Q3qxS2332H4byhEp6uF_YsfRld

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 31 Oct 2022 06:03:02 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9EB49F1F1EB445A592F1AFA4084228C5 Ref B: FRAEDGE1922 Ref C: 2022-10-31T06:03:03Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AZmPxg8CSBtvYYtXjINkK5xlXLTTR7GwTNtAV7J7LGONahHV1USk4ADfMo0V9T7ZBjESeCADE4Q3qxS2332H4byhEp6uF_YsfRld
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXsTlxDsjx5t8kCrIRfwg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3F4
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEMhQP6I6ssmxWxNA3ojKww&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEMhQP6I6ssmxWxNA3ojKww&google_push=AZ...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEMhQP6I6ssmxWxNA3ojKww&google_hm=Y19lF3VG-m49ic0ISzhHUgAAFAEAAAIB&google_nid=index&google_push=AZmPxg85A5aSRhc2OQvFBwGoP6fnbtlLmRDB5...

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEMhQP6I6ssmxWxNA3ojKww&google_hm=Y19lF3VG-m49ic0ISzhHUgAAFAEAAAIB&google_nid=index&google_push=AZmPxg85A5aSRhc2OQvFBwGoP6fnbtlLmRDB5HkRqEeT5IGdzjGhWYOnMXC08hK3pcImafPifOoKiwn0raKP-aS4WpaRbl2pGA8

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsKVA4%2FRpJcQ3UWWzmsxUrbZSVHldHm3KPxzCYID8Kbj7oR8Yaq4lWgn1CMo1cf3nQxHVn9pgsibGntQiALGdSjpt1lx%2By9Dpi6nvJ5xL5%2FI5N48X92fDmktOQx6Kv3fgn79r0LM08mtHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEMhQP6I6ssmxWxNA3ojKww&google_hm=Y19lF3VG-m49ic0ISzhHUgAAFAEAAAIB&google_nid=index&google_push=AZmPxg85A5aSRhc2OQvFBwGoP6fnbtlLmRDB5HkRqEeT5IGdzjGhWYOnMXC08hK3pcImafPifOoKiwn0raKP-aS4WpaRbl2pGA8
cache-control: no-cache
cf-ray: 762a2f705bba910a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame D3F4 0
75 B 29ms
28ms Image
text/plain 185.86.137.108
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEC6iygqqEP3CvAFrTOPtcUE&google_cver=1&google_push=AZmPxg-tIkAS6r6UO45ilwGRER8hD7SmwO026wy-iqcZeACcHD0QIH-yH7ShOA9kEmhvkfMMZJY1lPt2PAvTVI72hpo3b-t9l_SB
Requested by: Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.108 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:02 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3F4
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIzCOnYWwxEVTTKS1bIq0eM&google_cver=1&google_push=AZmPxg9Q89Nfe3lv-rNIQ4cE0Pz1YEzBrP-jMfAAlW7FBtphFTTrgTLfOqiyvSQg3SK8aGk8iT...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIzCOnYWwxEVTTKS1bIq0eM&google_cver=1&google_push=AZmPxg9Q89Nfe3lv-rNIQ4cE0Pz1YEzBrP-jMfAAlW7FBtphFTTrgTLfOqiyvSQg3SK8aGk8iT...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1NS0NWM0tGRTJ1RzNkdDNudGN2dWxzVndZM1NkWUlBNn5B&google_push=AZmPxg9Q89Nfe3lv-rNIQ4cE0Pz1YEzBrP-jMfAAlW7FBtphFTTrgTLfO...

170 B
188 B

19ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1NS0NWM0tGRTJ1RzNkdDNudGN2dWxzVndZM1NkWUlBNn5B&google_push=AZmPxg9Q89Nfe3lv-rNIQ4cE0Pz1YEzBrP-jMfAAlW7FBtphFTTrgTLfOqiyvSQg3SK8aGk8iTUob-wAYoC7Thn-jPKkVSHejz7FIg

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1NS0NWM0tGRTJ1RzNkdDNudGN2dWxzVndZM1NkWUlBNn5B&google_push=AZmPxg9Q89Nfe3lv-rNIQ4cE0Pz1YEzBrP-jMfAAlW7FBtphFTTrgTLfOqiyvSQg3SK8aGk8iTUob-wAYoC7Thn-jPKkVSHejz7FIg
date: Mon, 31 Oct 2022 06:03:03 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D3F4 0
12 B 16ms
16ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LwPgfHeYApAYGyW1650F_0ZzqYGam6DODk6bdLkPiakxWJda1vYx3FMDI4DrrVh8EaUEZCSw

