uxwing.com Open in urlscan Pro
162.159.136.54 Public Scan

URL: https://www.facebook.com/sharer.php?u=https://uxwing.com/enemy-ghost-icon/
Title: Facebook

URL: https://twitter.com/intent/tweet?url=https://uxwing.com/enemy-ghost-icon/&text=Enemy%20Ghost%20icon%20Free%20Download-%20Via%20@UXWing-&hashtags=apparition,%20evil,%20sorcerer,%20fear,%20emoji,%20creepy,%20emotion,%20enemy,%20ghost,%20games,%20ghost,%20pacman,%20spooky,%20halloween,%20ghoul,%20spirit,%20shocked,%20cartoon,%20scary,%20gaming,%20monster,%20horror,%20devil
Title: Twitter

URL: https://pinterest.com/pin/create/bookmarklet/?media=&title=Enemy%20Ghost%20icon&url=https://uxwing.com/enemy-ghost-icon/&description=Free%20Download%20Scalable%20Enemy%20Ghost%20icon%20available%20royalty%20free%20for%20commercial%20use%20in%20PNG%20transparent%20background%20and%20SVG%20graphics%20for%20website,%20android,%20iPhone
Title: Pinterest

URL: https://www.facebook.com/uxwing/
Title: Facebook

URL: https://twitter.com/UxWing
Title: Twitter

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 108

https://gum.criteo.com/sid/json?origin=publishertag&domain=uxwing.com&sn=ChromeSyncframe&so=0&topUrl=uxwing.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=BAcKZXxIZGtTWkFrVFB3VnVwUVB4UG1Ib1VFSzVNdkxIZkZsQ2JQYUtZVUJKbGtOS1NXSzBkUDdjenUwZlRZclN4SGk3TllsZHNLTWU5czNQbGNSaWpLaUZmWER4Z0U0elJCaDVabzdVUlN0YTNZeWo0cVg1dHFUQSsvaHM4d3ZiK0pPcktwZ2orOHpqMVBJSDU3eHBwR0xpN2czTmV2OFZlYzlYdTYyVjljTllUUFdXQjd3ZVlUMVV6MlJpbG9LMFhveUc0bHBjSzR4YWdxQTlaU2tOK1VySUp3UHYwOGdHdzI3R1dvZDNjQjVKV3JXTmZlQ2R6T2cxVE1UVjYyZm1DSU95OEQreU82TmNSeDNNYlRoYUtqczQ0dz09fA&cppv=2

Request Chain 164

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1&C=1

Request Chain 165

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7uYpOfAh30dcfEuwBhyiwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1

Request Chain 166

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAA7NJrx61RbPHJJaZNHCbk&google_cver=1

Request Chain 167

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMzNjcyMDU0NjI2NjAzOTM5

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1&C=1

Request Chain 169

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7uYpOfAh30dcfEuwBhyiwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1

Request Chain 170

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAA7NJrx61RbPHJJaZNHCbk&google_cver=1

Request Chain 171

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMzNjcyMDU0NjI2NjAzOTM5

Request Chain 172

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 178

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 179

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 183

https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D&documentReferer=https%3A%2F%2Fuxwing.com%2F&ancestorOrigins=https%3A%2F%2Fuxwing.com&random=1136064087148&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D&documentReferer=https%3A%2F%2Fuxwing.com%2F&ancestorOrigins=https%3A%2F%2Fuxwing.com&random=1136064087148&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 196

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=43963600015251604444554012199002&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43963600015251604444554012199002&actionid=981741&produktid=&dt_url=

Request Chain 198

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=43963600015251604444554012199002&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2021607512

Request Chain 200

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIurte_TufwCFU1DHgIdG8oPRg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707

Request Chain 202

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43963600015251604444554012199002 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43963600015251604444554012199002 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 236

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

Request Chain 239

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=233672054626603939

Request Chain 240

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=F9KPsRZHcBQrbrz6QsOSLsbq

Request Chain 242

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1673238694467 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6833280706

Request Chain 243

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5142336721249737748

Request Chain 245

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=7cea61c4-452f-4b39-b559-fecbd2079122&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 246

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-lKTaT1xE2uGpSFObtVSPJJ2droq2BfD2yjaBNXw-~A

Request Chain 247

https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID HTTP 302
https://ce.lijit.com/merge?pid=279534&3pid=ua-7b1b0159-7fe9-3566-a99c-38ddaf31d00c&gdpr=&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNID%5D%26r%3DCid1YS03YjFiMDE1OS03ZmU5LTM1NjYtYTk5Yy0zOGRkYWYzMWQwMGMQ____________ASpTaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzQ2JnVpZD11YS03YjFiMDE1OS03ZmU5LTM1NjYtYTk5Yy0zOGRkYWYzMWQwMGMyAgwaOAE=

Request Chain 248

https://ups.analytics.yahoo.com/ups/58632/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58632/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=339&uid=y-m6sn8I9E2uHvQFLHPUmRjsqroyMag2wt5ZkbsUg-~A

Request Chain 250

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=JlX2SS7xRhqLDEZ5ACZgMg&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=JlX2SS7xRhqLDEZ5ACZgMg

Request Chain 251

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENPQjQ0MjctMTktNlYzMw==

Request Chain 252

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESECuQgpwYzSTOu3i8be4vo2A&google_cver=1

Request Chain 253

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCOB4427-19-6V33

Request Chain 254

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=TUS65Hl1Tcubor5Bp86xyw&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=TUS65Hl1Tcubor5Bp86xyw

Request Chain 255

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTAyN2YyZGIyMWM5Y2UxNmI1NmI0YWFiN2M0MzZiOGE0NGQ5ZGFjYQ

Request Chain 256

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/x5pN5Oh5j3765WHnVTE_7Mn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-pV67KKBE2oKkKCw.dp12L3JlEW0Q.Ng9F25CFw--~A

Request Chain 258

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB&dcc=t

Request Chain 259

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENGiFDjqG9npXoBbO6oZeIY&google_cver=1

Request Chain 262

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1673325094

Request Chain 263

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=Y7uYpgAKWU0RkwAp

Request Chain 265

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=2655eb6f-6e83-f635-c2a313a7

Request Chain 269

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://usersync.gumgum.com/usersync?b=apn&i=233672054626603939

Request Chain 270

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=gumgum2&bsw_custom_parameter=7f447571-fd5e-4957-821f-136aa92ca3a5&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/sync?dsp_id=283&user_id=fcce8206-6f02-4a3d-900c-333397a3f8a1&expires=1&user_group=5&ssp=gumgum2&bsw_param=7f447571-fd5e-4957-821f-136aa92ca3a5 HTTP 302
https://usersync.gumgum.com/usersync?b=bsw&i=7f447571-fd5e-4957-821f-136aa92ca3a5

Request Chain 271

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sta&i=0-9ba7e1ab-e4ba-405c-6b22-cb98b7c4abee$ip$217.114.218.26

Request Chain 272

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=rNrRlU0Wc-ZDAJGQy-Ti&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT24SOOJJGYVJQK5RS2WSEIFFEOULZFVKGSJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT24SOOJJGYVJQK5RS2WSEIFFEOULZFVKGSJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=rNrRlU0Wc-ZDAJGQy-Ti&us_privacy=1---

Request Chain 273

https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7556077409

Request Chain 274

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://usersync.gumgum.com/usersync?b=pln&i=AFRHZDFTBRDg&ev=1&pid=558355

Request Chain 275

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28zEYMDCmJ3XgH2jVzbHHHOTcN5yDcHtGsvLNN2CWJ6C_q_2x4LxFzgGO33SiA9V_x%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28zEYMDCmJ3XgH2jVzbHHHOTcN5yDcHtGsvLNN2CWJ6C_q_2x4LxFzgGO33SiA9V_x%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&obuid=ENC(zEYMDCmJ3XgH2jVzbHHHOTcN5yDcHtGsvLNN2CWJ6C_q_2x4LxFzgGO33SiA9V_x) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA

Request Chain 276

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=opx&i=a019c965-ebbf-4de6-8911-07ec06b0e8b4

Request Chain 278

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=vnt&i=4ffb18b4-e9f3-4528-9f1c-64a0baa3a821

Request Chain 281

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://usersync.gumgum.com/usersync?b=idi&i=d44936f8-efc2-423e-b0c7-b3ab9d0e31c7

Request Chain 282

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sad&i=590437383745507228

Request Chain 284

https://sync.inmobi.com/oRTB?gdpr_consent=&gdpr=0&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dinm%26i%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=0&callback=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dinm%26i%3D%7BID5UID%7D

Request Chain 287

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://usersync.gumgum.com/usersync?b=mmh&i=586a63bb-98a7-4f00-93bc-acca023df0a5&gdpr=0&gdpr_consent=

Request Chain 288

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=Y7uYpgAJyssibgAe HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=Y7uYpgAJyssibgAe&gdpr=0&gdpr_consent=&_test=Y7uYpgAJyssibgAe

Request Chain 290

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID&b64_redirect=aHR0cHM6Ly91c2Vyc3luYy5ndW1ndW0uY29tL3VzZXJzeW5jP2I9ZW14Jmk9JEVNWFVJRA== HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=233672054626603939&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID&b64_redirect=aHR0cHM6Ly91c2Vyc3luYy5ndW1ndW0uY29tL3VzZXJzeW5jP2I9ZW14Jmk9JEVNWFVJRA== HTTP 302
https://usersync.gumgum.com/usersync?b=emx&i=233672054626603939brt53601673238694984046b2

Request Chain 291

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://usersync.gumgum.com/usersync?b=sus&i=Y7uYp8Co8X4AAD66K7UAAAAA

Request Chain 292

https://cs.admanmedia.com/sync/gumgum?puid=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa=1--- HTTP 302
https://usersync.gumgum.com/usersync?b=aad&i=b8df4e8a-3e0a-4e48-ba00-89e2d734f918

Request Chain 293

https://ssum-sec.casalemedia.com/usermatchredir?s=189872&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=iex&i=Y7uYpOfAh30dcfEuwBhyiwAA%265132

Request Chain 294

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://usersync.gumgum.com/usersync?b=rth&i=B4lkDRGkv08DAqI0XiTd&pi=gumgum&tc=1

Request Chain 295

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 299

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NTkwNDM3MzgzNzQ1NTA3MjI4&gdpr=0&gdpr_consent=

Request Chain 301

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=2108469629519813651&gdpr=0&gdpr_consent=

Request Chain 302

https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=ReCRQFZNVGjx&ev=1&pid=560288&gdpr_consent=&gdpr=0

Request Chain 306

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7uYpgAJyssibgAe&gdpr=0&gdpr_consent=

Request Chain 310

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8Br9eZtbRpKmwiPTUWbl-Q%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 312

https://pixel.onaudience.com/?partner=214&mapped=F01AFD79-9B5B-4692-A6C2-23D35166E5F9&gdpr=0&gdpr_consent= HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=341f3732875f6c2f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=5baaee8e-372a-4f6f-54a5-45b1f574dffc&reqId=de2d983d-b6a5-4afd-794c-7177e13607b7&zcluid=341f3732875f6c2f&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEDXx4cj1xEHlyq_WU66Ur7A&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=5baaee8e-372a-4f6f-54a5-45b1f574dffc&reqId=de2d983d-b6a5-4afd-794c-7177e13607b7&zcluid=341f3732875f6c2f&zdid=1332

Request Chain 313

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjAxQUZENzktOUI1Qi00NjkyLUE2QzItMjNEMzUxNjZFNUY5&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 314

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEOe81BMvrg0n8giNrMacXM8&google_cver=1

Request Chain 316

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2460668329877520288&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 319

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F01AFD79-9B5B-4692-A6C2-23D35166E5F9&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-msODjCVE2uWHi0nzOpnaIjT7Su3ZnwU-~A&gdpr=0

319 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
uxwing.com/enemy-ghost-icon/ 190 KB
66 KB 843ms
737ms Document
text/html 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06d9724c7db114f4bef11526f7cb1ac92c3fe803f355d07f66963f5319bff8a0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=172800
cf-cache-status: DYNAMIC
cf-ray: 786a71895d879bc8-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 09 Jan 2023 04:31:28 GMT
expires: Wed, 11 Jan 2023 04:31:28 GMT
link: <https://uxwing.com/wp-json/>; rel="https://api.w.org/", <https://uxwing.com/wp-json/wp/v2/posts/5610>; rel="alternate"; type="application/json", <https://uxwing.com/?p=5610>; rel=shortlink
server: cloudflare
vary: Accept-Encoding

GET
H2 200 logo.svg
uxwing.com/wp-content/themes/uxwing/images/ 3 KB
2 KB 35ms
33ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/images/logo.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fcd8a6b0c9d2e589a87655fd42cd16179be4b6b9d2b2375b39edfe61f89bb08f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 06:54:15 GMT
server: cloudflare
age: 4563423
etag: W/"5edf3217-c23"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718dfa229bc8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.css
uxwing.com/wp-content/themes/uxwing/ 70 KB
13 KB 36ms
35ms Stylesheet
text/css 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://uxwing.com/wp-content/themes/uxwing/style.css?v=12.3
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a4f8811555b581e61935d6887f5226994fcb3de6c815c9a1ee453d1d2d7dca6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:28 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 08 Dec 2022 14:03:36 GMT
server: cloudflare
age: 2729821
cf-polished: origSize=93936
etag: W/"6391eeb8-16ef0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718dfa239bc8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 classic-themes.min.css
uxwing.com/wp-includes/css/ 217 B
288 B 33ms
32ms Stylesheet
text/css 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://uxwing.com/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 02 Nov 2022 06:16:41 GMT
server: cloudflare
age: 4563423
etag: W/"63620b49-d9"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718dfa249bc8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
77 KB 172ms
67ms Script
application/javascript 2a00:1450:400d:80d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5NV6WH1BWX

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bfe591b34e30679295552e15a184292558262eb0ecdf3f6498c1060139e4c263

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78682
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 09 Jan 2023 04:31:29 GMT

GET
H2 200 monetization.js Show response
m.servedby-buysellads.com/ 66 KB
15 KB 97ms
23ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://m.servedby-buysellads.com/monetization.js
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 0114ab589ce42ed402ce67254aa06f725f6b53e4a04d2f79b4b01fc92501dcf1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
x-sp-metadata: HS256.CLHN7p0GEokBCiRhNTdhMDk5OC0xMjRmLTRmMzAtODkxYi0yNDdkYTVhZTVmNzMQsLDY+PPB+wIaBgihse6dBiIOMjE3LjExNC4yMTguMjYovsADMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaKwgBEiQzZTE0NmZkNC0yN2MwLTQzZjgtYmE5MC1hNjk3MDUzYjNkY2EYs3MiGAgCEhRjZHMyNTQuZnI4Lmh3Y2RuLm5ldA==.1A5cHnjXp8Up/o9OpyjKVsY62bv+cDtZkEqCd+7NruY=
last-modified: Fri, 03 Jun 2022 18:18:52 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1654280297/ctime:1654280295/gid:1000/gname:nathan/md5:4896c8077f50520418d4d1ab293b6545/mode:33204/mtime:1654280295/uid:1000/uname:nathan
x-amz-request-id: XF70REMZ419ZQSPP
etag: "4896c8077f50520418d4d1ab293b6545"
x-hw: 1673238689.cds288.fr8.hn,1673238689.cds254.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2068
accept-ranges: bytes
content-length: 14771
x-amz-id-2: NoStfDFRMqEdbIJqni1F4gF8pTVQI0dJ9g2Y9p1x3i2dHfGOhf2WpKhlBN2ELucSNABD/e3o1FQ=

GET
H3 200 patreon_btn.png
uxwing.com/wp-content/themes/uxwing/images/ 4 KB
4 KB 32ms
31ms Image
image/webp 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/images/patreon_btn.png
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 454a3933868fb446fa05759a71d2d589e76a05ad9a538492ac376a12635bd213

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
cf-cache-status: HIT
age: 4563492
cf-polished: origFmt=png, origSize=6846
content-disposition: inline; filename="patreon_btn.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4132
cf-bgj: imgq:100,h2pri
last-modified: Wed, 02 Oct 2019 09:36:14 GMT
server: cloudflare
etag: "1abe-593ea33307f80"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 786a718e984ebbc2-FRA
expires: Fri, 17 Nov 2023 08:51:32 GMT

GET
H3 200 confused-color-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
961 B 32ms
31ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/confused-color-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfc4924cba94f8bc2d06bb02b26b2dabfd9212fbad23c1eaa3a95763755fe4c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 24 Sep 2020 20:14:44 GMT
server: cloudflare
age: 60969
etag: W/"5f6cfe34-620"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea850bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 confused-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
1 KB 39ms
35ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/confused-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 303f753a7c633955ddb764bde4c5bfe8c28b324402ac49acc614d3b93ff66f8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 26 Jul 2020 13:37:18 GMT
server: cloudflare
age: 60969
etag: W/"5f1d870e-64b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea855bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 emoji-smiley-black-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 845 B
641 B 201ms
197ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/emoji-smiley-black-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d45dcc5286bd4086f57dc44ac33089b4496444ccc1be4358dd6f4e9aef630d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Oct 2022 16:36:09 GMT
server: cloudflare
etag: W/"633db279-34d"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea859bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 angry-face-emoji-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 1 KB
779 B 37ms
33ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/angry-face-emoji-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0886012466206701d90ba2259eac165a9718d05917ca74da23815d86dd923c24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 26 Jul 2020 13:36:26 GMT
server: cloudflare
age: 60969
etag: W/"5f1d86da-4f2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea85bbbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 happy-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 811 B
625 B 201ms
197ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/happy-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10afca1708bb9057a49f8fb30a5b190237196d25514b53a8e69d416f5c100177

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 20:07:34 GMT
server: cloudflare
etag: W/"61240006-32b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea85cbbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 confused-line-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
1 KB 35ms
32ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/confused-line-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15911e9394e2faf9859d9ea2507667a673b643025c0dd886de98f1ab73ae03ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 26 Jul 2020 13:37:18 GMT
server: cloudflare
age: 60969
etag: W/"5f1d870e-83c"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea85ebbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 emoji-confused-black-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
1 KB 37ms
34ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/emoji-confused-black-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4de1f27d310eeee07ee01e630dd946aaca411bb2e6c93925a0b4a5d081d03ad5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Oct 2022 16:45:58 GMT
server: cloudflare
age: 60969
etag: W/"633db4c6-6b9"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea85fbbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 alien-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
1019 B 36ms
32ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/alien-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46b8ced4f88660b57a549473be7be841a7f1fdc9d765597b6aed4d625abf5bc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jul 2020 16:00:24 GMT
server: cloudflare
age: 60969
etag: W/"5f204b98-610"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea861bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 smiley-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 919 B
697 B 38ms
34ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/smiley-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f8dc25e67b12a94a02639ec2dcf3a6679d178c973007f7a95fba1e8a8a04980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 09 Sep 2021 20:19:54 GMT
server: cloudflare
age: 67664
etag: W/"613a6c6a-397"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea862bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 crying-black-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
969 B 49ms
45ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/crying-black-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe529c3ba3ef2e0f7cd02be11fca3af292b98de28761d2610c34d31ce71c7298

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 26 Jul 2020 13:37:34 GMT
server: cloudflare
age: 60969
etag: W/"5f1d871e-6d2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea863bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 emoji-strange-black-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
988 B 187ms
183ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/emoji-strange-black-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1190ec9edb80f8ff96a393dbebc41765ec9eb01246f40667271c66db4f2e15b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Oct 2022 16:46:50 GMT
server: cloudflare
etag: W/"633db4fa-612"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea864bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 angry-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
1 KB 49ms
46ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/angry-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecb6b3ce50114c856f5f03bfbe3366eb52603292cf53c074be29eaa30e2cd993

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Sep 2020 19:48:40 GMT
server: cloudflare
age: 60969
etag: W/"5f6ba698-8fe"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea865bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 strange-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 1 KB
807 B 191ms
188ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/strange-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23907d308f872908fcadcead56a6e69acd69d678b65adf99c629cc080188a58e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Oct 2021 19:49:16 GMT
server: cloudflare
etag: W/"61785bbc-4df"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea866bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 crying-line-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
1 KB 206ms
202ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/crying-line-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f748c449af4e31dd1bd9a07d66d353eaa57f7b2d13250d8c56d3539c2ec3799f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 26 Jul 2020 13:37:36 GMT
server: cloudflare
etag: W/"5f1d8720-8ad"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea867bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 emoji-surprised-black-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 2 KB
1019 B 49ms
46ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/emoji-surprised-black-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90f8d838a26a3f24250dca476f6ca559e076d65dd8de46f7a871c81f54bdf981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Oct 2022 16:47:28 GMT
server: cloudflare
age: 60969
etag: W/"633db520-71b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea868bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 bright-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 1 KB
874 B 203ms
200ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/bright-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bd50b13788b36aa97b0683d2199e22db37dbc953c4de0ac74c605b46811c23c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Sep 2020 19:50:24 GMT
server: cloudflare
etag: W/"5f6ba700-514"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea869bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 strange-emoji-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 1 KB
797 B 37ms
34ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/strange-emoji-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: beb34600294378ff3f67918946d8b59d5616e7819957c983aff7903cf1d90558