Requested by

Host: ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
URL: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 839E 0
150 B 22ms
8ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=25719500014102605671049012129007&a=0448a781&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=25719500014102605671049012129007&a=14dd7da3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=25719500014102605671049012129007&a=14dd7da3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:03 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 839E 34 KB
16 KB 90ms
21ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=58476417;click=https://hal90007.redintelligence.net/c/pw9k2tbh69oeq68?tprd=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 2bc342ab9f4dea0eb0b244afb0e55862e8f8eadf462e36b16c3bdf6b33c0f87d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:36 GMT
content-encoding: gzip
last-modified: Tue, 04 Oct 2022 07:27:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 01 Nov 2022 09:14:56 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9C21 42 B
64 B 58ms
42ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv7IsKqulJbbZYiBa_zTd_9eca6qys4xEV8amoxwsZtRg1fttYblR3DH6o9SdsZXtoT14L-AWFk33a2VVTqB_MAD45sQTuh9Ms-unJY7lUtf8FFvU3D&sig=Cg0ArKJSzJL5ceAy9UtMEAE&id=lidar2&mcvt=1013&p=248,1090,308,1210&mtos=1013,1013,1013,1013,1013&tos=1013,0,0,0,0&v=20221027&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=2213930210&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667196181915&rpt=139&isd=0&lsd=0&met=mue&wmsd=0&pbe=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 916F 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BaoLcFmVfY4jBHre4x_APtseN8AsAAAAAOAHgBAI&bg=!KimlKW3NAAZPh4lnb4c7ACkAdvg8WtW4eFOuR5mkoFRoUMGzF4XpK6rmNWmgltU92QrSZqPu4N4YQQIAAADcUgAAAAJoAQeZAufwo86bUBto6OdAPNdjFCI5QeLP9VM-OS_zdb5TgwCVl6Z1yQaOwqZPy7JiNmRglryXOxkjYX6sHEFO3Y64eWBlIrzCcV3RkodnXYr39qDfvkt3Pd20xQBCq6hnncD9ZZ6-21Mdg8MEuw4EGOzgcs9xb7XSbWFwBY-3Kv0Bo6DLVmp4Rqp0UpioC56GYbGnSzBpaR8PQbJRBlvbtXppaUeEU0twrYNrszhTtduGiwsiw8TG-JxPwj_eW5uY1qUnUJLc1TEAZgTZ3rgffE-piqInvhWfC0ufhdQM94NQIuzPH6FP91iG4RgM1nuhyR9GTGA9DpXlKKU3_43Yf_W9juJjzLqSficCfzMCJ5lwyrczNf9FOOyl-GiRxWEc0BLam0QI5WUUtH2Lb78tqmoKQkxi_DNoRrlO1bn2aN7yIt0EKGY6HqbTGNkruwo3KXAiH_wGBpPvJvY40HZuBJUs5FDDIibV7zzqWFliUL_3AIE5hLLMpKmo9Rsaur5Yy2ETYPiSLd1cikzoMJNYrhEsFJ4UxQXFmqks3p_79gtaZQD6bBmrbiSbMK53v1BFfH3NjzB4rQD1mJg0UW-f_0Yvx2q2uv3AWrAfcOScZ4VwmsiEfAY6eEwgLwPoyVYBoNTM-1m8UPpvdUq5zl0ERHu7JjcDftruZgMlovYM-1wl9y4Szt9BOQeeNvkcu5B3cjH-WOu1AgAOMb7UqodGa4s_HiLAO3lch11YfYEAUUc9nbkbGvvd7oTTO9eAZgqqckbWV9E3dsJiQoBqPYKvHgNXQqjTHq56Af66C-bzLIZiCpLFxnilpN4a7uHoJcctFUnc1zc_9zolAEQe9fO1jFImdqZTDSJNRVboRX4KkFnHOVBbPqxBkOTkjYIiLFm9_jWiGRD1YWMmkuSHU1PkHygqh12IoSzWr1W0IsIpRQdOCaWiHWR_SmgzJbe877xVY1-y9FYVkdpu03FqoiVHR4g0doA55z6q_Po2YQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 839E 4 KB
2 KB 19ms
19ms Script
text/javascript 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=58476417;click=https://hal90007.redintelligence.net/c/pw9k2tbh69oeq68?tprd=;js=1;adfxid=1x;5061;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fwww.figures.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d89714d3d6829a2268eb3f85b5e39f7e442bd40585946c84988018d8d7d6e0b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2028
expires: -1

GET
DATA 200
OK truncated
/ Frame 839E 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.223/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame 839E 90 KB
39 KB 26ms
26ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.223/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 532a8e65348794f09d3decd5b7aae67a0acdea25b0ad787c604edc4d02f29709

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:36 GMT
content-encoding: gzip
last-modified: Tue, 04 Oct 2022 07:27:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 01 Nov 2022 09:14:59 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 839E 35 B
477 B 19ms
19ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=58476417&csi=zHMmiRXNpKi4U0OzGQ-R-HIe0H4c4PFuXuy3jGf4Bb3rygPkIxxfk7-BMRyb35n_3de0caDB4EuQlElgGgjRK96vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal90007.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal90007.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 publishertag.prebid.113.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 100ms
39ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.113.js

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 08 Sep 2021 12:50:31 GMT
server: nginx
etag: W/"6138b197-1532d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 01 Nov 2022 06:03:03 GMT

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 28ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:03 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 11826009.js Show response
s1.adform.net/Banners/Elements/Files/160090/11826009/ Frame AC14 118 KB
28 KB 22ms
22ms Script
application/x-javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/11826009.js?ADFassetID=11826009&bv=258
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 9f5fcfada7749772674a623f7576a0eb93ef31cc05d019965d9097e424d3a60c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:36 GMT
content-encoding: gzip
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx00000e79162f2d5ac7142-00635f2c80-3293868f-default
etag: W/"6bdd42878b609fd604e9d7268bd53c7f"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H3 200 Enabler.js Show response
s0.2mdn.net/ads/studio/ Frame AC14 136 KB
46 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/Enabler.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.223/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf6ec42c97f86957a324a484a37dd528b568a9ff2570965be53e6ec4b0dfdae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:54:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 534
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46978
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 19:45:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 31 Oct 2022 06:09:09 GMT

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame AC14 30 KB
14 KB 20ms
20ms Script
application/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.223/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:36 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: nginx
x-amz-request-id: tx00000c4f2142fce517ebb-00635b925c-32940f80-default
etag: W/"4731aef0a5114a59b4311776d270e848"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 48F5 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvyC5NVjKLjWG_hNj0YwMpqmhgWlLmHf-QIXdXNWyhpC0f3qrLxgNB2W1ZPJqyLkjUfYI9S5qKb9Bifi0hGgch08WCXAyPE4lEvM96opqquFtNHKp67&sig=Cg0ArKJSzExcPnNCIGTjEAE&id=lidar2&mcvt=1000&p=493,1070,1093,1230&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221027&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3632607776&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667196182304&rpt=117&isd=0&lsd=0&met=mue&wmsd=0&pbe=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B107 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstZy4_utfLxc_fwug8cYULGPmjqFFTvP_Iw1j989F6S4DbDl1Kz1zXkshr6BHXSueO7oqZezSfq2ahXtGKmKHBgNtlP-LMG21jWE5uXxj-OQAjXvGIn&sig=Cg0ArKJSzD9hYGy_RBRgEAE&id=lidar2&mcvt=1001&p=56,672,146,1400&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20221027&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3142667483&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667196182275&rpt=130&isd=0&lsd=0&met=mue&wmsd=0&pbe=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 9B56 15 KB
6 KB 82ms
16ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.figures.com&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 31 Oct 2022 06:03:03 GMT
server: Kestrel
server-processing-duration-in-ticks: 669852
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 62ms
31ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.figures.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 06:03:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 01 Nov 2022 06:03:03 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 9B56
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=figures.com&sn=ChromeSyncframe&so=0&topUrl=www.figures.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=sFnTH3xWdFJia2oyeFV3WFJ5SDV6QXIrcnFBSDlDOVF4Y0gzcEwyQ2lxeG5NT3ZQT2hhRGFLRmVZN3V2WmRaV3JiOVRZaUJFaU1wdzNvSEtzSE1zeFJLM2w1azhJcVFXMjd5VGk3cTdFc3YvSE9hV2NVREMzRmFPNmoyTT...

420 B
667 B

71ms
16ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=sFnTH3xWdFJia2oyeFV3WFJ5SDV6QXIrcnFBSDlDOVF4Y0gzcEwyQ2lxeG5NT3ZQT2hhRGFLRmVZN3V2WmRaV3JiOVRZaUJFaU1wdzNvSEtzSE1zeFJLM2w1azhJcVFXMjd5VGk3cTdFc3YvSE9hV2NVREMzRmFPNmoyTTU4Y1AzM0piMjRFLzk3bVhuQUJLdkJBUFNFYmtRdlMvRGJ3RXg1VG0wNHRDaUJFYjJqbmRqRzRjNm9lQXU2bFhyYlBqc1ZFUklhZzNtUS9TWTJWdU0zcDdYZlFSVWo0QTUwUTJhSUVpSHUyWitpVVZNZkFMRVdsQjNGcHBSSnNMeEVGNUdsVHZ4NW4xV2VTQW50aGk4RXh4Z1R5aE9nUT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b80590e5cd87bd79d9e87e6bb9f5271164bde13d6b5647b057d3cc81aca28e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2100103
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:02 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=sFnTH3xWdFJia2oyeFV3WFJ5SDV6QXIrcnFBSDlDOVF4Y0gzcEwyQ2lxeG5NT3ZQT2hhRGFLRmVZN3V2WmRaV3JiOVRZaUJFaU1wdzNvSEtzSE1zeFJLM2w1azhJcVFXMjd5VGk3cTdFc3YvSE9hV2NVREMzRmFPNmoyTTU4Y1AzM0piMjRFLzk3bVhuQUJLdkJBUFNFYmtRdlMvRGJ3RXg1VG0wNHRDaUJFYjJqbmRqRzRjNm9lQXU2bFhyYlBqc1ZFUklhZzNtUS9TWTJWdU0zcDdYZlFSVWo0QTUwUTJhSUVpSHUyWitpVVZNZkFMRVdsQjNGcHBSSnNMeEVGNUdsVHZ4NW4xV2VTQW50aGk4RXh4Z1R5aE9nUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 629714
content-length: 0
expires: 0

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 28ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:03 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A6A6 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst4E00BWD5mXk40RrEQUH4XyQodLoCkiijHXOmbqiqWYOTh2WKWiN7hcXCYsJz5goEocixLTVdAASsTok9CTwQbNubS&sig=Cg0ArKJSzBXxR1X49hEpEAE&cid=CAASFeRoR_-pcdsfmLtwoqIN808_Zy-vaw&id=lidar2&mcvt=1000&p=493,1240,1093,1400&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221027&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2824496062&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667196182314&rpt=422&isd=0&lsd=0&met=ce&wmsd=0&pbe=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A6A6 42 B
64 B 44ms
43ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssGuboc_kNUHELsgjjzRxM4s6auPqwAcZR-5HPHm70XLrdfU9UKJF62SAH8pkhDQ7kddv1NHks2ll-0FYk7eO2X1WpquNXgfs4&sig=Cg0ArKJSzM7dm_TOLn5OEAE&id=lidar2&mcvt=1003&p=0,0,600,160&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20221027&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=34&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667196182314&rpt=489&met=mue&wmsd=0&pbe=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BD7A 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1bAxb1wnBFkw75p3lsspLaPm-ao3QE87MH3v_TzLsMERdxqDY9jOKnLraZpdApbgyr3K5I1xX6rrbaGa3XX0M5hMq&sig=Cg0ArKJSzOg4X7iEHMBDEAE&cid=CAASFeRoj9az5wjBwywRPVeMqNc83WToxA&id=lidar2&mcvt=1000&p=238,1085,488,1385&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221027&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4278815359&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667196182302&rpt=607&isd=0&lsd=0&met=mue&wmsd=0&pbe=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 29ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:04 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 839E 0
150 B 24ms
8ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=25719500014102605671049012129007&a=0448a781&vb=v
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=25719500014102605671049012129007&a=14dd7da3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=25719500014102605671049012129007&a=14dd7da3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 06:03:04 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H2 200 vs.figures.com Show response
e.deployads.com/e/ 2 B
126 B 28ms
28ms XHR
text/plain 54.72.99.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/vs.figures.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/vs.figures.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.99.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-99-250.eu-west-1.compute.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.figures.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 31 Oct 2022 06:03:04 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame BFE7 3 KB
2 KB 52ms
15ms Document
text/html 104.18.13.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.13.76 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 978
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 762a2f7acd0392ad-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 31 Oct 2022 06:03:04 GMT
expires: Mon, 31 Oct 2022 10:03:04 GMT
last-modified: Mon, 25 Jul 2022 19:18:30 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame F47A 1004 B
859 B 23ms
17ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: f39a7fefc00fd9512f4b87aa3e161e520711267a8751559f7c26c79677de2f21

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 541
content-type: text/html
date: Mon, 31 Oct 2022 06:03:04 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E734 15 KB
6 KB 53ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158492&gdpr=0&gdpr_consent=
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=131011
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 31 Oct 2022 06:03:04 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 01 Nov 2022 18:26:35 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame BE89 52 KB
17 KB 40ms
10ms Document
text/html 23.35.236.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: www.figures.com
URL: https://www.figures.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-188.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 31 Oct 2022 06:03:04 GMT
ETag: "623de86a-cf34"
Expires: Tue, 01 Nov 2022 06:03:06 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Unused62: 8096267
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame F0B3 21 KB
8 KB 70ms
25ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUP91F1X&prvid=77&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: www.figures.com
URL: https://www.figures.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0896d32ba0cb3839d3eaf83e6c1c36e6d290a6d34f27482459a5cb2b0becbba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.figures.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=146953
content-encoding: gzip
content-length: 7831
content-type: text/html; charset=UTF-8
date: Mon, 31 Oct 2022 06:03:04 GMT
expires: Tue, 01 Nov 2022 22:52:17 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame F47A
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=7iiNTFc01OPnT25

43 B
61 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=7iiNTFc01OPnT25
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:04 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/5502e06#5502e06d7dbe3c52c9a5559e1550ac262fba6e07 i-0eed724e77eae7a40@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=7iiNTFc01OPnT25
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame F47A
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=openx&bsw_custom_parameter=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=283&user_id=7b83b139-4df5-49dc-8f79-23619d64bb8b&expires=1&user_group=5&ssp=openx&bsw_param=63c21d0a-eca1-4c96-bb90-a8367a8f97b0
https://us-u.openx.net/w/1.0/sd?id=537072968&val=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&gdpr=&gdpr_consent=