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 Nov 2021 20:46:04 GMT
server: cloudflare
age: 60969
etag: W/"6180520c-4ed"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea86abbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 laughing-black-icon.svg
uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/ 1 KB
801 B 185ms
182ms Image
image/svg+xml 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uxwing.com/wp-content/themes/uxwing/download/emoji-emoticon/laughing-black-icon.svg
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0be6108e8ab7b5346d00437c4d28472e0c308e47f38e2673da93cf4d9130960b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 26 Jul 2020 13:39:12 GMT
server: cloudflare
etag: W/"5f1d8780-57a"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718ea86cbbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 auto-complete.js Show response
uxwing.com/wp-content/themes/uxwing/ 7 KB
3 KB 31ms
31ms Script
application/javascript 162.159.136.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://uxwing.com/wp-content/themes/uxwing/auto-complete.js
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.136.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8444d13390126b1a7bf42a25ac9245cb7872a841f25345438be3c59808ab866f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/enemy-ghost-icon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 15 Nov 2022 12:24:18 GMT
server: cloudflare
age: 178080
cf-polished: origSize=12203
etag: W/"637384f2-2fab"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=32400000
cf-ray: 786a718e3fccbbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 uxwing.js Show response
cdn4.buysellads.net/pub/ 700 KB
190 KB 86ms
23ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: f4b03b3cf896087d9d09152efac8e518ac111f5d8f73603dbbc729d293054636

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
x-sp-metadata: HS256.CLHN7p0GEokBCiRmYTdhMWM0Ny04YzM3LTQ2ZDctYmVkMi05NjdhMDhjZTljMmYQiOWfifXE+wIaBgihse6dBiIOMjE3LjExNC4yMTguMjYozsADMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaLAgBEiQyMDQ4NzkxMS03NmUxLTQ1ODItOGRmYy0yYTk2MmY4N2YyNDgY4twrIhgIAhIUY2RzMjgxLmZyOC5od2Nkbi5uZXQ=.TTJBpu8ob1AMSNzAYBkOiodLRkC9A1dfWy9LVEkyy10=
last-modified: Mon, 09 Jan 2023 04:12:09 GMT
server: AmazonS3
x-amz-request-id: JQVXEY446SMA1GWH
etag: "1391bd110defaf4c97dbd7592c51b709"
x-hw: 1673238689.cds231.fr8.hn,1673238689.cds281.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-id-2: orporJ1jIt2x2I/F8NAWtQrW3lSw3Yrc5t0U2SC5WHnrzRJE6HKbHMMJhKgW1D7QoRdG/hJkzb0=

GET
H2 200 CEAILK7W.json Show response
srv.buysellads.com/ads/ 625 B
584 B 101ms
26ms XHR
application/json 68.183.0.10
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CEAILK7W.json?segment=placement:uxwingcom
Requested by: Host: m.servedby-buysellads.com
URL: https://m.servedby-buysellads.com/monetization.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 68.183.0.10 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-eu-nl-12.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: 7625ead3cd011aef5c8c64e05485f8a9e1afb0ee3cf72de735bbe6bd5faf736e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
server: //srv.buysellads.com
content-length: 471
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
561 B 141ms
140ms Image
image/gif 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=1&rn=8.870439857293052
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
x-sp-metadata: HS256.CLHN7p0GEokBCiRmYmQ1ZGJmMy1jOTk4LTQzMzItYmU2NC1lOTA1MTM4NzY1MGUQiOWfifXE+wIaBgihse6dBiIOMjE3LjExNC4yMTguMjYozsADMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaKBIkYWE3MWQxM2YtZmY5OS00NjVlLWFkYmItMzRhOGI5OWU1YWVkGCsiGggCEhRjZHMwNTUuZnI4Lmh3Y2RuLm5ldBgJ.R6tFJAzFkVAX1M399RydIxH9hFBG9OhUioPyp7oebtw=
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: AmazonS3
x-amz-request-id: 8T860VKPB9VA7NNP
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-hw: 1673238689.cds231.fr8.hn,1673238689.cds055.fr8.sc,1673238689.cds055.fr8.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 43
x-amz-id-2: lnnJNbQbUUuHf8Z8PBl/bSMsgj4tcf+7ePV+hADa0iRKE/qkq33BjcGJz+vtvwsKbOhtZdJfbhA=

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
520 B 146ms
146ms Image
image/gif 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=2&rn=8.870439857293052
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
x-sp-metadata: HS256.CLHN7p0GEokBCiQ3MWQyZWYxNy03N2YzLTRiNWUtYTkzOS03MjE0NTNhNmRjYmUQiOWfifXE+wIaBgihse6dBiIOMjE3LjExNC4yMTguMjYozsADMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaKBIkNDMzNmVkOTktM2MwMC00Mzg4LWFlMTctYWRiOThhNmFkYjQ4GCsiGggCEhRjZHMxNjYuZnI4Lmh3Y2RuLm5ldBgJ.f8VFRffrhp0qnmtYVsrZGIhvCbfjdG17xr0Y5ZInBz8=
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: AmazonS3
x-amz-request-id: 8T86KYAQEAMT6Z7G
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-hw: 1673238689.cds231.fr8.hn,1673238689.cds166.fr8.sc,1673238689.cds166.fr8.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 43
x-amz-id-2: 4Jhc0wcPkoulDVUW4Vp+wvCaKd34nOexDgiHhiVqvr65Bm2+0nsxOJ3APU1hI1FbiWLYQB6cV+4=

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 81 KB
28 KB 169ms
69ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09a0c453f0a8437e518414059fea2127dc8e5d233f9a112c34dd68ad2e1881e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27578
x-xss-protection: 0
server: sffe
etag: "1446 / 991 of 1000 / last-modified: 1673046307"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 09 Jan 2023 04:31:29 GMT

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
523 B 143ms
142ms Image
image/gif 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=1&rn=3.5320488725318056
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
x-sp-metadata: HS256.CLHN7p0GEokBCiRhNjYyMjgyYS1lYWUyLTQ0ODEtYjNjNC1lOGM5YWQyODRjMmUQiOWfifXE+wIaBgihse6dBiIOMjE3LjExNC4yMTguMjYozsADMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaKBIkY2I5ZmExOTYtZmJjOS00YmNkLTg1YmYtMTQ5NzQ5M2VkOWEzGCsiGggCEhRjZHMzMzYuZnI4Lmh3Y2RuLm5ldBgJ.3+Rjqmt5kIANbjxOsPNMZLeSVCqMn0MXQLzSjJZb6K8=
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: AmazonS3
x-amz-request-id: 8T84KRWX16E8S19K
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-hw: 1673238689.cds231.fr8.hn,1673238689.cds336.fr8.sc,1673238689.cds336.fr8.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 43
x-amz-id-2: BYIPe9iG59crvCdDzY3XWGKVDaLmRzfHDOAV/y+TEYa/yEMdta90jQCnYLHMJJGBWorF93eEj7E=

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
520 B 147ms
146ms Image
image/gif 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=2&rn=3.5320488725318056
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
x-sp-metadata: HS256.CLHN7p0GEokBCiRhOGM2ZThjMC1jMTU4LTQyOGYtYTNkYS0wNTkxMDRmZGFkYTIQiOWfifXE+wIaBgihse6dBiIOMjE3LjExNC4yMTguMjYozsADMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaKBIkMzQ0NWJkZTUtZWYwMS00MGEwLTkwYzUtNDM1MWRiMTk3M2MxGCsiGggCEhRjZHMxMzUuZnI4Lmh3Y2RuLm5ldBgJ.y7J5ZrpVhNd0CZi8RLmSl1wX4je9I9l9Z0lzyZBYdbc=
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: AmazonS3
x-amz-request-id: 8T829ESWR74MS489
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-hw: 1673238689.cds231.fr8.hn,1673238689.cds135.fr8.sc,1673238689.cds135.fr8.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 43
x-amz-id-2: N7NIORG772Aunfg9I++fkQvLx7OFvaj9boXJUSnbsfnA13yFgcxseq4giKbybM2nHN9s0Jy3S1g=

POST
H2 204 collect
region1.google-analytics.com/g/ 0
344 B 91ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5NV6WH1BWX&gtm=2oe120&_p=946428557&cid=159092804.1673238689&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1673238689&sct=1&seg=0&dl=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&dt=Enemy%20Ghost%20icon%20PNG%20and%20SVG%20Vector%20Free%20Download&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5NV6WH1BWX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uxwing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2022120801.js Show response
securepubads.g.doubleclick.net/gpt/ 382 KB
129 KB 62ms
33ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcc5f41d1dc04a19dccb2061dc9572cb46c1c19dd89cb5d910752020fa87e791

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 17:22:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299352
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132306
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 09:38:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 05 Jan 2024 17:22:17 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 67 B
694 B 172ms
55ms XHR
application/json 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=uxwing.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e65a1c71d4bdabbbf02533fb063083aeec1c52d57203b1f2b636bd555c1f8e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59
x-xss-protection: 0
expires: Mon, 09 Jan 2023 04:31:29 GMT

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 629ms
174ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 631ms
176ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 629ms
175ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 629ms
175ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 629ms
175ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 630ms
176ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 629ms
175ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 630ms
176ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 802ms
349ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 801ms
348ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 802ms
349ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 800ms
348ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 801ms
349ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 799ms
347ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 799ms
347ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 799ms
348ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 799ms
347ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 801ms
349ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 798ms
347ms Preflight 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://uxwing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://uxwing.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 09 Jan 2023 04:31:30 GMT
server: ATS/9.1.10.25

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 178 KB
45 KB 113ms
27ms Script
application/javascript 13.32.28.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-28-197.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1a718e27fd0df6d791b9038ae5640afdd677afa35b5e080ce20118a9e11553c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:25:58 GMT
content-encoding: gzip
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront), 1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
last-modified: Thu, 22 Dec 2022 18:13:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-C2
age: 332
x-amz-server-side-encryption: AES256
etag: W/"01691be6486b0003601b7299d35deebf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: QM9gxZ0-xI-5C0QgUu-Uf72OfryIHA8KqOhvMNQNcuQVW7zjRLkp-w==

GET
H2 200 CWYDTKQ7.json Show response
srv.buysellads.com/ads/ 931 B
585 B 27ms
27ms Fetch
application/json 68.183.0.10
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CWYDTKQ7.json?forcebanner=485053&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 68.183.0.10 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-eu-nl-12.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: 6aa2f9366f2ebf843a92c3bf0259bd525a9d452112d50a19d522f6ea588258f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
server: //srv.buysellads.com
content-length: 555
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 483 B
1021 B 83ms
26ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:29 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 1339217
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HRFCYeTd%2BTi4zz09aeo8T9ie2AxM66fLbXYt8cxdtAJ%2ByecSexER1xu8d0wOiaYYbM4FJNgfwj1hJ3plPxjbpTTXO7V5ZQI3QWZeWuyIPhc7dGV6cJaV%2Bqt9Q%2BIwjcooJscApfaiKq0em1fl"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 786a71936905912a-FRA

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
308 B 120ms
54ms XHR
application/json 2a02:2638::24
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.10.0&cb=51991760856&lsavail=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::24 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 361 B
684 B 184ms
35ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=457556&zone_id=2682018&size_id=2&alt_size_ids=1%2C55%2C57&rp_schain=1.0,1!buysellads.com,16707,1,,,&rf=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&tg_i.pbadslot=%2F22849737488%2FUxwing_S2S_BottomLeaderboard_ROS%23bsa-zone_1670241562644-6_123456&tk_flint=pbjs_lite_v7.10.0&x_source.tid=b7b46b8b-9375-4a09-b6a3-dacf3bf3471d&l_pb_bid_id=8eb1045e9e1507&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22849737488%2FUxwing_S2S_BottomLeaderboard_ROS%23bsa-zone_1670241562644-6_123456&slots=1&rand=0.04152050685627651
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c511b636f62ecbc2a78448ed84b58cbb0855ac82489c61d7fa4c4f1dcd0c7901

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:29 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://uxwing.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 361
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 361 B
684 B 183ms
35ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=457556&zone_id=2682018&size_id=2&alt_size_ids=1%2C55%2C57&rp_schain=1.0,1!buysellads.com,16707,1,,,&rf=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&tg_i.pbadslot=%2F22849737488%2FUxwing_S2S_InpageLeaderboard_ROS%23bsa-zone_1670241643191-8_123456&tk_flint=pbjs_lite_v7.10.0&x_source.tid=f19b0c78-5a09-4185-9311-921cccc45e35&l_pb_bid_id=9539d39c55db6f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22849737488%2FUxwing_S2S_InpageLeaderboard_ROS%23bsa-zone_1670241643191-8_123456&slots=1&rand=0.698003678132161
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 653a1a6d639b366eeef2aa1e48d51d0b334dc8ee01a2b668711ad25ab8c7ad4a

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:29 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://uxwing.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 361
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 328 B
651 B 184ms
36ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=457556&zone_id=2682018&size_id=15&alt_size_ids=16&rp_schain=1.0,1!buysellads.com,16707,1,,,&rf=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&tg_i.pbadslot=%2F22849737488%2FUxwing_S2S_Sidebar2_ROS%23bsa-zone_1670242302390-7_123456&tk_flint=pbjs_lite_v7.10.0&x_source.tid=0a70eb7f-c458-4824-aff1-7536a07e5fdb&l_pb_bid_id=1060982bb02a179&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22849737488%2FUxwing_S2S_Sidebar2_ROS%23bsa-zone_1670242302390-7_123456&slots=1&rand=0.25541531734769163
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 00ae3b4f045601a7a378a1990d897cad4ce71787662eb48eca6ae5afb620d0dd

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:29 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://uxwing.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 328 B
875 B 182ms
34ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=457556&zone_id=2682018&size_id=15&alt_size_ids=16&rp_schain=1.0,1!buysellads.com,16707,1,,,&rf=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&tg_i.pbadslot=%2F22849737488%2FUxwing_S2S_Sidebar3_ROS%23bsa-zone_1670242373699-1_123456&tk_flint=pbjs_lite_v7.10.0&x_source.tid=ce7ecbbd-b028-4794-b373-8cbcb29dd7af&l_pb_bid_id=11dcc3a5df8d5c6&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22849737488%2FUxwing_S2S_Sidebar3_ROS%23bsa-zone_1670242373699-1_123456&slots=1&rand=0.6690053160149088
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 034f3828fa479173b9597bf706d4d3277033722490e255fe6a09d622bd16755b

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:29 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://uxwing.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 337 B
661 B 184ms
37ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=457556&zone_id=2682018&size_id=15&rp_schain=1.0,1!buysellads.com,16707,1,,,&rf=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&tg_i.pbadslot=%2F22849737488%2FUxwing_S2S_MobileOnly300x250_ROS%23bsa-zone_1670401277756-8_123456&tk_flint=pbjs_lite_v7.10.0&x_source.tid=12ef20eb-850c-4830-9a3b-c3dc6fd14c4c&l_pb_bid_id=128bb39c6fd0983&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22849737488%2FUxwing_S2S_MobileOnly300x250_ROS%23bsa-zone_1670401277756-8_123456&slots=1&rand=0.5957616573026212
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 5ca5c45f305e0ac0d5f061f2b410df4ae1fcf02473c8a5e494a7c1ab9f17400a

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:29 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://uxwing.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 337
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1 KB 173ms
121ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU18831I
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: f7c50c7ab8a908d1f5c6866a112fcda13f699de81dd6f5e1ad4eef950f9a8af6

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://uxwing.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 09 Jan 2023 04:31:29 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 560 B
617 B 740ms
361ms XHR
application/json 44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=3441
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 2aae930595a3a145aeb6b6e219dbebf6e3000e8fd32ec155d3edd5f783f6deda

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Jan 2023 04:31:30 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://uxwing.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST bidRequest
c2shb.pubgw.yahoo.com/ 0
0

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 717ms
360ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 3d06097c366c94575f4012652508e4e9ef006b0cd656f7a4677d7ba65a9af3a7

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST bidRequest
c2shb.pubgw.yahoo.com/ 0
0

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 723ms
365ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 04b8c508ed143fbaf7791d71253e68d9ad16f3305b65d6a2c7d07f8f43311a70

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST bidRequest
c2shb.pubgw.yahoo.com/ 0
0

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
98 B 716ms
359ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 9ece43d1d6d3d7b1574c876277e2d71cfee9d7ea2d94b857989ff9b38ce5eea8

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST bidRequest
c2shb.pubgw.yahoo.com/ 0
0

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 545ms
360ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e7ea611f1fe247a2dbe0e1aff12a9dafcd68c6479cb51db13c45ae94c6a0fd38

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST bidRequest
c2shb.pubgw.yahoo.com/ 0
0

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 544ms
360ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 1ff700d9cb4de7e97ca9c0d9e72b1777481d0233312662d3869cc2472abb1373

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 612ms
426ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e277be2ab47c5d763ab0c643c00ca8ee426e41eb5ed1c9340cfe12fb0551cafc

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST bidRequest
c2shb.pubgw.yahoo.com/ 0
0

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
294 B 542ms
357ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: af8f1ebc446683f307df97b5831aa5e5575188feed0f7403cfd309dc27814804

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 616ms
431ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: fc0cf8b4b4c70e9bbda9ba879a2eaaf4b3223801a37f49cf60369017bd5574d1

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST bidRequest
c2shb.pubgw.yahoo.com/ 0
0

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 595ms
409ms XHR
application/json 54.219.241.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.219.241.183 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-241-183.us-west-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 7fc510b613f7e46c7ad7de0a9c0882eb84992e7892a2832883848b5bacc7693a

Request headers

Referer: https://uxwing.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
server: ATS/9.1.10.25
age: 1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
content-length: 66

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
113 B 145ms
36ms XHR
text/plain 185.64.190.77
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.77 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://uxwing.com
date: Mon, 09 Jan 2023 04:31:29 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
358 B 97ms
23ms XHR
application/json 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://uxwing.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 63 KB
17 KB 292ms
222ms XHR
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

server-18-66-23-210.vie50.r.cloudfront.net

Software

nginx/1.21.3 /

Resource Hash

dbef19eaf15f7e2ac23dc14e189aa9eaa3cc18e8c1a8d07ed42fe3fa52829cf5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 09 Jan 2023 04:31:30 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.26; 217.114.218.26; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: efb907dd-e608-4b90-8c34-f941e8c59e06
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://uxwing.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
buysellads-d.openx.net/w/1.0/ 72 B
374 B 111ms
34ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://buysellads-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b7b46b8b-9375-4a09-b6a3-dacf3bf3471d%2Cb7b46b8b-9375-4a09-b6a3-dacf3bf3471d%2Cb7b46b8b-9375-4a09-b6a3-dacf3bf3471d%2Cf19b0c78-5a09-4185-9311-921cccc45e35%2Cf19b0c78-5a09-4185-9311-921cccc45e35%2Cf19b0c78-5a09-4185-9311-921cccc45e35%2C0a70eb7f-c458-4824-aff1-7536a07e5fdb%2Cce7ecbbd-b028-4794-b373-8cbcb29dd7af%2C12ef20eb-850c-4830-9a3b-c3dc6fd14c4c&nocache=1673238689788&schain=1.0%2C1!buysellads.com%2C16707%2C1%2C998a12f6-50a9-4c4f-8e26-9e6a6a3c223d%2C%2C&aus=970x250%7C970x90%7C728x90%7C970x250%7C970x90%7C728x90%7C300x250%7C300x250%7C300x250&divids=bsa-zone_1670241562644-6_123456%2Cbsa-zone_1670241562644-6_123456%2Cbsa-zone_1670241562644-6_123456%2Cbsa-zone_1670241643191-8_123456%2Cbsa-zone_1670241643191-8_123456%2Cbsa-zone_1670241643191-8_123456%2Cbsa-zone_1670242302390-7_123456%2Cbsa-zone_1670242373699-1_123456%2Cbsa-zone_1670401277756-8_123456&aucs=%252F22849737488%252FUxwing_S2S_BottomLeaderboard_ROS%2523bsa-zone_1670241562644-6_123456%2C%252F22849737488%252FUxwing_S2S_BottomLeaderboard_ROS%2523bsa-zone_1670241562644-6_123456%2C%252F22849737488%252FUxwing_S2S_BottomLeaderboard_ROS%2523bsa-zone_1670241562644-6_123456%2C%252F22849737488%252FUxwing_S2S_InpageLeaderboard_ROS%2523bsa-zone_1670241643191-8_123456%2C%252F22849737488%252FUxwing_S2S_InpageLeaderboard_ROS%2523bsa-zone_1670241643191-8_123456%2C%252F22849737488%252FUxwing_S2S_InpageLeaderboard_ROS%2523bsa-zone_1670241643191-8_123456%2C%252F22849737488%252FUxwing_S2S_Sidebar2_ROS%2523bsa-zone_1670242302390-7_123456%2C%252F22849737488%252FUxwing_S2S_Sidebar3_ROS%2523bsa-zone_1670242373699-1_123456%2C%252F22849737488%252FUxwing_S2S_MobileOnly300x250_ROS%2523bsa-zone_1670401277756-8_123456&auid=541001004%2C541023048%2C541001000%2C541001004%2C541023048%2C541001000%2C541001001%2C541001001%2C541001001
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: ffba62835fbf06d863182d484249649b1a7e3a6233dec5e22836da7a395ab27e

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://uxwing.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 114 B
679 B 101ms
42ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd9c458af8ffc21e0afd546668fb9dc73b5a01c16353814457b2a9a55280544d

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

x-version: 3.0.0-gcp-ams
date: Mon, 09 Jan 2023 04:31:29 GMT
x-err: Shapings: no adunits with size and seat and mapping
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-warn: Process Floors. 1 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1670241562644-6_123456, Process Floors. 1 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1670241643191-8_123456, Process Seats Booster. unable to get the seat booster engine for organization: 1116
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://uxwing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 786a71939f109299-FRA
expires: 0

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 2 KB
841 B 153ms
83ms XHR
application/json 185.255.84.151
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&CanonicalUrl=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.151 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

b134beaa823c61819b30ba94d9bcbee0bf2597d44e29471160560048f874f423

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://uxwing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-upstream-service-time: 53
content-length: 489
pragma: no-cache
server: ayl-lb-fra02
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://uxwing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 74 KB
23 KB 75ms
31ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:29 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 331634
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 15:43:17 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BPswSskF%2BHIxq9U%2BJLxiOelgEX1aiYxelF%2BPr%2FbDrKx3epavv%2FzAUQ4%2BL99VjRKExL%2FEWt6fIcg3g7gYblioUwaCZt5rv5b553TKAMPh84MH83MyI08%2B9lnvLhTjda4u02Hq0Fmv5TaKsNh7"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 786a7193ddb62c4d-FRA

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 221 B
569 B 122ms
122ms XHR
application/json 13.32.28.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fuxwing.com&pubid=747b8b51-ec47-4dee-9823-b2b73124b71f
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-28-197.fra56.r.cloudfront.net
Software: Server /
Resource Hash: bd0216486d9f39a1c868f074d3f8789c85df347aa49b1c1c7a263c9aaf9478d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:29 GMT
via: 1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://uxwing.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 221
x-amz-cf-id: sut38kxQL0X6UxYSmCCmy5Qs4hA-mWIaLw9GBMW55TNhVV4K6DU2zw==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
461 B 190ms
84ms XHR
text/javascript 18.66.23.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&pid=SRK8HU4QqBJzu&cb=0&ws=1600x1200&v=22.1213.2134&t=1500&slots=%5B%7B%22sd%22%3A%22bsa-zone_1670241562644-6_123456%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22468x60%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F22849737488%2FUxwing_S2S_BottomLeaderboard_ROS%22%7D%2C%7B%22sd%22%3A%22bsa-zone_1670241643191-8_123456%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22468x60%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F22849737488%2FUxwing_S2S_InpageLeaderboard_ROS%22%7D%2C%7B%22sd%22%3A%22bsa-zone_1670242302390-7_123456%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22849737488%2FUxwing_S2S_Sidebar2_ROS%22%7D%2C%7B%22sd%22%3A%22bsa-zone_1670242373699-1_123456%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22849737488%2FUxwing_S2S_Sidebar3_ROS%22%7D%2C%7B%22sd%22%3A%22bsa-zone_1670401277756-8_123456%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22849737488%2FUxwing_S2S_MobileOnly300x250_ROS%22%7D%5D&schain=1.0%2C1!buysellads.com%2C16707%2C1%2C998a12f6-50a9-4c4f-8e26-9e6a6a3c223d%2C%2C&pubid=747b8b51-ec47-4dee-9823-b2b73124b71f&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.23.210 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:30 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 581d2b2095e9ae9fc9bd8c38d2258832.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: VIE50-P1
x-amz-rid: V2W0WTGXSB7YQ1PTARFA
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://uxwing.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: q6Ex4LhAnhxdZgYXH5V6UHV1_SQUu7Rrw51ubXGnERk8LwtE7WDbnw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 65ms
22ms XHR
application/javascript 13.32.28.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-28-197.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: 1R3b4YI9dI20q9Y7Gq1DHxVUnq3Fp2gn
content-encoding: gzip
via: 1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
date: Mon, 09 Jan 2023 04:09:58 GMT
x-amz-cf-pop: FRA56-C2
age: 11987
x-cache: Hit from cloudfront
last-modified: Fri, 23 Dec 2022 01:05:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: kUqdCy6Wo5u-ymr_EWjVMYxgUzXJHgqQC3GS1wNbKgaZZ3ggJu-8_w==

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 536 KB
149 KB 249ms
27ms Script
application/x-javascript 23.35.237.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 14e707178a0b672b479215bb15ed37912fd2a3cbe020d9f4f71269fb89c245d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:30 GMT
Content-Encoding: gzip
x-amz-request-id: 024KYDC99A6114MY
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: 7tE+2CMLDD5BNDBqi1qfF94IVqOEVgapt9i7xklf+fhUWOnQyKQ4BAQZIhCTAtoLRKRXvzg49nM=
Last-Modified: Fri, 16 Dec 2022 21:32:35 GMT
Server: AmazonS3
ETag: "4f9f244a6d1c98dafe98c9b8b18b1fbb"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 t Show response
jadserve.postrelease.com/ 115 B
539 B 359ms
115ms Script
text/javascript 54.227.74.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&ntv_mvi
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.227.74.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-74-209.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 3055597f43adef2648996efac659bd63f616b0d1937f6e774ae3ac8fe35fb195

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:30 GMT
content-encoding: gzip
server: nginx/1.12.1
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 122
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 158ms
56ms Script
application/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=uxwing.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 161ms
57ms Script
application/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=uxwing.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 186 KB
29 KB 759ms
688ms XHR
text/plain 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=423010109064381&correlator=4158719055907768&eid=31071150&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fifs&iu_parts=22849737488%2CUxwing_S2S_BottomLeaderboard_ROS%2CUxwing_S2S_InpageLeaderboard_ROS%2CUxwing_S2S_Sidebar2_ROS%2CUxwing_S2S_Sidebar3_ROS%2CUxwing_S2S_MobileOnly300x250_ROS&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=320x50%7C728x90%7C970x90%7C468x60%7C970x250%2C320x50%7C728x90%7C970x90%7C468x60%7C970x250%2C300x250%7C336x280%2C300x250%7C336x280%2C300x250&fluid=height%2Cheight%2C0%2C0%2C0&ifi=1&adks=3431647428%2C752533589%2C1299327341%2C1719403663%2C3943743305&sfv=1-0-40&prev_scp=optimize_ad_unit_id%3Dbsa-zone_1670241562644-6_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%7Coptimize_ad_unit_id%3Dbsa-zone_1670241643191-8_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_size%3D970x250%26hb_pb%3D0.00%26hb_creative%3D353078406%26hb_adid%3D10735f037b3d2cb3%26hb_bidder%3Dappnexus%26_bd%3Dbid%26_pl%3D0.00%26hb_size_appnexus%3D970x250%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D10735f037b3d2cb3%26hb_bidder_appnexus%3Dappnexus%7Coptimize_ad_unit_id%3Dbsa-zone_1670242302390-7_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_size%3D300x250%26hb_pb%3D0.00%26hb_creative%3D353078366%26hb_adid%3D108c4f52825a5d15%26hb_bidder%3Dappnexus%26_bd%3Dbid%26_pl%3D0.00%26hb_size_appnexus%3D300x250%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D108c4f52825a5d15%26hb_bidder_appnexus%3Dappnexus%7Coptimize_ad_unit_id%3Dbsa-zone_1670242373699-1_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_size%3D300x250%26hb_pb%3D0.00%26hb_creative%3D77221793%26hb_adid%3D109c6b6866f67c29%26hb_bidder%3Dappnexus%26_bd%3Dbid%26_pl%3D0.00%26hb_size_appnexus%3D300x250%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D109c6b6866f67c29%26hb_bidder_appnexus%3Dappnexus%7Coptimize_ad_unit_id%3Dbsa-zone_1670401277756-8_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_size%3D300x250%26hb_pb%3D0.00%26hb_creative%3D353078366%26hb_adid%3D1106cc9e0dd149f%26hb_bidder%3Dappnexus%26_bd%3Dbid%26_pl%3D0.00%26hb_size_appnexus%3D300x250%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D1106cc9e0dd149f%26hb_bidder_appnexus%3Dappnexus&eri=1&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Ddesign%26optimize_env%3Dprod%26optimize_pub%3Duxwing%26optimize_xp%3Da&sc=1&cookie_enabled=1&abxe=1&dt=1673238691287&lmt=1673238691&dlt=1673238688941&idt=627&adxs=242%2C436%2C1203%2C1203%2C-12245933&adys=664%2C2900%2C2270%2C96%2C-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C1%7C2%7C0%7C-1&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fuxwing.com%2Fenemy-ghost-icon%2F&frm=20&vis=1&psz=1104x70%7C1494x110%7C386x280%7C386x280%7C300x250&msz=1094x60%7C1494x60%7C366x250%7C366x250%7C0x0&fws=0%2C0%2C0%2C0%2C128&ohw=0%2C0%2C0%2C0%2C0&ga_vid=159092804.1673238689&ga_sid=1673238691&ga_hid=946428557&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b51b0bf42b902a0e798674e34f170763c0dbd78c3d9e5c8fcff4800e6ae87301

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29424
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://uxwing.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 82ms
34ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b49b6e1e8b83adcc00edd56db9db891b7dfa19f989455861fc8cbf7efcb01d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11189
x-xss-protection: 0

GET
H2 200 container.html Show response
931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6F46 6 KB
3 KB 232ms
65ms Document
text/html 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:31 GMT
expires: Tue, 09 Jan 2024 04:31:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.123.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 142ms
66ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.123.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 03 May 2022 11:21:03 GMT
server: nginx
etag: W/"6271101f-15b58"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Jan 2023 04:31:31 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 81ms
29ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 09 Jan 2023 04:31:31 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame FEA0 15 KB
6 KB 327ms
35ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=uxwing.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.123.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:31 GMT
server: Kestrel
server-processing-duration-in-ticks: 764495
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 92ms
31ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.123.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Jan 2023 04:31:31 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 58A9 13 KB
5 KB 301ms
20ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 23667
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 21:57:04 GMT
expires: Mon, 08 Jan 2024 21:57:04 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B666 783 B
1 KB 337ms
55ms Document
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

01867dfd6f400cd13d8658c7c73a15aee3f149c3fc8f49774137928f7d0fa2a9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fVKKCFAH20y5NFhJhvp6NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-fVKKCFAH20y5NFhJhvp6NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:31 GMT
expires: Mon, 09 Jan 2023 04:31:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 58A9 36 KB
16 KB 65ms
21ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 05:56:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81284
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 05:56:47 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame FEA0
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=uxwing.com&sn=ChromeSyncframe&so=0&topUrl=uxwing.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=BAcKZXxIZGtTWkFrVFB3VnVwUVB4UG1Ib1VFSzVNdkxIZkZsQ2JQYUtZVUJKbGtOS1NXSzBkUDdjenUwZlRZclN4SGk3TllsZHNLTWU5czNQbGNSaWpLaUZmWER4Z0U0elJCaDVabzdVUlN0YTNZeWo0cVg1dHFUQSsvaH...

420 B
669 B

193ms
34ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=BAcKZXxIZGtTWkFrVFB3VnVwUVB4UG1Ib1VFSzVNdkxIZkZsQ2JQYUtZVUJKbGtOS1NXSzBkUDdjenUwZlRZclN4SGk3TllsZHNLTWU5czNQbGNSaWpLaUZmWER4Z0U0elJCaDVabzdVUlN0YTNZeWo0cVg1dHFUQSsvaHM4d3ZiK0pPcktwZ2orOHpqMVBJSDU3eHBwR0xpN2czTmV2OFZlYzlYdTYyVjljTllUUFdXQjd3ZVlUMVV6MlJpbG9LMFhveUc0bHBjSzR4YWdxQTlaU2tOK1VySUp3UHYwOGdHdzI3R1dvZDNjQjVKV3JXTmZlQ2R6T2cxVE1UVjYyZm1DSU95OEQreU82TmNSeDNNYlRoYUtqczQ0dz09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6a5b78ff8cd5637a132b849dabd869d4333b739983c510dbb94bcc5e7dddf4f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:31 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3633194
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:30 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=BAcKZXxIZGtTWkFrVFB3VnVwUVB4UG1Ib1VFSzVNdkxIZkZsQ2JQYUtZVUJKbGtOS1NXSzBkUDdjenUwZlRZclN4SGk3TllsZHNLTWU5czNQbGNSaWpLaUZmWER4Z0U0elJCaDVabzdVUlN0YTNZeWo0cVg1dHFUQSsvaHM4d3ZiK0pPcktwZ2orOHpqMVBJSDU3eHBwR0xpN2czTmV2OFZlYzlYdTYyVjljTllUUFdXQjd3ZVlUMVV6MlJpbG9LMFhveUc0bHBjSzR4YWdxQTlaU2tOK1VySUp3UHYwOGdHdzI3R1dvZDNjQjVKV3JXTmZlQ2R6T2cxVE1UVjYyZm1DSU95OEQreU82TmNSeDNNYlRoYUtqczQ0dz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 653446
content-length: 0
expires: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B666 0
0 62ms
56ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120801&jk=423010109064381&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 58A9 0
10 B 20ms
20ms Image
text/plain 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1fl13w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:31 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 115E 6 KB
3 KB 108ms
37ms Document
text/html 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:31 GMT
expires: Tue, 09 Jan 2024 04:31:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 8223 221 KB
61 KB 151ms
33ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 8223 14 KB
5 KB 257ms
139ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 8223 94 KB
28 KB 258ms
140ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 15:36:51 GMT
age: 392081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 15:36:51 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 8223 5 KB
2 KB 263ms
146ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 8223 40 KB
13 KB 265ms
148ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
DATA 200
OK truncated
/ Frame 8223 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0ec15814f441ae9cf21bd6a4e35fed48742f2ed9108743915c88fd096d85652

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 7C4D 221 KB
60 KB 179ms
70ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7C4D 14 KB
5 KB 150ms
76ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7C4D 94 KB
28 KB 154ms
80ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 15:36:51 GMT
age: 392081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 15:36:51 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7C4D 5 KB
2 KB 149ms
75ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7C4D 40 KB
13 KB 133ms
59ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
DATA 200
OK truncated
/ Frame 7C4D 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 301ae13d3b4ce12cbacf5f8ce96ce3cfe6d5bc8cb89ba67df6d41e46a54fb0b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 5223 221 KB
60 KB 222ms
120ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 5223 14 KB
5 KB 144ms
70ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 5223 94 KB
28 KB 110ms
36ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 15:36:51 GMT
age: 392081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 15:36:51 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 5223 5 KB
2 KB 109ms
35ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 5223 40 KB
13 KB 124ms
50ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Jan 2023 21:36:05 GMT
age: 370527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jan 2024 21:36:05 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5223 8 KB
1 KB 148ms
56ms Stylesheet
text/css 2a00:1450:400d:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 03:05:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Jan 2023 04:31:32 GMT

GET
H3 200 container.html Show response
931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A1D8 6 KB
3 KB 59ms
35ms Document
text/html 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:31 GMT
expires: Tue, 09 Jan 2024 04:31:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 16959772880163903285
tpc.googlesyndication.com/simgad/ Frame 8223 95 KB
95 KB 21ms
20ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16959772880163903285?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkNYGixV6nmcK7k67QYcEfmNo8nhQ

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

278f075e14885bc9b3b34305a56beb14e865eebea9c5a77e79309eac76e0a48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 16:07:30 GMT
x-content-type-options: nosniff
age: 131042
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97663
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 14:46:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 07 Jan 2024 16:07:30 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8223 2 KB
2 KB 30ms
28ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 09:39:53 GMT
x-content-type-options: nosniff
server: cafe
age: 67899
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 09 Jan 2023 09:39:53 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8223 295 B
319 B 30ms
28ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 20:35:32 GMT
x-content-type-options: nosniff
server: cafe
age: 28560
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 09 Jan 2023 20:35:32 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8223 0
0 84ms
82ms Image
text/html 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CKGxjo5i7Y-yMGpmi9u8PhrCt4AeDqIb2bZjw7cGdEfrgreqTDhABIKzu8JcBYJXa_YGUB6ABnK_7qALIAQLgAgCoAwHIAwiqBJwCT9DBGjxdRJbtQa_JMWQ82QgV4sbe6VXF3o3S2DDNWLWudG3JxdP7tK567DX2b9Hi8dkNOaIYBuKBBwXsRB_avNKebrCBmPkGXZFaPfxyGZDvIYzEI2SgBqax8XWOwWRm5yhte5utDbqL7pTX2OCpO9IlLiu8r3PyGDDaY4RMxGhbAcQRlx-UbmPitH6b6prONpfW-rIqsoxdDfb0Thjq8oHIKBidqmrErdougcsh1zPGrT0as6xQ1yXAIagIci9BSGU8Nc630Dxmo-W99wXLdzTr7YiL2dfJb0G3MUr5RLiq1J50dPbaumcNqfUhUkfU4huv98vI0SoVoVxxe4Z-nI2R7XFburLwRhsqI78VwMfJr3QLeptGgITX6dHABOiNnq2xBOAEAZIFBAgEGAGSBQQIBRgEoAYCgAfM0ITXAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEIv7A9IIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMN0BUBmBYBgBcBshcfCh0IABIUcHViLTk3OTc0NTkyMTI5MzEzNjgY7I-NAQ&sigh=Pr21r99zXAs&uach_m=[UACH]&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 15597994596663640079
tpc.googlesyndication.com/simgad/ Frame 7C4D 56 KB
56 KB 33ms
31ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15597994596663640079?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmpNihwHrYirKx9-M0wu8TrQFnzKQ

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e20c3e54e7b13876258546aa2b05156d890651256d8525420a5e015516d8703c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 13:21:00 GMT
x-content-type-options: nosniff
age: 141032
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56890
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 09:20:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 07 Jan 2024 13:21:00 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7C4D 2 KB
2 KB 30ms
28ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 09:39:53 GMT
x-content-type-options: nosniff
server: cafe
age: 67899
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 09 Jan 2023 09:39:53 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7C4D 295 B
319 B 31ms
29ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 20:35:32 GMT
x-content-type-options: nosniff
server: cafe
age: 28560
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 09 Jan 2023 20:35:32 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7C4D 0
0 81ms
79ms Image
text/html 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CCivvo5i7Y-2MGpmi9u8PhrCt4AeDqIb2bcHZ-LjqEKXvr9SRDhABIKzu8JcBYJXa_YGUB6ABnK_7qALIAQLgAgCoAwHIAwiqBJ0CT9A4vXkXs40HneuTA-NfJRwWy7UExXQWnkSAiLnANuyagW-bGqiH0OEcX40BusDhd4M46D005GQreW2IhTEXWI3b8RwdC-DTp5Mg-P-ohsW7lKl93kMyWWtjJ5GaMnY4HFl5q5sDnfaSsTxCSy_BH9TPMRw5oz3u_jRYXwjKhS28CKBIKxpKtheOmiJ8-WaFEZEFa_Qf4R11Wa01h_qmBEgoNagO0JKo34D565t8cY4KvP5B8-UncDvxVY92VLSDGhGU9HLlTY6zeJOuY1O70_aDVmk_10-HuPe8ICdE5hpIBcyVoGC3Y4gCJ23lTSvOrBluaaxEtcnZ9jerV4zn_NujpdqIuV4ZlWeLTixDTVDnPOESyR3m3Fefy4yKwATojZ6tsQTgBAGSBQQIBBgBkgUECAUYBKAGAoAHzNCE1wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBClygPSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTDdAVAZgWAYAXAbIXHwodCAASFHB1Yi05Nzk3NDU5MjEyOTMxMzY4GOyPjQE&sigh=_ftsHiAi1Jw&uach_m=[UACH]&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5223 2 KB
2 KB 31ms
30ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 09:39:53 GMT
x-content-type-options: nosniff
server: cafe
age: 67899
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 09 Jan 2023 09:39:53 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5223 295 B
319 B 31ms
30ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 20:35:32 GMT
x-content-type-options: nosniff
server: cafe
age: 28560
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 09 Jan 2023 20:35:32 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5223 0
0 79ms
78ms Image
text/html 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CV8WTo5i7Y-6MGpmi9u8PhrCt4AeOq9GlbuCki7OTEde-wt3zIxABIKzu8JcBYJXa_YGUB6ABi5SQgQPIAQbgAgCoAwGqBJsCT9AQJwaEwGGzYXVm111jsQ1FI2-x87p5zxcWKBlUZ4oo0sAEx8TL2K2tO1fi-P6pX4ZOjMs90kDNHwV-y3o4LTLX2VcFyDbNhkUWUlsX-yJHUEBWMgEdPEuyk82ItFVpCSaX8f5fM0zHv8P8-DI1hB6UYT2Dwjrw81J8kbRX9fEReA_OCHGHT6ygipszgTpd1qK8n9SWXPNZgYsw-ACmgWh_nmZeUjrNmRea-7rTCYCPyXe0Sm4DDCbYmK6lE9s2D9I8pXc4I1JUBE1MCNxDJNBOQmx3ZKdyLyUt-ERjijJ4ZVy2DdXpbQd3VQvKNFZwat7ECfSudrJWluPzbbbfCdiHdOB5DL1FtiV-XCORmYEWvZTt-OxWPpuIYMAE6ay-6Y8E4AQBkgUECAQYAZIFBAgFGASAB93r736oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDqh0TSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTDNAVAZgWAYAXAbIXHwodCAASFHB1Yi05Nzk3NDU5MjEyOTMxMzY4GOyPjQE&sigh=CXbxcHMDo8s&uach_m=[UACH]&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT&template_id=492
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 5223 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e90d8551c9501268f3908a8485ab3d69333718b9ef97efc266d318b046550020