43 B
61 B

17ms
17ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&gdpr=&gdpr_consent=
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //us-u.openx.net/w/1.0/sd?id=537072968&val=63c21d0a-eca1-4c96-bb90-a8367a8f97b0&gdpr=&gdpr_consent=
Date: Mon, 31 Oct 2022 06:03:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame F47A
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=6864416191012682273

43 B
61 B

27ms
16ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=6864416191012682273
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:04 GMT
AN-X-Request-Uuid: 4dd50780-147d-4920-b22c-fd161b0bbf7a
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=6864416191012682273
Connection: keep-alive
X-Proxy-Origin: 81.95.5.41; 81.95.5.41; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK ox
match.prod.bidr.io/cookie-sync/ Frame F47A 43 B
433 B 177ms
73ms Image
image/gif 54.247.105.151
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/ox

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.247.105.151 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-247-105-151.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:04 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame F47A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=fd96635f-6516-4d01-b31f-303072438380

43 B
61 B

17ms
17ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=fd96635f-6516-4d01-b31f-303072438380
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 31 Oct 2022 06:03:04 GMT
Server: MT3 4539 98cc2da master zrh-pixel-x24 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=fd96635f-6516-4d01-b31f-303072438380
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 31 Oct 2022 06:03:03 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F47A
Redirect Chain

https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=tS3WorUr0vOuLoamsC_O9eAshvSuetD3ty4LVXaR

43 B
122 B

22ms
16ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=tS3WorUr0vOuLoamsC_O9eAshvSuetD3ty4LVXaR
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=tS3WorUr0vOuLoamsC_O9eAshvSuetD3ty4LVXaR
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame F47A
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2836264411958583388

43 B
61 B

17ms
17ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2836264411958583388
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2836264411958583388
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame F47A 70 B
264 B 39ms
32ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=4ca95f3a-bfc0-36ca-4d74-2317af43df79&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame F47A 170 B
188 B 23ms
18ms Image
image/png 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjBjNjhjZjAtNzZiNy02ODZlLTU4OTQtNzlhZTY1YTExMTE5

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F47A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMr5ETZA1EhFiLEaHUXOoag&google_cver=1

43 B
106 B

20ms
19ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMr5ETZA1EhFiLEaHUXOoag&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=bad18d41-889b-44c1-975e-bcd3b8a49854&gdpr=0
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMr5ETZA1EhFiLEaHUXOoag&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 839E 35 B
477 B 21ms
20ms Ping
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=2836264411958583388@@58476417,8569848227005310412,100|1208|0|0|0|0|0|0|0||47|1|||||1|0|0|KpT3V6JA-mxcPlakbYq96YhoMTiQdyQAtPn1LjEPIZI4ikWIdgAQNvL_QlhaeLlf0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal90007.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 06:03:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal90007.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BE89 0
737 B 14ms
14ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 06:03:05 GMT
AN-X-Request-Uuid: 0d875859-cdd5-4e5b-998b-8f171a876888
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.41; 81.95.5.41; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 LOGO2.png
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 8 KB
8 KB 20ms
18ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/LOGO2.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: a2229c24af2943e070824e62ee4797532359978c36e319affb023727ef261886

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx000002ca6697610128f34-00635f2c26-32940f80-default
etag: "c31ed0bbb7517eb550c72a40bcc367dc"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7705

GET
H2 200 cta2.png
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 5 KB
5 KB 20ms
19ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/cta2.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 97c585069889cec597ddad16f61f2b06c08c4ce15414f00b700cd4c9e72dff4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx00000b6979f385e50b850-00635f2c83-32941e2b-default
etag: "4ab1f7525e89077edf2a43da88ccbdc5"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4731

GET
H2 200 cta1.png
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 6 KB
6 KB 22ms
20ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/cta1.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: c2918fd887dbe6656f8173c24a24f56eb848facbd1ae3559de891a5bc8e54ac8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx000005704c5a2188466ae-00635f2c83-32941e2b-default
etag: "69336fd11662b54bb97d5e1481d0b4fb"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5970

GET
H2 200 Price.png
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 8 KB
9 KB 23ms
21ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/Price.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 97d74979abfda5655da0d301d6818be3b453b9b72bae8e6384b4d3bc06e2850a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx000000d70614ce446d6b1-00635f2c83-329354d9-default
etag: "26a28c039b6889e3f4a4c1d7d3f3fc33"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 8544

GET
H2 200 MEGADEAL.png
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 15 KB
15 KB 25ms
24ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/MEGADEAL.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: d89cf7d2f9f6b01a67583497b14bd26f4715093a8da2f0d6cf45d59ebd189a9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx000006b3aea7ea5083a4c-00635f2c7e-3293868f-default
etag: "52a815a050a27f1e4311c8bab07773a4"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 15490

GET
H2 200 textsmall.png
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 38 KB
39 KB 29ms
28ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/textsmall.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: e804fc1f825696a3e8c33c5118ae6c0310d5c22efb95c464d8c8b18f1167ae82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx00000016bc7fd107e893d-00635f2c83-329373d4-default
etag: "31942b1401371fa8b4bade6a8fcd8b56"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 39176

GET
H2 200 PIC.jpg
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 31 KB
32 KB 35ms
34ms Image
image/jpeg 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/PIC.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f2eee89d37a19d693fb6cd4809a5621f7c7ff2080fc41be51e4eaa30e760ab3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx0000084418400c17ebcd8-00635f2c83-32940f80-default
etag: "13b977f1c2a130be1dd1eb971bab2c27"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 32210

GET
H2 200 LOGO1.png
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 11 KB
11 KB 39ms
39ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/LOGO1.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 16f8c930cda82b6e19b5049862a1c8d7f8d0fbd69ed5dc7c0d7959fc978bf242

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx000006275b809b335bc7b-00635f2c83-3293aae9-default
etag: "2c89f4ef79b87c892bc42ad1f52ded10"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 11174

GET
H2 200 BG.png
s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/ Frame AC14 21 KB
21 KB 42ms
41ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/11826009/bvpath_258/BG.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: af2ee81b605fb1101c66d6897f1fdb859946c030e84f264814cee01f7a1910c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 05:58:39 GMT
last-modified: Tue, 04 Oct 2022 16:01:42 GMT
server: nginx
x-amz-request-id: tx00000338afaff049dc2e0-00635f2c83-32941e2b-default
etag: "b6860dfd31e513913f93a4af1e1428a1"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 21330