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2D8A 624 B
670 B 96ms
32ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUC_FRXyIivcZ6roOjjq_vDld_dJtPGZeitLt8fwj8S6fGLwrX75iKHwIOVvt4ge0FxM1V3lMGe5kNOzL-9lkM06DFoxExpw67BHgAwZDuxPX7vzyaFDKC_9v-1BkmBfE5UuDSkSmQ8Kky-NZWM9yYW3_DLmzd_NHZ5fp9LLnmBbo4b9Vo

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A1D8 76 KB
27 KB 52ms
49ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 09 Jan 2023 04:31:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1D8 42 B
63 B 62ms
59ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C7HEUc73Mw2R6CQuucMo6StiW8yMcYwW4Hs1BuaLt4uoSzYmCDDlSLhQTj0Q0XHKSuNv0Ql_I3Fc9tGrhe0vclCMDD5QHBmgGzM2TU7U4AXud85XQ

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1D8 0
20 B 60ms
57ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11315967812400089612&x=1&ct=77

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame A1D8 3 KB
1 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus_fy2021.js

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 19:33:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 19:33:47 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame A1D8 18 KB
7 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

727e6a1f4a634d6298af8636fd331912b036b6f7783c771d2e06baeb82e2341e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 02:16:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
server: cafe
etag: 8658061406568722807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 23 Jan 2023 02:16:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A1D8 156 KB
48 KB 101ms
98ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 09 Jan 2023 04:31:32 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A39D 624 B
285 B 94ms
33ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYw9PDmAEwAQ&v=APEucNVd_8VEekRVOKVU_gxWOirx83j_Q0W8fPSRYvj9H5tm8FYuWMCoNI4-Vh3GRwzMlM0-F9JpRQWsADbmbA0aUGxN1UXIfZo6oJaUw-_hqrhtiBPf1hIrCMvTtNDD0kVdnf4BK1FLpyz1HrK6leaYkmVxXR3TiYvK6M3oE2P9b67W5pOeiEM

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 115E 76 KB
27 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 09 Jan 2023 04:31:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 115E 42 B
63 B 58ms
57ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DCH0eeE8515A55WSM9_gv49m-EqffQeXaELxZLxYragTjIfZuXQgPNJkDqMM4YhRHFrOsvCtxOHZZdedaHlpCng1zRsZD4oJJZZ1o3qqFIGuw02Cc

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 115E 0
20 B 58ms
57ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13611774040817640216&x=1&ct=76

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 115E 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus_fy2021.js

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 19:33:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 19:33:47 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 115E 18 KB
7 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

727e6a1f4a634d6298af8636fd331912b036b6f7783c771d2e06baeb82e2341e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 02:16:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
server: cafe
etag: 8658061406568722807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 23 Jan 2023 02:16:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 115E 156 KB
48 KB 200ms
200ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 09 Jan 2023 04:31:32 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1D8 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2612637328997&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1D8 0
20 B 59ms
58ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2612637328997&version=m202209210101&ct=77&x=1&cor=11315967812400090000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A1D8 15 KB
11 KB 54ms
50ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DekJ4HcXULMzwZQtrwQSMoEJJwyrEptUQuuT7lmX6lihiUbXHPF0bgw5W0XxuRtFEFKXoT2T7n2WFgIXFyB780bMcHrZV_a1GbOjK-WPKR2fkHjS-3T8dj7NXQpyz6BkWcwOt-f7fu3bmkgrLBRaGnmCr7p_VZZmhE45iQ5dRHfe4SJN8&cry=1&dbm_d=AKAmf-ABIJAatpLuBOfOJSN45R6TrFNsunp2XNCMhUjRPdKN3VxwBH2cB_IlmOsfXlN1FGkAv82d2P98ZhFT3ZG0sD9CWkrxvpQQ40jeqZHlVekrJxEo6OUTTQzW6EXK2yRBG43-_U2DWHWyNz6UyVEMgK-hsgfsPXC2ZF-zkGd7l3HZfCtP_foxejVy1oVRHea4fKqyv0DeutOLCpt7FwtZRblJ77PLbE8iQNtn6nwm5YKCGywmUkWp8aSxSGWDa_E01OnYw_wBDmg3IyD7p4liAqhKMN-zc6100qeM1xy0YU4SJLOIhEnMABDsLNq5kteXIeBudEjH3lVx1_V4hpzhvO6dea6upcQ54BionC0D6QeudaQyKbxXRiNzvv1lCEpwUAR_T6evIHA9QG8Lb94aon52XNXb6KSv3t5iDCuaXQvVsUimvHPmcRrWdDhVQ40MosS6ZAUbwTevNSPodUXz_svqeji_MAhzR5JIx1Cz4OhtE0A7ppEi1I8GoHMQp2vylIilmOoJ27bvlGNd3cnLvQYELJ_90-Txe2k_UovTPoiV9XQoHoZ2z0_kSEoXjdfWJ41u_ptEuuvrBfPRuIaNwNZuARyn8aWrLlGrNOv4k4S6Mv9A7YP11IhBnuJc82vxC1Z0qD9mtQMqP4m67zSxYCMIKzZjmWZIgv4x9G6MgleUNTzYiM1bnXvFGWrxcWWOX1V3kHFpHaPIC8tugJBQwBI8BivjFiZZIZcmefOEpyPI4Alc6j6TKAdkdlc98Z22WQhBFgvSM3BOSTJlNAUeNgHHqThjE9qGBTB9BIaLZXoj1fsaoI4-PFAvuj_n4m3kXVzVnGZV-zlo53j27OxstDe9JCiv1KNs9dpBtMdK8s-X-cmJ34lHSnEkVbknjcxMmeZkVlEy5i7DtClRMHvNtdJaws7hZ815jMS-ubz0c-gtGkS9KEIan-HoK5SqeJUvuGS4rdG9rvfVW0SoW9mhozbNAryvUv-geCet7-7LaI8AQ9-83E7xA1wPLdPOF4Mpv4bINhwVO2UyguxHAppMtYJ83dlAE2L32XKRZJw2XNgIfDSk333i_qs0dTV3q4_ImbpG-2yCFDAgb0p1lSI5pbiVK6T8SRnfDJ4vbSotbLpAPOP-uFz4EOR7BrWs-cMEfGKUpcX1Sr56uTws9WxysaRVlU-4uHAN3DPTjp18nag1UABrNL-OCzJYc1KDlngPpGh3SZNao3ur3AOzoPJbnhQnzHd90MOURPEexCdrNauEnIu7FY260Uj1oZPyTs3lrzjEwkXhSPCdxI3J-_t9RDSNlONN-ta76UlF81icKMNPOiFpdEkesg6K1AUelbRz0cAk3wL2wJxokt2ZDCrPtMinbAXMy_zRAJ13FGY_JdDJ0XkN24gDQpcCr_fc4vk9YN4El2zbtrXFIwJtdofXNXKuzaddxn-0ICptfU7K17_vXvStvZcU0Fcyv2bGqxTPJ5pIBQaubvaWKcOPUwKis4pmmgtwmXxrqu7t5MhO3Bm5pFoN8mZNgurtnuSR6nGU50-as6A5CDAkQtQyfzezQJeV0qhcVdGcY-AQ4MfDYCmkAK_G0WvNyx8UOm3FuuFarQbDZIHpRcGEyH_Dv7Rq_GAbQXfnimb4LvpxzZiIjs8EYwhxSWsUu2XxZPYOMKbGy-wmfKlYdsnFFTV-TXuM6RlvsBiGh6Tb7PWCLC7kORK-JVOljWWDq9PufXeP27Uj6nW_wzrCb33Wh_n4X4BlSaa5vqH1MUu2My6GNq6xXI0CM7zA33HRtipF2VowVRkKmV7iYwvt7Pw-D942rB5ZDL2jO9fbgKkn6c7Se9fmXupX4gvZpbusilM9Y5Q-zuavL5aGpZTz3XRi835E_CopBA7k71bEbrA_dAtAw_W2x82mgG1T1qAo3FMi65RhSytnkeJLQBVzXaY-lNSOml-TBYqTxuT1S60vsNLCSNrLmBo7oJfxpP6D6yO5ZLpGvmDlU57RzEH6iEVfbCv0cS2G5msua782Ozp2qkZoyxh82U9fzL-vdlM4eKN83LWVqp4t56AGxt_tcxsReMdRw5S25nIpKECaPVtpN8WmtbLlTyOvkoF5unnQxk1CUdHRloSW-vHDbtckorZFnJ0q3jvUpE-emQsRBWiQV3DTG5vMbJaa400MgJvSCMq2L08g5Kztkd8otazovJnjb6RmnnDI2UwkFulAwi_Sg6BGIlyaO92sM5XiQDDhu5fjLNLqtxDQOqywsWW_z9IlqGrPUyt8swSRXg76Y0VumR00_LDL6m8Rdd66nkAkFHq7RWxLRu_9dbvNL8kMjUdg00zhkxAHWtUll_oLBp_921vUfiA0PoKZPcZI0WYGFz9GdUdudvwXgDnnky6WWzljfjf_6JRMdaW3ISd1O2DMz7tbHL014iu53RZIph5C0dYsxj5bl9y3AT5Q4me-wW2EcDN30-R8Hsecnxapa15ijjlVklXyAr5GBGnBulVYeOqBXHhELlqGOeHu8T0Ime0dxc2zoRgc7i-RJQGuBVoeKvTLITWiC1-eQn4un1-2jmScP6JqypGuKBl9IFDVL6vU5bxXEh_RVzvyhCWZJBADq49JlJvEAmnqMN3jmpobebQwdtRmyBG-1BwvXpRr8fNeLSaoTaVthdunQq8QFAbO59X3abR77hip5c-BNoqv7nUPQNDw_QUoLEUAhoorKKT0TsQ2nyBvs4lnmnemcCTGyLARCZzmtItak4s75xPGARstPGpW8eIoxXivv94jv7aRLCMpYFDOC8BZMeJuPJ_MiQgpXYGx5riowzDEKPoLDN7soXXabgqvjV8lS8uTvOw7CxM31k9Q7yWHkiA4qz64e3EbHj-PNRXwwyPg6XvvioRxteoRN_nYs5_rR0tHDReUksemc1wWsHRojSlK42wROm07TEOnPJgOUL7fACL9eT1qh_iz9IqqH1bCTVXg8QRwcfyo103BRf5-ObutqOTAGrxfu8f1mxr2IMtW8m3-Rz8RWQkExM3bc7a8O8p54bUARKutLOqQtyq3Y0W-De6HaiqXtHV7F6qwJrtKl5kueWeMvshxjOu2bBjfITAnUif8V1SqDasSvf-7RIFcvtLBsG3mQF4BaTSiTPs2FA-bAMTGSD3INBYZ-m86EqJE_wN1Q1I4tn8XAM-DWLLJebZIKIuq3xjszLRk_GtT6DZy5MTOGhG_FPdTDmFTlqMlDOJ8fbxXYBbZgsV20BnGtVPgvpb7Mdm8DLahIMe8XRbFEpoRCbf-riStuMHQsP_N7dsRWAq8Q9FKwGWx8rXjdmg0WOv4kiJguH0Mh4_HycD3UnMmmDz109AKQiyx8ZAQrkSZ_5wu17CExhoMphz98A3CMY8KrVue54F7rjFC0lhgwNVM6Xl_QMvj3eYRKHyuQHFOleFqfs48xqPHbe6MDouATJ8_RwvTx8JKTl6nvO0ih21XRRpih3mACJgd13UPzsHqrvze3wp2lEClgloGbVp27NWQOqcDLAtSBXbYD8xwLcr2D7pjLMyz_eN_9UA8r-UmzTQxwTzu5-74DCClzSbpVoe6jAQ7s0ov1sBH2Sg_5msOTmAvBKyWmxMF8zZ-&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fuxwing.com%2F&ds=l&xdt=1&iif=1&cor=11315967812400090000&adk=2086295851&idt=62&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a68be92249a60cdeff1f52556d33a6518ecfbde2b3587d5cfc58129640b9562e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11471
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 5223 28 KB
28 KB 131ms
36ms Font
font/woff2 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://uxwing.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 04 Jan 2023 20:38:02 GMT
x-content-type-options: nosniff
age: 374010
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 20:38:02 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 115E 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5153888036843&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 115E 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5153888036843&version=m202209210101&ct=76&x=1&cor=13611774040817640000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 115E 82 KB
35 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BndWEUizhKMovWWF8AjUpI4XpabYrWKRBhZA26lsHMrCwHh0QXXjXvl2BWWHK8L-bPwuEypWvDLoVAuwXncAK0hMob-A&cry=1&dbm_d=AKAmf-AUK3caf1WvOesJ_yKg-OCSXMOEKt_3eEzd7ChO-eiaaRM0wadO47vSn13jUtxiaxmMSaAJaV7JBmH9CmYoVL_l9bDaooU2ROHEfPhKPwGJ_rlUwN1hUnpz4jdGBRUdTxUbrbma40AC1utrxTPrUiEq8ZiwKGcBM2aNe5nZCqhOAqKMjRyUIcOaN0Dp1AhKkltMhfxuiLgqVi8ulBPBq887HLRS7n8LR9dubH-tIOPlZQgJZNYcyyrvnBca_RamwQL4eWVEIhLEIc8ombiSHWl_Os8SCQPpqpuu_fK-MX28DEcV5TkgMSo3pW47V1uW-H5Y6a7oORdX1m18Kj2R484jRJWlHUIA8IdQuG5Pb1BdZ09r8qjGyAkgdyO2lNne3OW9SqMTvzu3VamWyoqW8sOdsfXnDjDlo4D1B1YJ4d-rCqtHX9IzLKe88OUUMTI_7bZu9BeTMe0zMSIVNyb9GwJJ3i0lN0_Vyi8l0OdO_fl2xIPFkFZC8iW1VyhPHPjJp4z41IPfzdBsIbiC8BOvXGM4C02O1-N4OQIEq6h5x-U7-F9RkACoH2rU2hIcHGf2l6kH4BEl6J9L9aTsvT71pHlJZoWQeOEnni82tQ_Go-xvw1NGLK74EK7tjPsvw8TQhnu01BmhDmJhTKv0cIxuAIXJwI8ygaqsCeaea2T6kVCXqQPMqFQ_3W6jNHrnqRs_buQKhbpLvn2UInRz8BnhYgzJKex3WRiws42bpkn2cG6hMBPcBWLyK7evTxY8J069B5bAJlpR_x6hkz1fk68nBLAAe4q4HKPICLFVrZsoEa_qP3QtusJ8GJht--AyXt5jkxmI4NPlOBjwm54Suc097vc8GAI66H4ouj6fb4Z3yP6NIkX_VahLA5drywdEQ-8Imh2HbOOM62L90QYJ4zePe3q679vKx8tzQVD40d0t-i17DEPXt7w1IMEHWBDf6tWmfZRW7I3g5p6KO96NiWyYGnZW4BZa42IZDqap8f-mVT1xOzZfI9952YHywdxAhkxs5yzk6aNNNxg_NqxsKN3jNVyIeeQlPPO7W9d5IKEka18A7Li1_9I8WrrpuKirEE3Eh8FZMpX8usweCl-kTpReMrzPLBIp3FtKwq3056lQhVeTgLWPvhd1VmUHdohLW02mOJRRf-y5ZIsaP6xCIXjrM28mpBlifTNi48Ex5tjuboxHD_-oP9hrD3pWrGQoq9Y1Osqw6EZe94YBlca1caqwNAbR_8xwKBIGNyzQAOdYtoxDaHs05Gn5oYz0uD9Br_GcyieEO9xg2ttSclOKQM7HW7hvN93qMXadXO9D0U85KTjgw9PyDDqwaAqyOY5pDPAjhHPmhf900M0Me1UDf2h50EjjUbz4a_o5OMraa9SLD9O4uiJ6A3J81dgVt_B0tXjkanU2NeiAQZrfNUFQLih9O1l4J0NSordSjGy2HvLg95hKnVJo4kE2exUco9AQZGJ9Tkqatkq-pWxZ6p5kdVsXLfFbfU8Uc-qKnvoMXOK7WK9w7-hNQgXzwnJ0CdU3Eb5PteQaYx7wWSnFFyu31RyaOAOL4WRY7qeBVHci7eOdqphvjcfpiLbEVCQ4I_Iw9VCg-MqPhcLyxtnlc0H3_VaAQ49hpFRRWUVYne_toagdT0oSJReLDc_FF0JczmKF-pzshk8JTPy7olhqMgbVZ6adtFi4eJUfrhvq5O7kLpZg2Z5x-3n6PnfrzfSWKuedO8NIs-Dag47yhPQuq3lsZEAb0U_M3utti4_JlrkM8QHGKZoFwi81_hl7tEGoU5fym8MO2yxYGIucXUhFPm_LbdjNWDDTAxKYkeWIQlZ82onkZle9Bgqd-3Wr06ZSSvDAPEsMlUD4nCtdripU7p21eATG8mhvUOw-tA9Sk4p_h4xUtGb8-fIjOf40Uci1no3HHesCTgO_sAv3uMvVmz9Qif2psH6B3tz6xFfyalXRneRYz9Xf3zd0MXDE6qNvo--bsF9FEPGhMrM1xB17ZvE9PeOADydTIIEdyDrRGJLJfnQoIsCP48xh0HNyuRGJ9hrPwIdTTGanUwFJ8gnyrEOMdl-qUxGjGotFyjECXOIjRzYjdiFGi3NK4J_Xq7VHR9V_Wa5oACYWKTlMXFKL7dvLK5j_P6bLPwLigaOZGA97yozfaVnzv24N8YompMNgh6VtWJDiGg9AYiaKI_lKJOaWuntZi_4qDs52C6XQoYvJ9W4DnPZoiiAJQ2S_xqjS9DAccgrqIwS7Rzvrb0WpRw5MY6W5k7fpGXHz4Ad3ByKbKds0J1Rb9mLzTCbv8Z9z85ZCym7MeTYnut0XsDlW1UOs8BwfZZ1pHRraEzJHoTFmPflVI-tLiqBgWXpu_mh70VlQflu_IW0uHUxSiVjLLj-AEnxQPlc82g429bgzXFrMFMxm_8nPJ52Z3sQiVvt-2MbPrD9yXFKSvS-TgRiLD2EfcOyU-qSxB9GNlKXIa4C3BhTqaFUsfyEl1_OLKwYTs8VodeiGRmV4ImyoetOBcoTbHw2GGEFagQ-g9g6Xs-twXwOveNN2qh9wsv1k31F1FvyRorf-pjKutDhGUBe5i_Tm0po48aCzf3lSCYDwR7laFIHSPU4q52j2YEhaW1_Sp1Lk-HnEnAazdl0kl-hZa0jE_qBK6ObFQhfLcQ7FO1pdxWNngy-LxifQwaYqrWI4Vu6HR2CdaRDtpsc9oBmbRxg7oRZeOGXGUqlYS96DAEkM7_I68ETcopNLDGz-SwOd181xjD_x3RtKtTkI1WXENBYL1ulhuFcyQgaVpiI1BQTNQc4b3ZjSpVUw5Be48_uGg4NFI2tC8tfcQpqTb_k1sj-McZTjie96V9PvGwt7mYsR_vAIAWhdWPqE4FcAOFBaUzvmCi3Y1tS-VTN0Zbf799aytdoj50NmtY_glOEpjSBymGMR8R6kLHrxnhzefRVu07Y1Y9Y7JMQQBxB3uiuDbhguCzbJUDNkhmDt5jDR60aydZanI8oWziGTghT13WkXK7wAQb31SzDu8OiKu4dZX5LdlGzzewu46T_NWKFDO2swqBiLfFsJwuN2Tqy1J5hMOhPAwoB3eLV5vdxUcVWgPzGuI3xCIkbw448y90hBgEWurVIQU7MirMutEWCgpFVsYjCrtmYRMM0rZgPwMDWUIlTrvKEwOAftyK0m_jfaRvhShPPIYELJ7yu4YRkKrERCL-QlH93pAtLKXgcNap8zlh60t529gthfw3tYpPrkYxj9Epkb-32Ql5v-f1g&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fuxwing.com%2F&ds=l&xdt=1&iif=1&cor=13611774040817640000&adk=1964084972&idt=82&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f69263cd9d638512bc54b420cd6380f126ee7a6d9b798db8ad8cc638b9a09aef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2D8A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1&C=1

43 B
766 B

22ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUC_FRXyIivcZ6roOjjq_vDld_dJtPGZeitLt8fwj8S6fGLwrX75iKHwIOVvt4ge0FxM1V3lMGe5kNOzL-9lkM06DFoxExpw67BHgAwZDuxPX7vzyaFDKC_9v-1BkmBfE5UuDSkSmQ8Kky-NZWM9yYW3_DLmzd_NHZ5fp9LLnmBbo4b9Vo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2D8A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7uYpOfAh30dcfEuwBhyiwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1

43 B
766 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUC_FRXyIivcZ6roOjjq_vDld_dJtPGZeitLt8fwj8S6fGLwrX75iKHwIOVvt4ge0FxM1V3lMGe5kNOzL-9lkM06DFoxExpw67BHgAwZDuxPX7vzyaFDKC_9v-1BkmBfE5UuDSkSmQ8Kky-NZWM9yYW3_DLmzd_NHZ5fp9LLnmBbo4b9Vo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2D8A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAA7NJrx61RbPHJJaZNHCbk&google_cver=1

43 B
1 KB

30ms
27ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAA7NJrx61RbPHJJaZNHCbk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUC_FRXyIivcZ6roOjjq_vDld_dJtPGZeitLt8fwj8S6fGLwrX75iKHwIOVvt4ge0FxM1V3lMGe5kNOzL-9lkM06DFoxExpw67BHgAwZDuxPX7vzyaFDKC_9v-1BkmBfE5UuDSkSmQ8Kky-NZWM9yYW3_DLmzd_NHZ5fp9LLnmBbo4b9Vo

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
AN-X-Request-Uuid: 41913324-6f9b-4324-8e0d-0ea6a582f536
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.26; 217.114.218.26; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAA7NJrx61RbPHJJaZNHCbk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2D8A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMzNjcyMDU0NjI2NjAzOTM5

170 B
243 B

51ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMzNjcyMDU0NjI2NjAzOTM5

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 09 Jan 2023 04:31:32 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.26; 217.114.218.26; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a27e0b80-353a-4622-83d1-92ac86714569
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMzNjcyMDU0NjI2NjAzOTM5
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A39D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1&C=1

43 B
766 B

23ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYw9PDmAEwAQ&v=APEucNVd_8VEekRVOKVU_gxWOirx83j_Q0W8fPSRYvj9H5tm8FYuWMCoNI4-Vh3GRwzMlM0-F9JpRQWsADbmbA0aUGxN1UXIfZo6oJaUw-_hqrhtiBPf1hIrCMvTtNDD0kVdnf4BK1FLpyz1HrK6leaYkmVxXR3TiYvK6M3oE2P9b67W5pOeiEM
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A39D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7uYpOfAh30dcfEuwBhyiwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1

43 B
766 B

22ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYw9PDmAEwAQ&v=APEucNVd_8VEekRVOKVU_gxWOirx83j_Q0W8fPSRYvj9H5tm8FYuWMCoNI4-Vh3GRwzMlM0-F9JpRQWsADbmbA0aUGxN1UXIfZo6oJaUw-_hqrhtiBPf1hIrCMvTtNDD0kVdnf4BK1FLpyz1HrK6leaYkmVxXR3TiYvK6M3oE2P9b67W5pOeiEM
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJrPaKA4u-8AxHdNYlWUwl4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A39D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAA7NJrx61RbPHJJaZNHCbk&google_cver=1

43 B
1 KB

32ms
32ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAA7NJrx61RbPHJJaZNHCbk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYw9PDmAEwAQ&v=APEucNVd_8VEekRVOKVU_gxWOirx83j_Q0W8fPSRYvj9H5tm8FYuWMCoNI4-Vh3GRwzMlM0-F9JpRQWsADbmbA0aUGxN1UXIfZo6oJaUw-_hqrhtiBPf1hIrCMvTtNDD0kVdnf4BK1FLpyz1HrK6leaYkmVxXR3TiYvK6M3oE2P9b67W5pOeiEM

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
AN-X-Request-Uuid: f87779e1-82dc-40e9-bff2-cad7476b3c8e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.26; 217.114.218.26; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAA7NJrx61RbPHJJaZNHCbk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A39D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMzNjcyMDU0NjI2NjAzOTM5

170 B
188 B

76ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMzNjcyMDU0NjI2NjAzOTM5

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 09 Jan 2023 04:31:32 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.26; 217.114.218.26; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 84f7c837-d5b6-493b-87a8-6c73b62198ed
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMzNjcyMDU0NjI2NjAzOTM5
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8223
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

57ms
39ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A1D8 41 KB
15 KB 25ms
20ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DekJ4HcXULMzwZQtrwQSMoEJJwyrEptUQuuT7lmX6lihiUbXHPF0bgw5W0XxuRtFEFKXoT2T7n2WFgIXFyB780bMcHrZV_a1GbOjK-WPKR2fkHjS-3T8dj7NXQpyz6BkWcwOt-f7fu3bmkgrLBRaGnmCr7p_VZZmhE45iQ5dRHfe4SJN8&cry=1&dbm_d=AKAmf-ABIJAatpLuBOfOJSN45R6TrFNsunp2XNCMhUjRPdKN3VxwBH2cB_IlmOsfXlN1FGkAv82d2P98ZhFT3ZG0sD9CWkrxvpQQ40jeqZHlVekrJxEo6OUTTQzW6EXK2yRBG43-_U2DWHWyNz6UyVEMgK-hsgfsPXC2ZF-zkGd7l3HZfCtP_foxejVy1oVRHea4fKqyv0DeutOLCpt7FwtZRblJ77PLbE8iQNtn6nwm5YKCGywmUkWp8aSxSGWDa_E01OnYw_wBDmg3IyD7p4liAqhKMN-zc6100qeM1xy0YU4SJLOIhEnMABDsLNq5kteXIeBudEjH3lVx1_V4hpzhvO6dea6upcQ54BionC0D6QeudaQyKbxXRiNzvv1lCEpwUAR_T6evIHA9QG8Lb94aon52XNXb6KSv3t5iDCuaXQvVsUimvHPmcRrWdDhVQ40MosS6ZAUbwTevNSPodUXz_svqeji_MAhzR5JIx1Cz4OhtE0A7ppEi1I8GoHMQp2vylIilmOoJ27bvlGNd3cnLvQYELJ_90-Txe2k_UovTPoiV9XQoHoZ2z0_kSEoXjdfWJ41u_ptEuuvrBfPRuIaNwNZuARyn8aWrLlGrNOv4k4S6Mv9A7YP11IhBnuJc82vxC1Z0qD9mtQMqP4m67zSxYCMIKzZjmWZIgv4x9G6MgleUNTzYiM1bnXvFGWrxcWWOX1V3kHFpHaPIC8tugJBQwBI8BivjFiZZIZcmefOEpyPI4Alc6j6TKAdkdlc98Z22WQhBFgvSM3BOSTJlNAUeNgHHqThjE9qGBTB9BIaLZXoj1fsaoI4-PFAvuj_n4m3kXVzVnGZV-zlo53j27OxstDe9JCiv1KNs9dpBtMdK8s-X-cmJ34lHSnEkVbknjcxMmeZkVlEy5i7DtClRMHvNtdJaws7hZ815jMS-ubz0c-gtGkS9KEIan-HoK5SqeJUvuGS4rdG9rvfVW0SoW9mhozbNAryvUv-geCet7-7LaI8AQ9-83E7xA1wPLdPOF4Mpv4bINhwVO2UyguxHAppMtYJ83dlAE2L32XKRZJw2XNgIfDSk333i_qs0dTV3q4_ImbpG-2yCFDAgb0p1lSI5pbiVK6T8SRnfDJ4vbSotbLpAPOP-uFz4EOR7BrWs-cMEfGKUpcX1Sr56uTws9WxysaRVlU-4uHAN3DPTjp18nag1UABrNL-OCzJYc1KDlngPpGh3SZNao3ur3AOzoPJbnhQnzHd90MOURPEexCdrNauEnIu7FY260Uj1oZPyTs3lrzjEwkXhSPCdxI3J-_t9RDSNlONN-ta76UlF81icKMNPOiFpdEkesg6K1AUelbRz0cAk3wL2wJxokt2ZDCrPtMinbAXMy_zRAJ13FGY_JdDJ0XkN24gDQpcCr_fc4vk9YN4El2zbtrXFIwJtdofXNXKuzaddxn-0ICptfU7K17_vXvStvZcU0Fcyv2bGqxTPJ5pIBQaubvaWKcOPUwKis4pmmgtwmXxrqu7t5MhO3Bm5pFoN8mZNgurtnuSR6nGU50-as6A5CDAkQtQyfzezQJeV0qhcVdGcY-AQ4MfDYCmkAK_G0WvNyx8UOm3FuuFarQbDZIHpRcGEyH_Dv7Rq_GAbQXfnimb4LvpxzZiIjs8EYwhxSWsUu2XxZPYOMKbGy-wmfKlYdsnFFTV-TXuM6RlvsBiGh6Tb7PWCLC7kORK-JVOljWWDq9PufXeP27Uj6nW_wzrCb33Wh_n4X4BlSaa5vqH1MUu2My6GNq6xXI0CM7zA33HRtipF2VowVRkKmV7iYwvt7Pw-D942rB5ZDL2jO9fbgKkn6c7Se9fmXupX4gvZpbusilM9Y5Q-zuavL5aGpZTz3XRi835E_CopBA7k71bEbrA_dAtAw_W2x82mgG1T1qAo3FMi65RhSytnkeJLQBVzXaY-lNSOml-TBYqTxuT1S60vsNLCSNrLmBo7oJfxpP6D6yO5ZLpGvmDlU57RzEH6iEVfbCv0cS2G5msua782Ozp2qkZoyxh82U9fzL-vdlM4eKN83LWVqp4t56AGxt_tcxsReMdRw5S25nIpKECaPVtpN8WmtbLlTyOvkoF5unnQxk1CUdHRloSW-vHDbtckorZFnJ0q3jvUpE-emQsRBWiQV3DTG5vMbJaa400MgJvSCMq2L08g5Kztkd8otazovJnjb6RmnnDI2UwkFulAwi_Sg6BGIlyaO92sM5XiQDDhu5fjLNLqtxDQOqywsWW_z9IlqGrPUyt8swSRXg76Y0VumR00_LDL6m8Rdd66nkAkFHq7RWxLRu_9dbvNL8kMjUdg00zhkxAHWtUll_oLBp_921vUfiA0PoKZPcZI0WYGFz9GdUdudvwXgDnnky6WWzljfjf_6JRMdaW3ISd1O2DMz7tbHL014iu53RZIph5C0dYsxj5bl9y3AT5Q4me-wW2EcDN30-R8Hsecnxapa15ijjlVklXyAr5GBGnBulVYeOqBXHhELlqGOeHu8T0Ime0dxc2zoRgc7i-RJQGuBVoeKvTLITWiC1-eQn4un1-2jmScP6JqypGuKBl9IFDVL6vU5bxXEh_RVzvyhCWZJBADq49JlJvEAmnqMN3jmpobebQwdtRmyBG-1BwvXpRr8fNeLSaoTaVthdunQq8QFAbO59X3abR77hip5c-BNoqv7nUPQNDw_QUoLEUAhoorKKT0TsQ2nyBvs4lnmnemcCTGyLARCZzmtItak4s75xPGARstPGpW8eIoxXivv94jv7aRLCMpYFDOC8BZMeJuPJ_MiQgpXYGx5riowzDEKPoLDN7soXXabgqvjV8lS8uTvOw7CxM31k9Q7yWHkiA4qz64e3EbHj-PNRXwwyPg6XvvioRxteoRN_nYs5_rR0tHDReUksemc1wWsHRojSlK42wROm07TEOnPJgOUL7fACL9eT1qh_iz9IqqH1bCTVXg8QRwcfyo103BRf5-ObutqOTAGrxfu8f1mxr2IMtW8m3-Rz8RWQkExM3bc7a8O8p54bUARKutLOqQtyq3Y0W-De6HaiqXtHV7F6qwJrtKl5kueWeMvshxjOu2bBjfITAnUif8V1SqDasSvf-7RIFcvtLBsG3mQF4BaTSiTPs2FA-bAMTGSD3INBYZ-m86EqJE_wN1Q1I4tn8XAM-DWLLJebZIKIuq3xjszLRk_GtT6DZy5MTOGhG_FPdTDmFTlqMlDOJ8fbxXYBbZgsV20BnGtVPgvpb7Mdm8DLahIMe8XRbFEpoRCbf-riStuMHQsP_N7dsRWAq8Q9FKwGWx8rXjdmg0WOv4kiJguH0Mh4_HycD3UnMmmDz109AKQiyx8ZAQrkSZ_5wu17CExhoMphz98A3CMY8KrVue54F7rjFC0lhgwNVM6Xl_QMvj3eYRKHyuQHFOleFqfs48xqPHbe6MDouATJ8_RwvTx8JKTl6nvO0ih21XRRpih3mACJgd13UPzsHqrvze3wp2lEClgloGbVp27NWQOqcDLAtSBXbYD8xwLcr2D7pjLMyz_eN_9UA8r-UmzTQxwTzu5-74DCClzSbpVoe6jAQ7s0ov1sBH2Sg_5msOTmAvBKyWmxMF8zZ-&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fuxwing.com%2F&ds=l&xdt=1&iif=1&cor=11315967812400090000&adk=2086295851&idt=62&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 194589
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 115E 106 KB
38 KB 140ms
34ms Script
text/javascript 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Origin: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:33:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25076
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Jan 2023 21:33:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame 115E 8 KB
3 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BndWEUizhKMovWWF8AjUpI4XpabYrWKRBhZA26lsHMrCwHh0QXXjXvl2BWWHK8L-bPwuEypWvDLoVAuwXncAK0hMob-A&cry=1&dbm_d=AKAmf-AUK3caf1WvOesJ_yKg-OCSXMOEKt_3eEzd7ChO-eiaaRM0wadO47vSn13jUtxiaxmMSaAJaV7JBmH9CmYoVL_l9bDaooU2ROHEfPhKPwGJ_rlUwN1hUnpz4jdGBRUdTxUbrbma40AC1utrxTPrUiEq8ZiwKGcBM2aNe5nZCqhOAqKMjRyUIcOaN0Dp1AhKkltMhfxuiLgqVi8ulBPBq887HLRS7n8LR9dubH-tIOPlZQgJZNYcyyrvnBca_RamwQL4eWVEIhLEIc8ombiSHWl_Os8SCQPpqpuu_fK-MX28DEcV5TkgMSo3pW47V1uW-H5Y6a7oORdX1m18Kj2R484jRJWlHUIA8IdQuG5Pb1BdZ09r8qjGyAkgdyO2lNne3OW9SqMTvzu3VamWyoqW8sOdsfXnDjDlo4D1B1YJ4d-rCqtHX9IzLKe88OUUMTI_7bZu9BeTMe0zMSIVNyb9GwJJ3i0lN0_Vyi8l0OdO_fl2xIPFkFZC8iW1VyhPHPjJp4z41IPfzdBsIbiC8BOvXGM4C02O1-N4OQIEq6h5x-U7-F9RkACoH2rU2hIcHGf2l6kH4BEl6J9L9aTsvT71pHlJZoWQeOEnni82tQ_Go-xvw1NGLK74EK7tjPsvw8TQhnu01BmhDmJhTKv0cIxuAIXJwI8ygaqsCeaea2T6kVCXqQPMqFQ_3W6jNHrnqRs_buQKhbpLvn2UInRz8BnhYgzJKex3WRiws42bpkn2cG6hMBPcBWLyK7evTxY8J069B5bAJlpR_x6hkz1fk68nBLAAe4q4HKPICLFVrZsoEa_qP3QtusJ8GJht--AyXt5jkxmI4NPlOBjwm54Suc097vc8GAI66H4ouj6fb4Z3yP6NIkX_VahLA5drywdEQ-8Imh2HbOOM62L90QYJ4zePe3q679vKx8tzQVD40d0t-i17DEPXt7w1IMEHWBDf6tWmfZRW7I3g5p6KO96NiWyYGnZW4BZa42IZDqap8f-mVT1xOzZfI9952YHywdxAhkxs5yzk6aNNNxg_NqxsKN3jNVyIeeQlPPO7W9d5IKEka18A7Li1_9I8WrrpuKirEE3Eh8FZMpX8usweCl-kTpReMrzPLBIp3FtKwq3056lQhVeTgLWPvhd1VmUHdohLW02mOJRRf-y5ZIsaP6xCIXjrM28mpBlifTNi48Ex5tjuboxHD_-oP9hrD3pWrGQoq9Y1Osqw6EZe94YBlca1caqwNAbR_8xwKBIGNyzQAOdYtoxDaHs05Gn5oYz0uD9Br_GcyieEO9xg2ttSclOKQM7HW7hvN93qMXadXO9D0U85KTjgw9PyDDqwaAqyOY5pDPAjhHPmhf900M0Me1UDf2h50EjjUbz4a_o5OMraa9SLD9O4uiJ6A3J81dgVt_B0tXjkanU2NeiAQZrfNUFQLih9O1l4J0NSordSjGy2HvLg95hKnVJo4kE2exUco9AQZGJ9Tkqatkq-pWxZ6p5kdVsXLfFbfU8Uc-qKnvoMXOK7WK9w7-hNQgXzwnJ0CdU3Eb5PteQaYx7wWSnFFyu31RyaOAOL4WRY7qeBVHci7eOdqphvjcfpiLbEVCQ4I_Iw9VCg-MqPhcLyxtnlc0H3_VaAQ49hpFRRWUVYne_toagdT0oSJReLDc_FF0JczmKF-pzshk8JTPy7olhqMgbVZ6adtFi4eJUfrhvq5O7kLpZg2Z5x-3n6PnfrzfSWKuedO8NIs-Dag47yhPQuq3lsZEAb0U_M3utti4_JlrkM8QHGKZoFwi81_hl7tEGoU5fym8MO2yxYGIucXUhFPm_LbdjNWDDTAxKYkeWIQlZ82onkZle9Bgqd-3Wr06ZSSvDAPEsMlUD4nCtdripU7p21eATG8mhvUOw-tA9Sk4p_h4xUtGb8-fIjOf40Uci1no3HHesCTgO_sAv3uMvVmz9Qif2psH6B3tz6xFfyalXRneRYz9Xf3zd0MXDE6qNvo--bsF9FEPGhMrM1xB17ZvE9PeOADydTIIEdyDrRGJLJfnQoIsCP48xh0HNyuRGJ9hrPwIdTTGanUwFJ8gnyrEOMdl-qUxGjGotFyjECXOIjRzYjdiFGi3NK4J_Xq7VHR9V_Wa5oACYWKTlMXFKL7dvLK5j_P6bLPwLigaOZGA97yozfaVnzv24N8YompMNgh6VtWJDiGg9AYiaKI_lKJOaWuntZi_4qDs52C6XQoYvJ9W4DnPZoiiAJQ2S_xqjS9DAccgrqIwS7Rzvrb0WpRw5MY6W5k7fpGXHz4Ad3ByKbKds0J1Rb9mLzTCbv8Z9z85ZCym7MeTYnut0XsDlW1UOs8BwfZZ1pHRraEzJHoTFmPflVI-tLiqBgWXpu_mh70VlQflu_IW0uHUxSiVjLLj-AEnxQPlc82g429bgzXFrMFMxm_8nPJ52Z3sQiVvt-2MbPrD9yXFKSvS-TgRiLD2EfcOyU-qSxB9GNlKXIa4C3BhTqaFUsfyEl1_OLKwYTs8VodeiGRmV4ImyoetOBcoTbHw2GGEFagQ-g9g6Xs-twXwOveNN2qh9wsv1k31F1FvyRorf-pjKutDhGUBe5i_Tm0po48aCzf3lSCYDwR7laFIHSPU4q52j2YEhaW1_Sp1Lk-HnEnAazdl0kl-hZa0jE_qBK6ObFQhfLcQ7FO1pdxWNngy-LxifQwaYqrWI4Vu6HR2CdaRDtpsc9oBmbRxg7oRZeOGXGUqlYS96DAEkM7_I68ETcopNLDGz-SwOd181xjD_x3RtKtTkI1WXENBYL1ulhuFcyQgaVpiI1BQTNQc4b3ZjSpVUw5Be48_uGg4NFI2tC8tfcQpqTb_k1sj-McZTjie96V9PvGwt7mYsR_vAIAWhdWPqE4FcAOFBaUzvmCi3Y1tS-VTN0Zbf799aytdoj50NmtY_glOEpjSBymGMR8R6kLHrxnhzefRVu07Y1Y9Y7JMQQBxB3uiuDbhguCzbJUDNkhmDt5jDR60aydZanI8oWziGTghT13WkXK7wAQb31SzDu8OiKu4dZX5LdlGzzewu46T_NWKFDO2swqBiLfFsJwuN2Tqy1J5hMOhPAwoB3eLV5vdxUcVWgPzGuI3xCIkbw448y90hBgEWurVIQU7MirMutEWCgpFVsYjCrtmYRMM0rZgPwMDWUIlTrvKEwOAftyK0m_jfaRvhShPPIYELJ7yu4YRkKrERCL-QlH93pAtLKXgcNap8zlh60t529gthfw3tYpPrkYxj9Epkb-32Ql5v-f1g&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fuxwing.com%2F&ds=l&xdt=1&iif=1&cor=13611774040817640000&adk=1964084972&idt=82&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 01:31:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 23 Jan 2023 01:31:54 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 115E 28 KB
11 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 01:31:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 23 Jan 2023 01:31:54 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame A1D8 11 KB
4 KB 87ms
27ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D
Requested by: Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 431f1d61345c6e783dfd636b65e7a307f238627a08266c63167c49a8626fe096