Verdicts & Comments Add Verdict or Comment

566 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

68 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.figures.com/	1970-01-20 16:42:36	Name: __utma Value: 214787720.933595329.1667196180.1667196180.1667196180.1
.figures.com/	1969-12-31 23:59:59	Name: __utmc Value: 214787720
.figures.com/	1970-01-20 11:29:24	Name: __utmz Value: 214787720.1667196180.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.figures.com/	1970-01-20 07:06:36	Name: __utmt Value: 1
.figures.com/	1970-01-20 07:08:02	Name: _gid Value: GA1.2.770562850.1667196180
.figures.com/	1970-01-20 16:42:36	Name: _ga_P7SQZM3W78 Value: GS1.1.1667196179.1.0.1667196179.0.0.0
.figures.com/	1970-01-20 16:42:36	Name: _ga Value: GA1.1.933595329.1667196180
www.figures.com/	1970-01-20 07:08:02	Name: vsCFIsEU Value: false
www.figures.com/	1970-01-20 07:08:02	Name: vsCFUserGeoIP Value: null
.gumgum.com/	1970-01-20 15:52:12	Name: cs Value: true
.cpx.to/	1970-01-20 15:52:12	Name: cpSess Value: 68dd43d2267a9b43
.pubmatic.com/	1970-01-20 09:16:12	Name: KTPCACOOKIE Value: true
.adnxs.com/	1970-01-20 09:16:12	Name: uuid2 Value: 6864416191012682273
.pubmatic.com/	1970-01-20 09:16:12	Name: KADUSERCOOKIE Value: 1C8DA32E-5AD0-45B1-801A-F95744E28874
.cpx.to/	1970-01-20 15:52:12	Name: dsp_pubmatic Value: 1C8DA32E-5AD0-45B1-801A-F95744E28874#1667196180230
.doubleclick.net/	1970-01-20 16:28:12	Name: IDE Value: AHWqTUmusSP0QBj4sxtOwviNQPr5-39xXNiv21Iu5r59yS-oH77I2fEMpLBFsLT92J0
.cpx.to/	1970-01-20 15:52:12	Name: dsp_dbm Value: CAESEMpFxYe6WP0j9wf1wJ7t6EI#1667196180271
.smartadserver.com/	1970-01-20 15:52:12	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 15:52:12	Name: pbw Value: %24b%3d16100%3b%24o%3d11100
.smartadserver.com/	1970-01-20 15:52:12	Name: pid Value: 6926188979171208080
.cpx.to/	1970-01-20 15:52:12	Name: dsp_app_nexus Value: 6864416191012682273#1667196180325
www.figures.com/	1970-01-20 07:06:37	Name: __rtgt_sid Value: l9wdk5xbmqvotd
.figures.com/	1970-01-20 07:06:37	Name: __utmb Value: 214787720.2.9.1667196181513
.openx.net/	1970-01-20 15:52:12	Name: i Value: 9f056063-1647-093d-17a2-ebffcb64ec84\|1667196181
.lijit.com/	1970-01-20 15:52:12	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/	1970-01-20 15:52:12	Name: ljt_reader Value: FkkrDBZHuoh-1Jj8TF-__hTl
.figures.com/	1970-01-20 16:28:12	Name: __gads Value: ID=81c99c75979f888e:T=1667196181:S=ALNI_MYE-LA09ZuwzLcQQ9BXMkaPSnXqAg
.figures.com/	1970-01-20 16:28:12	Name: __gpi Value: UID=00000b7a92b45299:T=1667196181:RT=1667196181:S=ALNI_MZaQOukAt8MjAtOHcCY63NbZ9xZGQ
.mathtag.com/	1970-01-20 15:52:12	Name: uuid Value: fd96635f-6516-4d01-b31f-303072438380
.yieldlab.net/	1970-01-20 15:52:12	Name: id Value: a509bd83-59c0-4451-9499-05fdc462ae2d
.sxp.smartclip.net/	1970-01-20 07:49:48	Name: uuid Value: 0ebf2e37-1665-5f63-5f54-09e98a72ed1e
.redintelligence.net/	1970-01-20 09:16:12	Name: 8lcfmzhxc8d6_uid Value: 240b1b4a90e8017e
.ads.avads.net/	1970-01-20 16:42:36	Name: av-mid Value: b7102a91-adc9-4c1f-9eea-b9c6e0ff0ac0
.ads.avads.net/	1970-01-20 07:26:45	Name: av-tp-gadx Value: 1
.sxp.smartclip.net/	1970-01-20 07:49:48	Name: dspuuid Value: 10.CAESEMgoRyc4taHmejGi3tH36Zc
.sxp.smartclip.net/	1970-01-20 07:49:48	Name: psyn Value: 19296.10
.bidswitch.net/	1970-01-20 15:52:12	Name: tuuid Value: 63c21d0a-eca1-4c96-bb90-a8367a8f97b0
.bidswitch.net/	1970-01-20 15:52:12	Name: c Value: 1667196182
.bidswitch.net/	1970-01-20 15:52:12	Name: tuuid_lu Value: 1667196182
.yandex.ru/	1970-01-20 16:42:36	Name: yuidss Value: 8232486861667196182
.yandex.ru/	1970-01-20 16:42:36	Name: yandexuid Value: 8232486861667196182
.adform.net/	1970-01-20 07:49:48	Name: C Value: 1
sync-dmp.aura-dsp.com/	1969-12-31 23:59:59	Name: chk Value: 1
.adfarm1.adition.com/	1970-01-20 09:16:12	Name: UserID1 Value: 7160553082001881233
.adsby.bidtheatre.com/	1970-01-20 07:16:40	Name: __kuid Value: c625d14a-422c-4c44-b53d-35c7dd024135.436410183
.quantserve.com/	1970-01-20 16:36:50	Name: mc Value: 635f6517-0eb31-1c2e0-d3340
sync-dmp.aura-dsp.com/	1970-01-20 16:42:36	Name: pid Value: NmNhNzY0Y2IyNDVhZjkyMg
.yahoo.com/	1970-01-20 15:52:33	Name: A3 Value: d=AQABBBdlX2MCENTxfUstXsxbEtxbmp-VM5EFEgEBAQG2YGNpYwAAAAAA_eMAAA&S=AQAAAmHK6MSo2GNpU33WNpYbpmY
.casalemedia.com/	1970-01-20 15:52:12	Name: CMID Value: Y19lF3VG.m49ic0ISzhHUgAA
.casalemedia.com/	1970-01-20 09:16:12	Name: CMPS Value: 5121
.casalemedia.com/	1970-01-20 09:16:12	Name: CMPRO Value: 5121
.analytics.yahoo.com/	1970-01-20 15:52:12	Name: IDSYNC Value: 18yx~280u
.casalemedia.com/	1970-01-20 09:16:12	Name: CMTS Value: 1168
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 07:08:02	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2655:u=1:x=1:i=1667196183:t=1667282583:v=2:sig=AQG8bvbA7jQyc0iIXumfcTBgB5fgtET4"
.everesttech.net/	1970-01-20 15:52:12	Name: everest_g_v2 Value: g_surferid~Y19lFwAAAC52JQA7
.linkedin.com/	1970-01-20 15:52:12	Name: bcookie Value: "v=2&be4795e5-346e-4e83-84d6-ec693377637a"
.linkedin.com/	1970-01-20 11:25:48	Name: li_gc Value: MTswOzE2NjcxOTYxODM7MjswMjHcdbEAxUvG4rxjZUwt1ziKxJD7atE1qMH/3PgZ7bl8fQ==
.adform.net/	1970-01-20 08:33:00	Name: uid Value: 2836264411958583388
.adform.net/	1970-01-20 07:16:40	Name: TPC Value: 1667196183169
.tribalfusion.com/	1970-01-20 09:16:12	Name: ANON_ID Value: alnseFtZdPufm7SpBnAouRm97MuVhZcCt5jc1TnBpb0s3JaZaNHeoGHWfMZbZdKKIAvZboxUlNifXlEIVu7UdVCbL6
.criteo.com/	1970-01-20 16:28:12	Name: uid Value: 8c434719-90a7-427b-98fe-402314dc726f
.figures.com/	1970-01-20 16:28:12	Name: cto_bundle Value: o-G5il9LYUtSYlNqcDVDaHBia2ptQmMwcjc5MVNJUk9xa0k5M2Q0SDUyNUE1eVV3NXZBYzlobDA1SExTbzBaZ1VDNFdNTUlicXhsaTlrNlJNMlVSdVh6JTJGbHI0MHJZbiUyRlZ0b0U0bkhUUk9lVDlzbHliQ0lPbnRtWE14VGMzMnpsbiUyQmYzZEMxQ3hHcDlWanJoNllhYUNXVEphQkElM0QlM0Q
.openx.net/	1970-01-20 07:28:12	Name: pd Value: v2\|1667196184\|mOgeginskin0vNomiygu
.quantserve.com/	1970-01-20 09:16:12	Name: d Value: EEQBDwG7J4EPisMA
.w55c.net/	1970-01-20 16:35:24	Name: wfivefivec Value: 7iiNTFc01OPnT25
.w55c.net/	1970-01-20 07:49:48	Name: matchopenx Value: 5
.nrich.ai/	1970-01-20 16:42:36	Name: _nauid Value: 7b83b139-4df5-49dc-8f79-23619d64bb8b