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4133
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 7C4D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

94ms
47ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 5223
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

49ms
31ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H3
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D806 22 KB
8 KB 20ms
20ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 172877
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 115E 41 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 194589
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
DATA 200
OK truncated
/ Frame 115E 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 651bb90e56969592607274dfc0c9ad154e632671569c650241a39f35e4b2fb42

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

request.php Show response
hal90002.redintelligence.net/ Frame A1D8
Redirect Chain

https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

137ms
90ms

Script
application/x-javascript

46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D&documentReferer=https%3A%2F%2Fuxwing.com%2F&ancestorOrigins=https%3A%2F%2Fuxwing.com&random=1136064087148&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: f8c1fcca6e04a8d7114bbe6c0c6643f103f851c66ed31aadef2221104f5001f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 43963600015251604444554012199002
Connection: close
Content-Length: 1305
Expires: Mon, 09 Jan 2023 04:31:32 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D&documentReferer=https%3A%2F%2Fuxwing.com%2F&ancestorOrigins=https%3A%2F%2Fuxwing.com&random=1136064087148&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 09 Jan 2023 04:31:32 +0100

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 65ms
64ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120801&jk=423010109064381&bg=!IyClIGTNAAYDMoyoIzI7ACkAdvg8WoSyCStwsv1wvr2Crpb4tRu4oH54XLBnijTADXkzXd76Zc06jgIAAABNUgAAAAJoAQcKAIguYAm5dPxaZexPxYQr9ZSsqfZEM3FVE6y-L6PoSAl4FuK9peglVD0bRphDl8lBaNZojORVBcwxaTBEoTo37dual580Dg7kOHe94UPaHuRQLqkj9jSFsyMiO4SYxy73wD_jRkToZSOCHtyhxepTkYVdb_zc0ASQFwxLqIKguVXybqAXqdEVbvvAmQKcHpfP-n50UG5dtOr89TtIi1EhSnsI5dbX8S4wUM8Ko6tpq855mJhsCQJgA8KF33aT4dGduP5ktAHK7H12Rbn1Yq6m8qEJZvEEo5nhilxXVSJnSzI59JYeYIprs-NpxshpNotSLf3NsDUm6--r6UPNWTlk9VctirIK5KMR-hLx-Zk6CHUt29c_YwsCzZUFW_mdonj89Qd69CO_i72QlVG23L3m1uhPo8HZflpI-9GNDY1gHWQXfCco4YEkT9yNm2IyKxGK6VH_la10veHgcfOknVf3m412BfCNNsAk4MMMTgI4_52iAjDrrMXOn490EmqX7NLyPPAIjljB_r9mTO0AkYUNMtY_2XC3JF4kEyFV84QTtAvgn48ghiiWVFgHrG0CsFJVOWJn21amSO_LxBVXerbwyKpiH7jAAj5CesjqlUUVDw-QxfjTWNaiiU3Ataq0MXvLcUtlJGY1MbWwz7RgEl-8OSgHLr2xWycQDzGk1i4Wzg6FWBeReilyF8hXdsBt6CZ_ekyrl7mFd6MldOmIl53Albc58Nfs6gVZD8wnVqQPmW354zcfx5QzgtKc3wkBBLM3nejahxa_PjUh-SWsMTd38FfWoVE_xzWT4rqTFBH5NTW_I5RKFWDf1ULRRYuuF-ENyw-DlVNuAsbfTikMcgkkypx0Cug1RCl_XgLWdsUCsCkMo8zPEK4x4g0iNsocpDEHtFUeVTIKPkZxNxn3Rdlmz3vfUcFmS8p58wRIdtAk3LCHGsAlRslPLNDhfdhJ3yikgkfQ96RNJr_BTo61lLCen7Fp03BFg3AT77vGEqSmsYAErFwrZth67oHo_-4DfFH-aY-Qf890k3HfEF1jn_wy4nkKTFocXD20q6P-D4PYJxa6KrYCO4IMtuU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 688D 22 KB
8 KB 20ms
19ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 172877
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame D806 36 KB
16 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 05:56:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81285
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 05:56:47 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16022799638844030706/ Frame A2C6 26 KB
5 KB 104ms
33ms Document
text/html 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16022799638844030706/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

485a5125188426ab28ec3cc67ad4b1a2901d478d9ed2a944f3ece67cba52f34f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 256827
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5268
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 06 Jan 2023 05:11:05 GMT
expires: Sat, 06 Jan 2024 05:11:05 GMT
last-modified: Mon, 12 Dec 2022 10:38:52 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 115E 0
0 150ms
66ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstbGAsMfCNrXk7b2LqgH8JH3X6lkbrRuXScXzljtKmhXKbjhZECLOiyX6yFjtI5wCtlccgWAiQ44BdDl0kH62FQrhBcxmVCiCd1HA2aiIks99BkHb8Fw0sRIkzKmaiRM2Yqq8z9k_E0usvxgTise8Mjbpf-sBTX9R9x-qRyGu0A78jkSIZGY4qRsnZB8nr3oA-Fxj_TNSJKUD5AxLl1bzvURQJzhOE-1Tw7tdxQPW-O0BUCWZ8rGf9dQFAkj-Gg7IPIBBYz4UEH8iOXY8noVofXTK1fbxxC-9K39HkL9x5XVqY4y7fgbcVIY-fEib5MXkhQ031bCSTNUsxQOKUFBTNZbjQhdTQPIbx5pb4BD8KDUvgQgXYtGxmsloHnNdxXXkj9Mh5zG2meKj0IzPlm_uQ-6fYFYYIubNX5qC8qi7nExRMi77M4zst1ZNndXGlQEmnpUYyo4gKAH5lZPykdVZD-tcVUJBv4ZvEUNrZooA9T0fcekbDR9DbQyeYvfs1RkYhDqhYidsToq5N6ZcuJLM5EXXHClC_Bg7nPhCgv7TYArFF_3OivTTHl2cay99yxpdCEY36CPC6DCg4Qmz5MjHXfjZUEM137iJDUDMmFpGW_d0cFUCT39CH4p-1OGPHf3XcTPTCI0cYz2sRTcyh75PSrAsDYBq0zQgIntwBc2jmlS33640JN2q3PvjagHEPK0SNsp_Oom_aTdj-Bsw7KAkwGKJTBkJc6YOzMhgLR0Z9ZYLZKthyKMVY7IzZHsSD65AzzBibW22jJKga8FgOE8fxbf6rwrPCG8lTAKLlfBWCQMr7gh_qlgS-Uwkcu2gKWsRz3rgipMd4xQ7YImxIltnfZ6QsAbP7EEhjpfY4Kq9y0Oolo_tblxt7MkhBnOmoDIVqbSBfKMCTvUGSTMcOBYQP05pL9Plyx-IFsoqB5q7LyIfRc4pUA8Exr9DC7PF6X9ll6TqvaS0x1kkmqtz3ta8Z0YYPGP_TPyHJppJCMn3zaFdO9YGXDosnN8jXBACVPTC57ZfaugXGnJ81ALyztdQD3-myJ5ZP9QLtMk2sdqAHD6idIFNdBmhfU20qcd9DFZ8SCajlFxBTZ2OfSi-yozLYYVt2b-lKndhbKqkkZWcviIkmEGPvC_6aUefRR5RsrQhyJAbLpsB4N24DH1cqTKLYjD2t9Spo5XX3sTf2rMJZA3dDnuwZKC71lDyPxhjz5ueOEsekhvi3n_nIA3vZtWiIF5SWbpcit2jYdmzzsFxthMw-ph99-JSlRniKwY-TqGsYHKABXHgvz2Ovw1-lyPrg&sai=AMfl-YRsLws8RlQCwg_5iikPZkzgvacTVND-r2l7HkFnCrskkf_VotGDAxfyPIzgYISnyVxP2_EBYOika9XFQrjtMvYStMHm4SW3gcJntv6qMTvAkDAo5p0Vcqe1LsbZQwhMQxUK1yRyY3iV7mpbafuDpp6rprWJ7lUmVmhQHD0f3i2PdFMulCRfHvrJW1hLvMaUm_oeVXUiQOu9d4EJ2o48PLk_uEA9vvm4-6SOtJb4-hVjSulIhAfgvovVnv0rhfcfMGLpuuHuczcIuJ4J0CwDYDu1sQw8B-KIwXXX5XNaVX2EAmG3VSLthYd2ksE6RMjj&sig=Cg0ArKJSzGUEureoOxQ6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=217&cbvp=1&cstd=215&cisv=r20230104.83205&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Jan 2023 04:31:32 GMT

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 688D 36 KB
16 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 05:56:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81285
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 05:56:47 GMT

GET
H3 200 7297ba77cc507bac59702bf9a8708972.js Show response
s0.2mdn.net/sadbundle/16022799638844030706/ Frame A2C6 97 KB
28 KB 34ms
33ms Script
application/x-javascript 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16022799638844030706/7297ba77cc507bac59702bf9a8708972.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdde7dd464e2a4458fd51306d6c4449b9b99f3111e4f50dd35002156f095f534

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:18:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123193
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28214
x-xss-protection: 0
last-modified: Mon, 12 Dec 2022 10:38:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:18:19 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame A2C6 4 KB
593 B 129ms
58ms Stylesheet
text/css 2a00:1450:400d:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700|Roboto:500

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16022799638844030706/7297ba77cc507bac59702bf9a8708972.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f024141ccf910073696d2264ba468081a352ebacc30448a5b94d2790136bbbfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 03:26:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Jan 2023 04:31:32 GMT

GET
H3 200 265f839a71c07f96c02f07479ee9eeab.png
s0.2mdn.net/sadbundle/16022799638844030706/media/ Frame A2C6 49 KB
49 KB 34ms
34ms Image
image/png 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16022799638844030706/media/265f839a71c07f96c02f07479ee9eeab.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f55f4e6edaa9a5e665a5cb441db76430e80a325ea23311ebfb1e25cb1bfdb90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 10:10:52 GMT
x-content-type-options: nosniff
age: 152440
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49834
x-xss-protection: 0
last-modified: Mon, 12 Dec 2022 10:38:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 10:10:52 GMT

GET
H3 200 06f91b438b5c0d7fe6dff4bf6c24cf00.svg
s0.2mdn.net/sadbundle/16022799638844030706/media/ Frame A2C6 5 KB
2 KB 47ms
47ms Image
image/svg+xml 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16022799638844030706/media/06f91b438b5c0d7fe6dff4bf6c24cf00.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb4a29554c161fc6298d26273c106770fbe6c66bff37bb0db2e7826a9f84cb4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:18:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123192
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1998
x-xss-protection: 0
last-modified: Mon, 12 Dec 2022 10:38:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:18:20 GMT

GET
H3 200 f5f90832ecd87185a802ad9919b4925c.png
s0.2mdn.net/sadbundle/16022799638844030706/media/ Frame A2C6 301 KB
301 KB 48ms
47ms Image
image/png 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16022799638844030706/media/f5f90832ecd87185a802ad9919b4925c.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

277d8b91680a46a9a521ff007904c6feb41d48de6ac584de837627bb2f117ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 10:10:52 GMT
x-content-type-options: nosniff
age: 152440
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 308163
x-xss-protection: 0
last-modified: Mon, 12 Dec 2022 10:38:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 10:10:52 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D806 0
20 B 58ms
57ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=ByfP_pJi7Y_ewEtH8gAfu9oqYCgAAAAA4AeAEAg&bg=!QkGlQQXNAAYDMoyoIzI7ACkAdvg8WicjSP7uHF5Z7peaCfPXA1nKGNxIV6lVBQdnJaVc2_lUtgYyMwIAAACbUgAAAARoAQcKADASA3AI2-PwyPaj0lDkBzMe2SYj-KGfoxw0lDkCM0Lt8F-dsp9Mt2EXNPyJLqGKVeSZAuZa5mXx9NAVVnpCzHkAs3H-Wj_4Cx_JB2pLb-IC4C4rGpN3KMBmIOs5ibWXa94pihWsMJ4idV846Sh7kWtKl3BGmTXmuAwGwZPK7lTqFlZZHOfbiCTfe4Y0tjdqbNFkbLR4YAyE4YAX5JlBfk_UzJipIKdkC4ETmv5TBSdd9m-pXzFY6uC-hOcZp_VOR9134RFvme9AfQFhwBFl5du9y4m2yf8_rF7wL4bhuz1YcarYLWLrLTuRSY-rmhgl-upum13rGLaNI66NA8TSEfRi4LX7ZF_4Z-UgGf0edlLR5iC2iUMFWMot5wFn2JnchEzhMati-N7F61Dgbr13AnNuv-RE_JCnAeAcqnU9ZgWSINlFJJ3TsXnuX9wNWdfRFrYF_eSzFB2sE7J_5BwtoryCeMmGOzCOpLUnrQp3ek7JI3OG7IylUhWXeZggD2foZ_dIPC3FPCtw1kBT5geFSWp-4SkvyjVOFv0CDej90pN-onaIKkxpX89EAEXIP5husW7oSb2_l3TFPnnDoi8w_pBSSn0cn7WIXyYeDErebNVNxTeNHDiPgqmYSE9yME3JIbb_aNfCjLoOxz0grwTlu0m5Et-IoQ68N1vZBmdexbiRTY1WM7RIidlkA2T-zcQa77gFrDt01yBnWRshHjd2fHCjhKCKbwTmve9HwSvTozGgE9dCEHQk0q3T05Lcad_QBpwcowx4f9n6eiqTvImiLCWg4_lyY6d_6z83N23jCGnHFOpqCvfRUFX6KEm5zaisCyOlbVe5XZ2_UQ5nEqcYobJ1d19VtqNHAv852VKffdZyhA13bNVXbxA4xFizSlBY5Wz4bdZZZrp_8ukIq0_E2oTAHL7DFu5XatNDjFXSUDo4g2QoKgMFDsCN-s4r1GB8YgSW4J-Epyi0Kc2C6Le-zujUU54XYDAhqEoHUhWAh6itzz-rsGqRk1bUgTQIvXnJNJFq3yS5cOEPzFxJlKZGtUaj52agH7X4b2-x

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 1B83
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=43963600015251604444554012199002&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43963600015251604444554012199002&actionid=981741&produktid=&dt_url=

0
608 B

122ms
38ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43963600015251604444554012199002&actionid=981741&produktid=&dt_url=

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D&documentReferer=https%3A%2F%2Fuxwing.com%2F&ancestorOrigins=https%3A%2F%2Fuxwing.com&random=1136064087148&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 09 Jan 2023 04:31:32 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Mon, 09 Jan 2023 05:31:33 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Mon, 09 Jan 2023 04:31:32 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43963600015251604444554012199002&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: D972DA1A:BA6C_91EFC182:01BB_63BB98A4_91082AF:11271

GET
H2 200 / Show response
adv.office-partner.de/ Frame FBE6 930 B
931 B 184ms
30ms Document
text/html 2a0b:4d07:401::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D&documentReferer=https%3A%2F%2Fuxwing.com%2F&ancestorOrigins=https%3A%2F%2Fuxwing.com&random=1136064087148&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:401::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Mon, 09 Jan 2023 04:31:32 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Mon, 16 Jan 2023 04:31:32 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: atvi

GET
H2

200

htlp Show response
futalis.de/ Frame E43A
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=43963600015251604444554012199002&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2021607512

350 B
409 B

128ms
27ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2021607512
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D&documentReferer=https%3A%2F%2Fuxwing.com%2F&ancestorOrigins=https%3A%2F%2Fuxwing.com&random=1136064087148&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Mon, 09 Jan 2023 04:31:32 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2021607512
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame A1D8 2 KB
2 KB 202ms
87ms Script
text/html 13.41.252.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=43963600015251604444554012199002&nw=1
Requested by: Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.252.217 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-41-252-217.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 71a0ccc71c6bce103a4408f8545db4735081c9d832a5bc3a1621001c369e46cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:32 GMT
last-modified: Mon, 09 Jan 2023 04:31:32 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 09 Jan 2023 04:32:32 GMT

GET
H3

200

activityi;dc_pre=CIurte_TufwCFU1DHgIdG8oPRg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707 Show response
5994599.fls.doubleclick.net/ Frame C7B1
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIurte_TufwCFU1DHgIdG8oPRg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707?

391 B
237 B

269ms
228ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CIurte_TufwCFU1DHgIdG8oPRg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707?