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://www.figures.com/(Line 24) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3600; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aax-dtb-cf.amazon-adsystem.com
acdn.adnxs.com
ad.sxp.smartclip.net
ad.yieldlab.net
ad54cb548a8e9137db43ab90d6561385.safeframe.googlesyndication.com
ads.avads.net
ads.pubmatic.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
an.yandex.ru
ap.lijit.com
api.viglink.com
bidder.criteo.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.confiant-integrations.net
cdn.jsdelivr.net
cdn.viglink.com
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
confiant-integrations.global.ssl.fastly.net
contextual.media.net
dclk-match.dotomi.com
dsp.adfarm1.adition.com
dsp.nrich.ai
e.deployads.com
eu-u.openx.net
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900014.redintelligence.net
hal90007.redintelligence.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
image2.pubmatic.com
image6.pubmatic.com
js-sec.indexww.com
js.gumgum.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
mug.criteo.com
p.cpx.to
pagead2.googlesyndication.com
pixel.mathtag.com
pm.w55c.net
prebid.media.net
px.ads.linkedin.com
quantcast.mgr.consensu.org
region1.google-analytics.com
rtb.openx.net
rtb2-useast.e-volution.ai
s.cpx.to
s.tribalfusion.com
s0.2mdn.net
s1.adform.net
sb.scorecardresearch.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssl.google-analytics.com
ssum-sec.casalemedia.com
static.criteo.net
stats.g.doubleclick.net
sync-dmp.aura-dsp.com
sync-tm.everesttech.net
sync.mathtag.com
sync.smartadserver.com
sync.teads.tv
tags-cdn.deployads.com
tags.mathtag.com
test.quantcast.mgr.consensu.org
tpc.googlesyndication.com
track.adform.net
ups.analytics.yahoo.com
us-u.openx.net
verticalscope-d.openx.net
www.figures.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
104.18.13.76
104.18.18.126
13.224.189.17
13.224.195.78
13.225.78.28
13.225.78.62
13.225.87.188
138.201.63.157
142.250.186.34
151.101.65.194
151.101.66.49
159.65.196.12
162.55.80.222
172.217.16.130
174.137.133.49
176.9.26.250
178.250.2.146
18.156.0.31
18.193.243.10
18.195.100.182
185.29.132.245
185.29.134.249
185.64.189.110
185.64.189.112
185.64.190.78
185.83.142.19
185.86.137.108
185.86.139.106
185.89.210.82
2.18.232.7
2.18.233.201
2.18.235.93
2001:4860:4802:32::36
209.191.163.209
23.35.236.188
23.35.236.201
2600:9000:21f3:1000:9:46dc:4700:93a1
2600:9000:21f3:f600:3:a4cd:8380:93a1
2606:4700:4400::ac40:9214
2606:4700::6810:5814
2606:4700::6810:a20d
2606:4700::6812:106b
2606:4700::6812:18ad
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:21::14
2a00:1450:4001:806::2002
2a00:1450:4001:806::2004
2a00:1450:4001:808::2001
2a00:1450:4001:808::200e
2a00:1450:4001:809::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2002
2a00:1450:4001:827::200a
2a00:1450:4001:829::2003
2a00:1450:4001:829::2006
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::2008
2a00:1450:400c:c00::9c
2a02:2638:1::1a
2a02:2638::1c
2a02:2638::3
2a02:26f0:3500:11::215:14dc
2a02:6b8::90
2a02:fa8:8806:20::2010
3.126.145.45
34.107.148.139
34.251.180.249
34.98.64.218
35.186.194.101
35.205.207.25
35.227.252.103
35.244.159.8
37.157.2.234
37.157.2.249
37.157.3.28
51.68.39.188
52.214.137.185
52.223.40.198
52.28.203.152
52.48.231.49
52.51.99.34
54.247.105.151
54.72.99.250
85.114.159.93
96.16.132.239
004205799efc5404914c7f364cf4e082a4581ca401eb3235d69143db1f0431a8
00c716a471626c81fcb752120493826e36f3f7cbe2e1c80bc1a4475aa9c4cfb0
01f731cafb52515958e80814f69ab42a51a36b6fe6a8fa632f60d0ae93c40128
04d5e77da0d2dd5490f7666ed718c2aeaa84845a2335907d9385bce3d229b7a6
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
075f0b96d3f5faf88ceadde797d80b24f65331ed73b6787306aad4823b6c16b8
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
08782f0ace6e59561e86e16894de2fcb76e9a23ddc74468a3502412840a97cda
0896d32ba0cb3839d3eaf83e6c1c36e6d290a6d34f27482459a5cb2b0becbba6
08a18f3e79d620f539db78e985b783a9456aad2c11f52f7d2351defaf9b1ba3a
09e2d3fd7a3151caf23e1b12e31286877f94361fec10f76f5f895fc24a877546
0a1269a4c77c91ea5e886c1635e65271d5a67d49e55197d27184608d8077eb83
0ac0d8dae396eed714b53c15ed0d4e8699fe0809b91da48fb1075a6403cc8b65
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1378928ad08ba71f5d370a300b56117a3d710bd793a3c8546c1b3726fd5bfec1
13d358cb1bfedfd784d1b178d8edb89a01d1226eac18db3ed1bb0d055319d4ec
16f8c930cda82b6e19b5049862a1c8d7f8d0fbd69ed5dc7c0d7959fc978bf242