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

596d04780bb29c21b68e49559c889369a470809e95dc9d169bd829030742cef7

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 214
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:33 GMT
expires: Mon, 09 Jan 2023 04:31:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIurte_TufwCFU1DHgIdG8oPRg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90002.redintelligence.net/ Frame A82A 7 KB
2 KB 77ms
27ms Document
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request_content.php?s=43963600015251604444554012199002&a=9ab01f7e
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aac624f833&subid=&uid=94a42156028af8a1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC6K5Eo5i7Y--MGpmi9u8PhrCt4Aem5b2gaa2VnKfJD_AuEAEgrO7wlwFgldr9gZQHyAEJqQI8k0UEytuxPqgDAaoEkQJP0KRQ8_qcWRIlLcxXeBIeWnjNLZ1HOfm_BbuiFB0DdKtvHoR4mjPsWFPEJ12OFyB7wyQundlDSJ2QddF3KAO4YSMzw2OmW4gPBcAiVjliccGVmyGqNzSTvt1KEliZRUWYXeTIt2wrcD7cCuWwkn5hvAHawhYuTXWA6I0Wh9krHl6Rk0gqo9bl2KYlLTRgOOUv0czA_lWCGftLLEW16iSEYKec1Qw5XUkTwCke9CZnv2BG46FOSsKejO-J3PiOi5SOM1Pzn3RuqdwqH32zIs6Q7wJrWwswLmaIbIY3aCdsMiGigcb-RNb7kbkZrGzs-UugEptYmtceSw4LqhQfDPyzjFbQdGm_GMxuvZWaRJARlFrABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT%26sig%3DAOD64_32aWoAhmc9lgwHWs8Gx_AUbczUKA%26client%3Dca-pub-9797459212931368%26dbm_c%3DAKAmf-CnytjmTrpcwefcEpUXRc0hrEeuuhL8SHj6QJIUzx2InFD6C5Ef0JSUCnOPclKxTmPjyEX23060Vo7UaBMGrpwXEt8BlnlPJl6S2aRReDyhzE7ouJIkwd0SbApj__i-CpKmVPUMAcR_4lEFojCkDErL5ttUMRZBQWYCGQ5g5uaCFL_x_yw%26cry%3D1%26dbm_d%3DAKAmf-AsepO10-AFBejabvMQ6t9h0PgWg2wRi9lVehjQ8ab6uIknNn40HjHtBPYlOcyTUWRvumO7UTuPfEDc_fIg53VSVP7n4i0dZmtjNYGGzLDTDExWYj2OOPUZEyrPP758p2a6Xc0nQ0wdZjrfd9bkdKoaBnEJoksXoM5kJJbvPMm7oQ7nPj4DpMg1ASOoDXapivyxUziyTEUvli3p20TqT-5vsHC9TRseua647iHf6WflRR9MAztnUxZ0iFXA1N_5_BnPVGB1NX7NF9TEiz9lGT0Qtm3Aki5vuCGqhrv7HIw5DeANiD2IZ_j8qC34dAw6Q3hvAjbZ4EjwsxjZvKT8MO_QjQI-6vPH97JIOF3oO41tyEnabGghJk7-nYVOoZrmNx0mACGeUAHq_vXq3uTb6x0Gf9BYVRlr23lRxblSBibcsJAARBwqy_dJKZmaTWME2tZxCyzjmoNeGNbcUpp4RXX8pUYDbzi8gkVvq_IEtXJdQs4oSbd7M7o4DR87Lm5wyLC1jt7kpoSB0ujj6OJR7zVg-wjzh-VbIpZb2pE-ZYaHJTokOTg%26adurl%3D&documentReferer=https%3A%2F%2Fuxwing.com%2F&ancestorOrigins=https%3A%2F%2Fuxwing.com&random=1136064087148&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 8b11492d2f12dfe8cdebe872bf23eabd6ce3643f956a2306f890ad247ff0809d

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2041
Content-Type: text/html; charset=utf-8
Date: Mon, 09 Jan 2023 04:31:32 GMT
Expires: Mon, 09 Jan 2023 04:31:32 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame A1D8
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43963600015251604444554012199002
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43963600015251604444554012199002
https://ad-server.eu/wm/pb/native.png

68 B
312 B

247ms
48ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:34:38 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Mon, 09 Jan 2023 04:31:33 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972DA1A:BA72_91EFC182:01BB_63BB98A4_911A15B:1126F
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 688D 0
20 B 59ms
58ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPAv4pJi7Y_n0EtK6x_APkPi86A8AAAAAOAHgBAI&bg=!dnWldTHNAAYDMoyoIzI7ACkAdvg8WoicI08v230w0UR9GFz0eo4tKgloWqYc4YW2u3XlAxsGC_7yjQIAAACRUgAAAAJoAQeZAukjVeGrgC7FgKzrCFfYxR2ocYZFcghANzvEU63IPClCMNx9fmm1xS7Ju8WGRUTr7rrq_LSE7XfAba9c-ZQeZT8QrX7jtSs0IH3zOIzLk9oom1zvVlaDTt3G8yybkzSD4wDgnagbGFTDLTK-eoL5rADSXa6TS7guFNfN8PBXNAMr7kjkM-zCCeI-0G14DYO0861GdFfHcGs0tB1RzM6QC4rwYyDXgsXo-jb1Kcs058RNUsYy8hMUqPw8xucQnZEnQcIiFE_GtM_FQhOeP7h8kuC0OQsV-s6q85XJoCtCwCrz1LlB0vcjjBHowUkySU4xuHXDyS4-N14NThM__GuOS4sGmp9uYkSEWiz0ORialiQr8u4wbM60XLiVNiCfbZ0M0yOitvWMkbdzTAa2yUOwTflissJcijlSa_gpNCRLtpCzhkA7yoeLdqKLPHs5WeRTR32NVtu0HaB4E8I73TbVHXpyG3_dD-PbfZjiPtXekn_er-YbETXdbJmfltGMknQGJGkpUzvM1uZZdtEDN2Y6GIwQhSczTsi-rxXzHmPwvndTyz262rfRDfb64OyOC5kTX207Veni2rkikd5KSNTxstPUqnSE2i77D2qqNce67MVEGqGWiTGnkQCK9IDKWCvEnje56vr_zFxNU3CaZspYbvaqB4bK5Hq12kn6mhE4keAr2cjraz2q-yIZgmq_6olLyYmRfUZglMPW2uyMUNi7ITAjXHPCHywXnXMOukmf_QE3PUgyr6PiSGJmqYSDJPsWGfKj921b_9Nf5OsuOq6hoHeSqa3xLQ4DRQsQp_i3RP0EnBiiDitEh_alRX9g_fb0S_qohkr3KllQbweLjadJGDg8x6tKtKCRvJ3WlEs_XpGS43-lzmks6jP8u8EhTFgtq8QzvjfokpmSHZaYoR35lA5C_3XqoSd6YKUAPDl4MUPjI0Io0LbbFdOSAowAZnydCRepBqJOnmGkurRjT4UjewFM2Mmwoj9qDr3r

Requested by

Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame A82A 4 KB
651 B 56ms
56ms Stylesheet
text/css 2a00:1450:400d:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=43963600015251604444554012199002&a=9ab01f7e

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 09 Jan 2023 04:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 03:43:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Jan 2023 04:31:32 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame A82A 11 KB
12 KB 77ms
27ms Image
image/png 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=43963600015251604444554012199002&a=9ab01f7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 485702b3ccdb83942c333107b9aebdabe1e1053054c66047f17da8cda3cb0c46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 11597
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame A82A 12 KB
12 KB 77ms
27ms Image
image/png 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=43963600015251604444554012199002&a=9ab01f7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 7ddb44528a3398040965311481409cf46c0b7c54df6be02a0c8a0f67bf60916a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12111
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame A82A 9 KB
9 KB 196ms
145ms Image
image/png 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=43963600015251604444554012199002&a=9ab01f7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: b7a37b6266cdd95ced9fc7e207105594b7067799235b34bc7e2ed40a0b62f932

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9507
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 258fc971298fe59b0a210a2d976464f0.png
s0.2mdn.net/sadbundle/16022799638844030706/media/ Frame A2C6 4 KB
4 KB 34ms
33ms Image
image/png 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16022799638844030706/media/258fc971298fe59b0a210a2d976464f0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fddb32fd87cc1b154ab516d6a07e4a3f371cb3d5ec1999025412361d4b881ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:18:20 GMT
x-content-type-options: nosniff
age: 123192
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3851
x-xss-protection: 0
last-modified: Mon, 12 Dec 2022 10:38:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:18:20 GMT

GET
H3 200 6b4e4d6d5788eef0d2df6761e18aaf8f.png
s0.2mdn.net/sadbundle/16022799638844030706/media/ Frame A2C6 3 KB
3 KB 35ms
34ms Image
image/png 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16022799638844030706/media/6b4e4d6d5788eef0d2df6761e18aaf8f.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c1aa14f61547e7fe7dc150a4a0c582be9565fc1c0431fc0a262f3d770f7fbef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16022799638844030706/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:18:20 GMT
x-content-type-options: nosniff
age: 123192
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3241
x-xss-protection: 0
last-modified: Mon, 12 Dec 2022 10:38:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:18:20 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A2C6 16 KB
16 KB 104ms
36ms Font
font/woff2 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700|Roboto:500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 04 Jan 2023 19:34:12 GMT
x-content-type-options: nosniff
age: 377841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 19:34:12 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A2C6 15 KB
16 KB 100ms
33ms Font
font/woff2 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700|Roboto:500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 04 Jan 2023 19:33:08 GMT
x-content-type-options: nosniff
age: 377905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 19:33:08 GMT

GET
H/1.1 200
OK viewability Show response
hal90002.redintelligence.net/ Frame A82A 0
150 B 74ms
25ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/viewability?s=43963600015251604444554012199002&a=0d1a11be&vb=m
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=43963600015251604444554012199002&a=9ab01f7e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/request_content.php?s=43963600015251604444554012199002&a=9ab01f7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:33 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame FBE6 105 KB
41 KB 129ms
61ms Script
application/javascript 2a00:1450:400d:80d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1fe356b966f9815d0c3111f6ac4a09485a9bafec75a5c8fe63d9c5a2f93f6534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41879
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Jan 2023 04:31:33 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame A1D8 85 KB
31 KB 87ms
22ms Script
application/javascript 65.9.66.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=43963600015251604444554012199002&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-110.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 17:40:54 GMT
content-encoding: gzip
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 39040
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ooqMPVZhEE3NmUIJsXxkyQ5OZ9EM76qIlyFjblWAM5frbE3UYQwP4A==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame A1D8 3 KB
3 KB 76ms
20ms Image
image/png 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1673238992&Signature=b2mhEciggob0bCywFHJFHgtLeSg-shfE5ULcTYkFyXA1DwsknutL6BLxYzFMlnRquzIDn4KuEbxK3NNp1eS5MtIxRE6XW31veDdHrd8Z0UySZ~1WN1oIv3xe~ynUuU0RRIjwJAt6~ot6cZLUZaHcyUF9GUmJOqBDULzPSGxR1qZ57jx8rXt~7tAhllCl7iX9YX2Qk4bPRQs660oDT1ju-Zd22wQioTBE693tKyHDmbo9ne5zsG2AGrdsRmPtTZKoDP~cfO82zQIN-ivRHbhdEwAyC6DuP0sXJvQf~oKQU2YbhMGvzjxHITe4g0ad2NnnKp7cxvJJGHy6wNa4K6MLBw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
URL: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 09 Jan 2023 01:07:22 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 12252
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: zr4wOh5nvh_MgQOheX4Omf6J0UZlMr20Or3bdO1cZgoIDEin7GqDSw==

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame E43A 5 KB
5 KB 23ms
22ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2021607512
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:33 GMT
last-modified: Fri, 21 Jan 2022 14:35:51 GMT
server: Apache
etag: "14aa-5d6188919baaa"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5290

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 115E 0
0 103ms
59ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstbGAsMfCNrXk7b2LqgH8JH3X6lkbrRuXScXzljtKmhXKbjhZECLOiyX6yFjtI5wCtlccgWAiQ44BdDl0kH62FQrhBcxmVCiCd1HA2aiIks99BkHb8Fw0sRIkzKmaiRM2Yqq8z9k_E0usvxgTise8Mjbpf-sBTX9R9x-qRyGu0A78jkSIZGY4qRsnZB8nr3oA-Fxj_TNSJKUD5AxLl1bzvURQJzhOE-1Tw7tdxQPW-O0BUCWZ8rGf9dQFAkj-Gg7IPIBBYz4UEH8iOXY8noVofXTK1fbxxC-9K39HkL9x5XVqY4y7fgbcVIY-fEib5MXkhQ031bCSTNUsxQOKUFBTNZbjQhdTQPIbx5pb4BD8KDUvgQgXYtGxmsloHnNdxXXkj9Mh5zG2meKj0IzPlm_uQ-6fYFYYIubNX5qC8qi7nExRMi77M4zst1ZNndXGlQEmnpUYyo4gKAH5lZPykdVZD-tcVUJBv4ZvEUNrZooA9T0fcekbDR9DbQyeYvfs1RkYhDqhYidsToq5N6ZcuJLM5EXXHClC_Bg7nPhCgv7TYArFF_3OivTTHl2cay99yxpdCEY36CPC6DCg4Qmz5MjHXfjZUEM137iJDUDMmFpGW_d0cFUCT39CH4p-1OGPHf3XcTPTCI0cYz2sRTcyh75PSrAsDYBq0zQgIntwBc2jmlS33640JN2q3PvjagHEPK0SNsp_Oom_aTdj-Bsw7KAkwGKJTBkJc6YOzMhgLR0Z9ZYLZKthyKMVY7IzZHsSD65AzzBibW22jJKga8FgOE8fxbf6rwrPCG8lTAKLlfBWCQMr7gh_qlgS-Uwkcu2gKWsRz3rgipMd4xQ7YImxIltnfZ6QsAbP7EEhjpfY4Kq9y0Oolo_tblxt7MkhBnOmoDIVqbSBfKMCTvUGSTMcOBYQP05pL9Plyx-IFsoqB5q7LyIfRc4pUA8Exr9DC7PF6X9ll6TqvaS0x1kkmqtz3ta8Z0YYPGP_TPyHJppJCMn3zaFdO9YGXDosnN8jXBACVPTC57ZfaugXGnJ81ALyztdQD3-myJ5ZP9QLtMk2sdqAHD6idIFNdBmhfU20qcd9DFZ8SCajlFxBTZ2OfSi-yozLYYVt2b-lKndhbKqkkZWcviIkmEGPvC_6aUefRR5RsrQhyJAbLpsB4N24DH1cqTKLYjD2t9Spo5XX3sTf2rMJZA3dDnuwZKC71lDyPxhjz5ueOEsekhvi3n_nIA3vZtWiIF5SWbpcit2jYdmzzsFxthMw-ph99-JSlRniKwY-TqGsYHKABXHgvz2Ovw1-lyPrg&sai=AMfl-YRsLws8RlQCwg_5iikPZkzgvacTVND-r2l7HkFnCrskkf_VotGDAxfyPIzgYISnyVxP2_EBYOika9XFQrjtMvYStMHm4SW3gcJntv6qMTvAkDAo5p0Vcqe1LsbZQwhMQxUK1yRyY3iV7mpbafuDpp6rprWJ7lUmVmhQHD0f3i2PdFMulCRfHvrJW1hLvMaUm_oeVXUiQOu9d4EJ2o48PLk_uEA9vvm4-6SOtJb4-hVjSulIhAfgvovVnv0rhfcfMGLpuuHuczcIuJ4J0CwDYDu1sQw8B-KIwXXX5XNaVX2EAmG3VSLthYd2ksE6RMjj&sig=Cg0ArKJSzGUEureoOxQ6EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=696&vt=11&dtpt=479&dett=3&cstd=215&cisv=r20230104.83205&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: uxwing.com
URL: https://uxwing.com/enemy-ghost-icon/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Jan 2023 04:31:33 GMT

GET
H3 200 dc_pre=CIurte_TufwCFU1DHgIdG8oPRg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707
adservice.google.com/ddm/fls/z/ Frame C7B1 42 B
63 B 137ms
69ms Image
image/gif 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIurte_TufwCFU1DHgIdG8oPRg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIurte_TufwCFU1DHgIdG8oPRg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4291464957790.707?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 115E 42 B
64 B 98ms
57ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstT8Kaxj1mXxbJJfvcARQe1r_Tw3EnxepCa5vTWH8WMfi9TuNuDYwasBdr2XKemm8IDlJ-c5E6b301mzvjtNq1HdOGFXHH3AvayhUyw5of6cDSFBQzzXKvRxBg_ROttv_p9q4l5NA&sai=AMfl-YSMbeYRc9uX03T9O_WCUtyg_LwJScc3iNgrWyswiw2nIJsOrNK2yyWx7QDSMVxNguDrHglnHFZ55X1E-vTFGXzo6Cso4wzRHLayW6Mk0wO-2jUq1_SwROI-6nB6SYw2IUQ4sK7bVgSq7vHSY2P6&sig=Cg0ArKJSzM2AXSRKRLZEEAE&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT&id=lidar2&mcvt=1000&p=664,121,914,1091&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3431647428&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673238692067&rpt=425&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5223 42 B
64 B 59ms
59ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvqkgqo71JkWAIV_bK8cUoKEhi10Of-DkAlvQRmxxXRiGHLidq4G7rQkgA3_IEDaeP-bFcDWLJuHrvJBwYl3Dib9FmpmvEZIGr2ssJJT0otlKp4NZOwbvzk3TseRjqAZ4sKf5f1XLe3zpiO15O-dbOUhZ-44YOgycK3&sai=AMfl-YSFZChgA7uDyN0vTepXK3iQ-I0OAafYUZUMx1yIvkhOlCbQeI5NOI2co4Q0sdC8W2UwELJrvtuLTBCjM-3Wgb1lXAd6qLIrjAfvpOMPRET6_hOC8dtQP5xyOgtCPbQe8ep06DNaUi4c5DTfemGa&sig=Cg0ArKJSzK0M9Fk8nZ1jEAE&cid=CAQSTADq26N9nmElTyoHABEhhEXQS8iKvjB6ZN7xPaUxOdnUhuBtZVLVfxlSU_B-i0TdG15-LsvjRvZRpc5Lobi0wfXYxnwWV1LxqeadZlMYASAT&id=ampim&o=1185,96&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=486&tls=1486&g=100&h=100&tt=1487&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uxwing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame A1D8 16 B
232 B 153ms
152ms Fetch
application/json 18.169.88.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.169.88.73 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-169-88-73.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 133ms
34ms Preflight 18.169.88.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.88.73 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-88-73.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 09 Jan 2023 04:31:33 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 115E 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5153888036843&version=m202209210101&ct=76&x=1&cor=13611774040817640000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 0D84 281 B
554 B 76ms
22ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 09 Jan 2023 04:31:34 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame BC42 16 KB
6 KB 154ms
34ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=20767
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 09 Jan 2023 04:31:34 GMT
expires: Mon, 09 Jan 2023 10:17:41 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 87DA 0
91 B 65ms
29ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 09 Jan 2023 04:31:34 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 1BFB 52 KB
17 KB 224ms
39ms Document
text/html 23.203.124.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.203.124.180 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-124-180.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 09 Jan 2023 04:31:34 GMT
ETag: "623de86a-cf34"
Expires: Tue, 10 Jan 2023 04:31:36 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame C392 0
0 24ms
23ms Document
text/plain 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1673238689894

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 7098 8 KB
4 KB 86ms
21ms Document
text/html 13.32.27.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-99.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e4a250ad3ac07b9adfce39197341a30bc1623902a753e8a7ae0324e7cb53731

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 81666
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Sun, 08 Jan 2023 05:50:29 GMT
etag: W/"500c31eb3dcfb8f2a7dc0893b86a487a"
last-modified: Thu, 01 Dec 2022 19:37:41 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 22b9ddafebf39d72780d68dad970d218.cloudfront.net (CloudFront)
x-amz-cf-id: zhf-5z2Mgu5xfDENmpaIcXa9l7l2q9Ac2cRtS4gUWKshCYRTeEHdEQ==
x-amz-cf-pop: FRA56-C2
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:5838c8c3-64c9-4519-918a-548b86a0fef3
x-amz-meta-codebuild-content-md5: 86c7b5baa8ca6b64006191aa90b9f19a
x-amz-meta-codebuild-content-sha256: 7a0197b444a3c5a5c4f92ccd56438fcf44932f5518b7cae8f7a5ec6b1a094ad5
x-cache: Hit from cloudfront

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 16F0 23 KB
8 KB 144ms
49ms Document
text/html 92.123.38.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C345%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/uxwing.js?1673238600000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.38.97 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-38-97.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

908b2440f97770b498ce3cabad9f30c77a20ce8e0487fb47fdbe6b6ca66cfe66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://uxwing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8348
content-type: text/html; charset=UTF-8
date: Mon, 09 Jan 2023 04:31:34 GMT
expires: Wed, 11 Jan 2023 04:31:34 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 0D84 34 KB
10 KB 22ms
22ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: aca8f26cd0c3dec0c3593541c6f4e3f8edaabf5b778aef823131f7d3fbe108ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:34 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Jan 2023 11:12:49 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=24129
Connection: keep-alive
Content-Length: 10067
Expires: Mon, 09 Jan 2023 11:13:43 GMT

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame D8FC 5 KB
2 KB 168ms
43ms Document
text/html 34.252.169.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.169.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-169-9.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 38c85362d5e857e9dbce42804d90f107d3b31fa07189e6d8f433ada30917cb04

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 09 Jan 2023 04:31:34 GMT
etag: W/"082c79d257558c64f21dcdf1616ac3cc8"
server: nginx
timing-allow-origin: *

GET
H2 204 /
onetag-sys.com/usync/ Frame DE65 0
0 23ms
22ms Document
text/plain 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame 1BBE 1 KB
1 KB 218ms
31ms Document
text/html 185.86.137.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: a0ff7f289b36c357613ee1452be11d73361b96fd54efe4b6bb8153386a69bd3b

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 1081
content-type: text/html
date: Mon, 09 Jan 2023 04:31:33 GMT

GET
H2 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame 8C48 2 KB
1 KB 107ms
41ms Document
text/html 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dbee374fbb2b7a67e2e4d478e5186e9bc00f0e9d1c3bdac3da0aa65cd643a1b