191622240e7646a2e888eb318557bcca854828b59b5b2e960545ee08ae142382
19414451d9c9b4450e4101d2133827fbb8486a3d0c41823bacb0297c048c5a84
1a87985707fa8a2cd12b5d3879626eccd92c19372ed032b91a7c6f9ea00b6ea8
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
2123e18d0151f7ef0593180b8867bd6395db8b5ced73064d061148daff5ea112
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26984d8013ad2ad66660f5f0a36618d084230786b139b0b95b665ff879fdd717
27615767f67d2b790010e1f813150da21ed85f6f5f413132bd0bcb334a26ff18
2acf1f03f31894c74bc3c1c81b62f4fe2d8a38288af20517bd394ebfafbaca92
2b4f64ec721d11f5fb559e031c10e7932da25bca4e10f4e31db11cd434a5a65e
2bc342ab9f4dea0eb0b244afb0e55862e8f8eadf462e36b16c3bdf6b33c0f87d
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3993bc72bc9738e83a56bdbcef9762167e518500f5c06c6989426db754e26a42
3a5031e567b8e2746e312346fd42a28e53585747550a1c1545822ef3fb1246cb
3ad6569f439422f0263c3471356a5ded62df94a689f308c6ca906b907408a605
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
434c8aaf5794440423cc8e48701840ba8730352d948bdd5e5e7b46edfdc35e41
44f566057eea9104558f074d8e70807a4d4895f4c7828b88023590aa211bcf1c
4536a0f945b67cc3d929d77c49809075b3616ab1e3f7ffa2abd6a2e940e32b32
4558288dedfc4d135632f91cbea38052692b0a0e37c7d8cafe25fdc0c627a2fd
463c21036c3d869837928cfed75c7a0bade94abbcc28c0569de14d71aa5365c1
47dc229ec92bda6d11943e48b878c8763ab0cdca84322aaad86443b11f720bcd
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b152db769c391b7cf809ddf6bbdc258f5feb771428f14c540f392eced489a5e
4cecb2156abee5cb4d4e0f8c5a7a6dc9b25857cabadeaf4a40dd77abf3bca4d5
4dddf4a2d56a35f5f2b97f2686f8eb8eef3c6a5a6b6a09ebf37018509922671b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52fb53972f1c5355fc6ee8ee32ba26c933d094cb6879c41670cd7672ea089072
532a8e65348794f09d3decd5b7aae67a0acdea25b0ad787c604edc4d02f29709
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5685a77112ebb44c5c8b5b8b4eb224f0ca93d8f8d6e10b963812fc8c12c0ce82
56961e86855b028e655b96d6191bc6b82d728da43bd8f8fe406fa02fa53d13ce
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62fc2495153856ea4eb7b7580c0e9cff1462df970bcf3f7f5de111a8c575ab38
6416f3ee5c9d71c76623409ba4b1744bfaf41fd36e0033486ffa329b00dd19a3
6466ba3b9201c10be469a19a1450a7a528f813d143b556ed37429be3b2de7a85
65622e9d48714f0fffd17f51dc0bf5bf1ca784c7225a6ec451ffda1307e05b51
65dbdaf7d5a4e238728aba4a71dd2ec9a2fb1c59b9237ca6fa526613e354c3d5
6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda
6952d75a2aaa80c38068102af0b81541c127ce80a62b183f9a6d4197a4c2e31f
6996b5a436ba09bbc1bacd19b81f91ab23d7591f7f70717895725bc8a08a4d30
6a873ec2fcf8748b20c3794ca506fa4c4de97073e553e30c77d860faef12ca31
6b7855a9a0c9ac283b599084ea46572fc7c7fac556ea786dbaccb9feed604816
6e140393a5c564a0373f5af25fb31419454e956674534b4acee7822a5d1586b9
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
753e3643548651bb65a49786305dd91b2866753f0319672b84b30a960896777b
7bd84ce17a091eec59ea01acdad9f4b8469ca5bba911c1ecc0f77886111cb282
7d3446a4f01e4f115b65cea32b39a53121dd19e7ad18177cb1af32920e9136ed
7e6ab82affb33d7378b756075fccddcc76eb1a00c72df7efba500dc21c57c78c
820767e5a3715b65cf587e418f234ebf81bbc68380a50aea41e30e2229ced556
82cf5b28018ece80ebdeb6a1b74335b5a7e2ded5a5629e33bf25e62ea8336dac
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83dbc963827a680fc411653f0ae588db6163d160312f84ba069fa99d118cd756
8714be2a868cfbf4f205f3d01f6ee6e1da9ae2babd4f23cf31c7d87bfc6d09cf
892ecb8e84801900fbec1f9f340f9dd7d53a6444079d82dda76d41581c501891
8965307f85b49dc8bbf46d5287b421f18e766ac2c0d917a96c789a3966a0b843
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db5ec917d4163c87d6395b02053d17a82f3a56eed21fca557b0719cae0fd6b0
8ee3f8d79dcda36f6ebe6d538db3c448c062eb5036d492ebf40ce12838c25fa4
8efe4b47061f4df650d4e222cbd533693fb74754465e195a8a7121feebd05868
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
94b27b5de053d720d77b2d98fbdbf482103a503e147867b7f047003320ab6f8d
97c585069889cec597ddad16f61f2b06c08c4ce15414f00b700cd4c9e72dff4c
97d74979abfda5655da0d301d6818be3b453b9b72bae8e6384b4d3bc06e2850a
98e1b3475e2568cb240726ac6edcfab418ecedf64c96649b5a9c213943368915
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba1793f34f5aa029e08644bc099b06cdb4ca2e4267fcf783adb49e55ce5191c
9bff7f0e0b4271f2ed2c3a278f73ebe96da3704160a3bb07a3aee3808db07503
9eea97e8ca63a75841a86bc32d79aacc3bf47202ee9a3f51031f769407031db8
9f5fcfada7749772674a623f7576a0eb93ef31cc05d019965d9097e424d3a60c
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a19978f8a281644fbf22666c070675e9f6691c2d6f59a7224201aeea351c977e
a2229c24af2943e070824e62ee4797532359978c36e319affb023727ef261886
a41f61d432c09b9ebeec1ea50451efb21f2154db41139d484cbdd3c22ad0584f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a516850efa3ee956c74740838465b2d9ba0252e81a4056a3c646baaefad3d3b3
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
ac32377ae624ac720172de6cd59d7fad67c0c78fe658c7a7b2b43be14b9d74ab
ac48ce13d4ca752955e80920fab7dba14a02d27a5e947898c465678902fd7fc4
aeef6565a61fc9fd2776f895a240c0f5067157f991afe35425d23a962a04f8e9
af2ee81b605fb1101c66d6897f1fdb859946c030e84f264814cee01f7a1910c0
b0fef6375247b362fb4aab15091b0551d35da961ebecdf5c831504422f000088
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28242ad4dfb76a00f8b38e8d811b17da90d0f72b55d8998d7de9e8a3853a0c9
b3d7664a9bc1602bae1581a2bb4181109516fb2ae83e439e272954399a8adb12
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b54821712a7e2135cf3a0fe8ab6b41ff00ff393926a47f558e3fc1031f7086bd
b70376bcd266a20e83621e6f920073f3d51eb42fb75b533b46d716cf2b51be9a
b80590e5cd87bd79d9e87e6bb9f5271164bde13d6b5647b057d3cc81aca28e36
bcb6d1cfb83a4d0e68a3789297ef40f1c73eb4d4ca49448aca740876f2b191c6
bd06a26e66795ac08400c2e72e7aafce88a4e34c85782f2e6fa1ffc83f5a74af
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bf6ec42c97f86957a324a484a37dd528b568a9ff2570965be53e6ec4b0dfdae2
c2918fd887dbe6656f8173c24a24f56eb848facbd1ae3559de891a5bc8e54ac8
c374efba54279628793f04e10ebf5d0c1b4dbc36b3f4132d9235f01d64ca5c8e
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c6c8293e02709c803f07fba9cf6667a4daf03a758a403e99cd696a3fcf75209e
c7018945fc8ab361323f0984fa6f68a43948b73f01ab24e55eb0026af0c84d7f
c963206d6111cbad6b81879f93b309b4af9449d28f181be403246d64bcfc8018
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
cf70d14e543cc6d2c59a90614f84c34d4dcd6d0a66813cf5a046a249a3d1a2a3
d0d03f314508f3bb6ece452b2da1e5f95ac57aa6922f5353a8c3e6e39cadf4f1
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d26727e8b515313272235704b0b822ff34a7fc6b618d505d60bff7242c880804
d4c1d66077910338d2ea84b0d788e66a74a742345e3ae2b481773e4915c72c7d
d5203c4c90d60cd7a8613ad2ad7444e9891df2238677ffe563b84b8deb03d28b
d89714d3d6829a2268eb3f85b5e39f7e442bd40585946c84988018d8d7d6e0b0
d89cf7d2f9f6b01a67583497b14bd26f4715093a8da2f0d6cf45d59ebd189a9e
d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
e0e186e8f48abb67e5c58766bc63e84ca21399a971b719b4c8d368d863d8d619
e2801458918711b28a351d73175c1ed0f7b55083491c034eb6292708848b0e0c
e29dc85dd7032d9c612f694c6b9f0aa6180d9961a67f2be9d0ddd8b728418378
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad
e804fc1f825696a3e8c33c5118ae6c0310d5c22efb95c464d8c8b18f1167ae82
eb91d15f16171384a4b6332334fd62aa365a3b2c542482c9a1b554dc80943276
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ed51a40866cb1ba356568883a85dd33bbe245bda6cbee5e4ad06baaf63514007
ee14b9a6cb3f34835c285fee8f2bdbc6b0ded10a2760e587f424946cada05cf8
ee9d9fe6b806d4b482759b443c2b82a3c25191211900f87ac1f624b644cc051d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4c21723394151507d7bdaef882050856ad9d2821400729e38320900ad446d6
f2eee89d37a19d693fb6cd4809a5621f7c7ff2080fc41be51e4eaa30e760ab3b
f39a7fefc00fd9512f4b87aa3e161e520711267a8751559f7c26c79677de2f21
f4573597c1f32225f10441bf89fc82031fd4ecc8f22b6152f51609d6dd19e5f5
f49fc48880ee693eff69fab7ae58caaa10ea7e7d7d787940e773d5ecde7259f8
f6b9eebb05461840790fc804b4590323ef12a57fe5af7fcdeed2d798e572844b
f8e7ab1164c47baf26da1737769a43f6c173366ca01f321ea518df2b665eb06a
f9990061b9ed004ba93efda14a6bf74cfc891fb266cbffe1fd2fc5a269155e87
fded1d32a878df8bf2aa564379c606edc95089633e39a69f777cd0fcb6cd2bd0
ff6d900c437f03dff77033a65462cae784791ceb56620f3ffcc846eed71d29b0
ffe71e16386c8fd05591ca89b683793c201b9dbc702f65702c036948cc6d9b0a

www.figures.com Open in urlscan Pro 2606:4700:4400::ac40:9214 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

282 Requests

89 %HTTPS

38 %IPv6

56 Domains

94 Subdomains

75 IPs

11 Countries

2621 kBTransfer

7195 kBSize

68 Cookies

10 Outgoing links

Page URL History

Redirected requests

282 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.figures.com Open in urlscan Pro
2606:4700:4400::ac40:9214 Public Scan

Screenshot
Live screenshot

Full Image

282
Requests

89 %
HTTPS

38 %
IPv6

56
Domains

94
Subdomains

75
IPs

11
Countries

2621 kB
Transfer

7195 kB
Size

68
Cookies

282 HTTP transactions
7 data transactions