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 786a71b05a042bb5-FRA
content-encoding: br
content-type: text/html
date: Mon, 09 Jan 2023 04:31:34 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kyr%2FHfhTMVnzJblkbqu6UF36XfgXilgLHAUbUs%2Fzy8ERrEOajNn%2Fz%2FpR7rLwg3ntp1SNh2ogNCxddgD61E4ePSMe50Fvd7yBAHWFm0mnkjIW1ti6MTDvtPTFiywRjc5G0Crr5qexCBYjxw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 7553
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

281 B
554 B

22ms
22ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 09 Jan 2023 04:31:34 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 09 Jan 2023 04:31:34 GMT
location: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
server: AkamaiGHost

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 7D00 16 KB
6 KB 42ms
33ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=20767
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 09 Jan 2023 04:31:34 GMT
expires: Mon, 09 Jan 2023 10:17:41 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sync-iframe Show response
cs-rtb.minutemedia-prebid.com/ Frame E36B 0
484 B 179ms
111ms Document
text/html 2600:9000:2057:f200:1f:4c18:bd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f200:1f:4c18:bd40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://public.servenobid.com/
content-length: 0
content-type: text/html
date: Mon, 09 Jan 2023 04:31:34 GMT
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-cf-id: cm_qRTjO7lBBwehViwT9UC-fj7838dYs9INnDebKLXmrhqJXvhfGWg==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-reason: could not perform CS due to GDPR policy: gdpr is not applied

GET
H2

200

sync
ads.servenobid.com/ Frame 7098
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=233672054626603939

0
344 B

183ms
183ms

Image
image/avif

44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=233672054626603939
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Date: Mon, 09 Jan 2023 04:31:34 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.26; 217.114.218.26; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f89a4dfd-8b84-4ca0-9faf-d3f1afdff1b9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://ads.servenobid.com/sync?pid=312&uid=233672054626603939
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 7098
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=F9KPsRZHcBQrbrz6QsOSLsbq

0
350 B

184ms
184ms

Image
image/avif

44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=F9KPsRZHcBQrbrz6QsOSLsbq
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:34 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=F9KPsRZHcBQrbrz6QsOSLsbq
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 7098 0
277 B 162ms
27ms Image
text/plain 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 09 Jan 2023 04:31:34 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 7098
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1673238694467
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6833280706

70 B
264 B

144ms
44ms

Image
image/gif

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6833280706
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
etag: RXa80dcb22b78a4a9882cdd532b260f5fc003
content-type: text/html
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6833280706
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 7098
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5142336721249737748

0
344 B

189ms
187ms

Image
image/avif

44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5142336721249737748
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5142336721249737748
Date: Mon, 09 Jan 2023 04:31:34 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame 7098 0
500 B 510ms
110ms Image
text/plain 69.166.1.12
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.12 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:34 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-177
Content-Type: text/plain; charset=utf8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 7098
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=7cea61c4-452f-4b39-b559-fecbd2079122&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
356 B

183ms
183ms

Image
image/avif

44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=7cea61c4-452f-4b39-b559-fecbd2079122&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=7cea61c4-452f-4b39-b559-fecbd2079122&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Mon, 09 Jan 2023 04:31:33 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 3
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 7098
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true
https://ads.servenobid.com/sync?pid=337&uid=y-lKTaT1xE2uGpSFObtVSPJJ2droq2BfD2yjaBNXw-~A

0
367 B

185ms
185ms

Image
image/avif

44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-lKTaT1xE2uGpSFObtVSPJJ2droq2BfD2yjaBNXw-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-lKTaT1xE2uGpSFObtVSPJJ2droq2BfD2yjaBNXw-~A
date: Mon, 09 Jan 2023 04:31:35 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 7098
Redirect Chain

https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID
https://ce.lijit.com/merge?pid=279534&3pid=ua-7b1b0159-7fe9-3566-a99c-38ddaf31d00c&gdpr=&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNI...

0
465 B

26ms
26ms

Image
text/plain

216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=279534&3pid=ua-7b1b0159-7fe9-3566-a99c-38ddaf31d00c&gdpr=&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNID%5D%26r%3DCid1YS03YjFiMDE1OS03ZmU5LTM1NjYtYTk5Yy0zOGRkYWYzMWQwMGMQ____________ASpTaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzQ2JnVpZD11YS03YjFiMDE1OS03ZmU5LTM1NjYtYTk5Yy0zOGRkYWYzMWQwMGMyAgwaOAE=
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Fri, 20 Mar 2009 00:00:00 GMT
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
X-MERGE: GDPR Optout true
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
P3P: CP="CUR ADM OUR NOR STA NID"

Redirect headers

location: https://ce.lijit.com/merge?pid=279534&3pid=ua-7b1b0159-7fe9-3566-a99c-38ddaf31d00c&gdpr=&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNID%5D%26r%3DCid1YS03YjFiMDE1OS03ZmU5LTM1NjYtYTk5Yy0zOGRkYWYzMWQwMGMQ____________ASpTaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzQ2JnVpZD11YS03YjFiMDE1OS03ZmU5LTM1NjYtYTk5Yy0zOGRkYWYzMWQwMGMyAgwaOAE=
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: no-store
content-length: 0
vary: origin
expires: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 7098
Redirect Chain

https://ups.analytics.yahoo.com/ups/58632/occ
https://ups.analytics.yahoo.com/ups/58632/occ?verify=true
https://ads.servenobid.com/sync?pid=339&uid=y-m6sn8I9E2uHvQFLHPUmRjsqroyMag2wt5ZkbsUg-~A

0
366 B

184ms
183ms

Image
image/avif

44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=339&uid=y-m6sn8I9E2uHvQFLHPUmRjsqroyMag2wt5ZkbsUg-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:35 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=339&uid=y-m6sn8I9E2uHvQFLHPUmRjsqroyMag2wt5ZkbsUg-~A
date: Mon, 09 Jan 2023 04:31:35 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 7D00 2 KB
3 KB 575ms
167ms Script
text/html 192.82.242.209
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=64915066&p=162412&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.82.242.209 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: b9c28ab966d19e038e5821a2733db756d65d81db627c63d3f827849f80acc73b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 09 Jan 2023 04:31:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 0D84
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=JlX2SS7xRhqLDEZ5ACZgMg&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=JlX2SS7xRhqLDEZ5ACZgMg

43 B
479 B

111ms
111ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=JlX2SS7xRhqLDEZ5ACZgMg

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 7HYVJCFT1R5MXS3AJAQ1
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=JlX2SS7xRhqLDEZ5ACZgMg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D84
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENPQjQ0MjctMTktNlYzMw==

170 B
188 B

31ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENPQjQ0MjctMTktNlYzMw==

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENPQjQ0MjctMTktNlYzMw==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 0D84
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESECuQgpwYzSTOu3i8be4vo2A&google_cver=1

0
239 B

229ms
22ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESECuQgpwYzSTOu3i8be4vo2A&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESECuQgpwYzSTOu3i8be4vo2A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 0D84
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCOB4427-19-6V33

0
708 B

273ms
210ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCOB4427-19-6V33
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 2801B1DD97554368A5C448573D7DB5D0 Ref B: FRAEDGE1716 Ref C: 2023-01-09T04:31:34Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXxzT4IrVyEEQGWJWOmCw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCOB4427-19-6V33
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 0D84
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=TUS65Hl1Tcubor5Bp86xyw&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=TUS65Hl1Tcubor5Bp86xyw

43 B
720 B

121ms
121ms

Image
image/gif

52.94.223.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=TUS65Hl1Tcubor5Bp86xyw

Protocol

HTTP/1.1

Server

52.94.223.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: V6R2E5KA9C0ZGVYDP7YR
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=TUS65Hl1Tcubor5Bp86xyw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D84
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTAyN2YyZGIyMWM5Y2UxNmI1NmI0YWFiN2M0MzZiOGE0NGQ5ZGFjYQ

170 B
188 B

34ms
33ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTAyN2YyZGIyMWM5Y2UxNmI1NmI0YWFiN2M0MzZiOGE0NGQ5ZGFjYQ

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTAyN2YyZGIyMWM5Y2UxNmI1NmI0YWFiN2M0MzZiOGE0NGQ5ZGFjYQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 0D84
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/x5pN5Oh5j3765WHnVTE_7Mn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-pV67KKBE2oKkKCw.dp12L3JlEW0Q.Ng9F25CFw--~A

0
239 B

27ms
23ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-pV67KKBE2oKkKCw.dp12L3JlEW0Q.Ng9F25CFw--~A
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Mon, 09 Jan 2023 04:31:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-pV67KKBE2oKkKCw.dp12L3JlEW0Q.Ng9F25CFw--~A
content-length: 0

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 0D84 70 B
264 B 160ms
44ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 8C48
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB&dcc=t

43 B
855 B

118ms
118ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: PFFD6CNAPZKG9VJESYDZ
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:34 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: TGBVKMGR78CT5ECG22PG
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame 8C48
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENGiFDjqG9npXoBbO6oZeIY&google_cver=1

43 B
839 B

69ms
42ms

Image
image/gif

172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENGiFDjqG9npXoBbO6oZeIY&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H3
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8h2icGHhBqHic7BGkzJRmUvS8oKuheLDm8eH7a1RiNuunK7QEhoTvXPTFMy3bhAq2wlfNNy7MuMVJIeEOr3TliNLLMI6zumbyxwxSBnHRh6U%2B3p5Ty6fAgx48fAVLKWoSCQnvTPgKvrl2g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 786a71b11c702bbc-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENGiFDjqG9npXoBbO6oZeIY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 8C48 70 B
264 B 151ms
43ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 8C48 43 B
601 B 156ms
46ms Image
image/gif 2a05:d018:d29:3602:e21e:b28b:5a38:9bc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB?gdpr_consent=&us_privacy=&gdpr=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:e21e:b28b:5a38:9bc Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

rum
dsum.casalemedia.com/ Frame 8C48
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1673325094

43 B
870 B

121ms
46ms

Image
image/gif

172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1673325094
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zXlc5nN%2BYWdZcoIozlxh5r1IvnSWNJIS%2FhrZzPrunjByRvsvCilYvak7no3EgLTi6MoCEeHEy3NARjkBjRwDd2DT5lOONIRP1rdCaIOa3eQRLRltl6EPrN7t4DjeTbIAeqpyaqC4"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 786a71b27f0e90ef-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1673325094
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H2

200

ZMAwryCI
sync-tm.everesttech.net/ct/upi/pid/ Frame 8C48
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=Y7uYpgAKWU0RkwAp

85 B
165 B

22ms
21ms

Image
image/png

151.101.2.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=Y7uYpgAKWU0RkwAp
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Server: 151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by: cache-hhn-etou8220024-HHN
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
age: 1052
x-timer: S1673238695.737113,VS0,VE0
x-cache: HIT
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
content-length: 85
x-cache-hits: 2489

Redirect headers

x-served-by: cache-hhn-etou8220024-HHN
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1673238695.621594,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=Y7uYpgAKWU0RkwAp
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 8C48 0
191 B 588ms
171ms Image
text/plain 209.25.233.254
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 209.25.233.254 , Canada, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8C48
Redirect Chain

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=2655eb6f-6e83-f635-c2a313a7

43 B
766 B

67ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=2655eb6f-6e83-f635-c2a313a7
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

date: Mon, 09 Jan 2023 04:31:34 GMT
via: 1.1 google
server: nginx/1.22.1
p3p: CP='This is not a P3P policy!'
access-control-allow-origin: *
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=2655eb6f-6e83-f635-c2a313a7
content-type: text/html; charset=utf-8
cache-control: max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146

GET
H2 200 sync
ads.servenobid.com/ Frame 8C48 0
356 B 186ms
184ms Image
image/avif 44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=Y7uYpOfAh30dcfEuwBhyiwAAFAwAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 1BFB 0
860 B 27ms
27ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:34 GMT
AN-X-Request-Uuid: db95f90b-4428-47af-99a3-4ecb8306a394
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.26; 217.114.218.26; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 7553 34 KB
10 KB 25ms
25ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: aca8f26cd0c3dec0c3593541c6f4e3f8edaabf5b778aef823131f7d3fbe108ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:34 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Jan 2023 11:12:49 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=24129
Connection: keep-alive
Content-Length: 10067
Expires: Mon, 09 Jan 2023 11:13:43 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
https://usersync.gumgum.com/usersync?b=apn&i=233672054626603939

35 B
250 B

171ms
44ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=apn&i=233672054626603939
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:34 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Date: Mon, 09 Jan 2023 04:31:34 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.26; 217.114.218.26; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 2756d82b-d7aa-435e-a247-d84008099947
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://usersync.gumgum.com/usersync?b=apn&i=233672054626603939
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&gdpr=0&gdpr_consent=&us_privacy=1---
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=gumgum2&bsw_custom_parameter=7f447571-fd5e-4957-821f-136aa92ca3a5&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=1---
https://x.bidswitch.net/sync?dsp_id=283&user_id=fcce8206-6f02-4a3d-900c-333397a3f8a1&expires=1&user_group=5&ssp=gumgum2&bsw_param=7f447571-fd5e-4957-821f-136aa92ca3a5
https://usersync.gumgum.com/usersync?b=bsw&i=7f447571-fd5e-4957-821f-136aa92ca3a5

35 B
250 B

48ms
48ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=bsw&i=7f447571-fd5e-4957-821f-136aa92ca3a5
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

location: //usersync.gumgum.com/usersync?b=bsw&i=7f447571-fd5e-4957-821f-136aa92ca3a5
date: Mon, 09 Jan 2023 04:31:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sta&i=0-9ba7e1ab-e4ba-405c-6b22-cb98b7c4abee$ip$217.114.218.26

35 B
250 B

45ms
44ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sta&i=0-9ba7e1ab-e4ba-405c-6b22-cb98b7c4abee$ip$217.114.218.26
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=sta&i=0-9ba7e1ab-e4ba-405c-6b22-cb98b7c4abee$ip$217.114.218.26
Date: Mon, 09 Jan 2023 04:31:34 GMT
Connection: keep-alive
Content-Length: 128
Content-Type: text/html; charset=utf-8

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
https://stags.bluekai.com/site/23178?id=rNrRlU0Wc-ZDAJGQy-Ti&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LO...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT24SOOJJGYVJQK5RS2WSEIFFEOULZFVKGS...
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=rNrRlU0Wc-ZDAJGQy-Ti&us_privacy=1---

35 B
250 B

46ms
46ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=rNrRlU0Wc-ZDAJGQy-Ti&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Content-Type: text/html; charset=utf-8
Location: https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=rNrRlU0Wc-ZDAJGQy-Ti&us_privacy=1---
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 123
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame D8FC
Redirect Chain

https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7556077409

70 B
265 B

59ms
42ms

Image
image/gif

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7556077409
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
etag: RXa80dcb22b78a4a9882cdd532b260f5fc003
content-type: text/html
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7556077409
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://usersync.gumgum.com/usersync?b=pln&i=AFRHZDFTBRDg&ev=1&pid=558355

35 B
250 B

47ms
46ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=pln&i=AFRHZDFTBRDg&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location: https://usersync.gumgum.com/usersync?b=pln&i=AFRHZDFTBRDg&ev=1&pid=558355
content-language: de-DE
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-695db8c5d7-tjthk
expires: -1

GET
H/1.1

204
No Content

sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame D8FC
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobR...
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28zEYMDCmJ3XgH2jVzbHHHOTcN5yDcHtGsvLNN2CWJ6C_q_2x4LxFzgGO33SiA9V_x%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&obuid=ENC(zEYMDCmJ3XgH2jVzbHHHOTcN5yDcHtGsvLNN2CWJ6C_q_2x4LxFzgGO33SiA9V_x)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA

0
239 B

210ms
112ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 19ea072139d67f7022c6e463249c998e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA
Date: Mon, 09 Jan 2023 04:31:34 GMT
X-TraceId: f3037f043abd91a3c7c9f4181e0c17d6
Content-Length: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://usersync.gumgum.com/usersync?b=opx&i=a019c965-ebbf-4de6-8911-07ec06b0e8b4

35 B
250 B

163ms
46ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=opx&i=a019c965-ebbf-4de6-8911-07ec06b0e8b4
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:34 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

date: Mon, 09 Jan 2023 04:31:34 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://usersync.gumgum.com/usersync?b=opx&i=a019c965-ebbf-4de6-8911-07ec06b0e8b4
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 gumgum
pr-bh.ybp.yahoo.com/sync/ Frame D8FC 43 B
426 B 97ms
44ms Image
image/gif 2a05:d018:d29:3602:e21e:b28b:5a38:9bc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:e21e:b28b:5a38:9bc Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fuser...
https://usersync.gumgum.com/usersync?b=vnt&i=4ffb18b4-e9f3-4528-9f1c-64a0baa3a821

35 B
250 B

47ms
47ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=vnt&i=4ffb18b4-e9f3-4528-9f1c-64a0baa3a821
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=vnt&i=4ffb18b4-e9f3-4528-9f1c-64a0baa3a821
Date: Mon, 09 Jan 2023 04:31:34 GMT
Connection: keep-alive
X-CI-RTID: 18c913a3-c0e5-4c5a-8c14-2def764ff305
Content-Length: 108
Content-Type: text/html; charset=utf-8

GET
H2 204 services
sync.technoratimedia.com/ Frame D8FC 0
293 B 365ms
112ms Image
text/plain 129.158.42.199
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 129.158.42.199 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 596053602
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame D8FC 0
44 B 363ms
107ms Image
text/plain 8.18.47.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.18.47.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
content-length: 0
server: a

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://usersync.gumgum.com/usersync?b=idi&i=d44936f8-efc2-423e-b0c7-b3ab9d0e31c7

35 B
250 B

45ms
44ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=idi&i=d44936f8-efc2-423e-b0c7-b3ab9d0e31c7
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:35 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=idi&i=d44936f8-efc2-423e-b0c7-b3ab9d0e31c7
access-control-allow-origin: *
date: Mon, 09 Jan 2023 04:31:35 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame D8FC
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sad&i=590437383745507228

35 B
250 B

44ms
44ms

Image
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sad&i=590437383745507228
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Mon, 09 Jan 2023 04:31:34 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=sad&i=590437383745507228
date: Mon, 09 Jan 2023 04:31:34 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame D8FC 0
358 B 186ms
183ms Image
image/avif 44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200

0.gif Show response
id5-sync.com/i/495/ Frame 18C9
Redirect Chain

https://sync.inmobi.com/oRTB?gdpr_consent=&gdpr=0&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dinm%26i%3D%7BID5UID%7D
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=0&callback=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dinm%26i%3D%7BID5UID%7D

43 B
1 KB

87ms
26ms

Document
image/gif

162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=0&callback=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dinm%26i%3D%7BID5UID%7D

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: image/gif;charset=UTF-8
date: Mon, 09 Jan 2023 04:31:34 GMT
p3p: CP="CAO PSA OUR"
strict-transport-security: max-age=63072000; includeSubDomains; preload
transfer-encoding: chunked
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

Redirect headers

content-length: 332
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type: text/html; charset=utf-8
date: Mon, 09 Jan 2023 04:31:34 GMT
expect-ct: max-age=0
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=0&callback=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dinm%26i%3D%7BID5UID%7D
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 4011 16 KB
6 KB 38ms
35ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=20767
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 09 Jan 2023 04:31:34 GMT
expires: Mon, 09 Jan 2023 10:17:41 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 2F09 70 B
264 B 93ms
45ms Document
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Mon, 09 Jan 2023 04:31:34 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 3BE5
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://usersync.gumgum.com/usersync?b=mmh&i=586a63bb-98a7-4f00-93bc-acca023df0a5&gdpr=0&gdpr_consent=

35 B
250 B

45ms
45ms

Document
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=mmh&i=586a63bb-98a7-4f00-93bc-acca023df0a5&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:35 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:35 GMT
Expires: Mon, 09 Jan 2023 04:31:34 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 277 3f0ad7a master cdg-pixel-x32 config:1.0.0
location: https://usersync.gumgum.com/usersync?b=mmh&i=586a63bb-98a7-4f00-93bc-acca023df0a5&gdpr=0&gdpr_consent=

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 4CC6
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=Y7uYpgAJyssibgAe
https://usersync.gumgum.com/usersync?b=atm&i=Y7uYpgAJyssibgAe&gdpr=0&gdpr_consent=&_test=Y7uYpgAJyssibgAe

35 B
250 B

63ms
47ms

Document
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=Y7uYpgAJyssibgAe&gdpr=0&gdpr_consent=&_test=Y7uYpgAJyssibgAe
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:34 GMT
Expires: 0
Pragma: no-cache

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Mon, 09 Jan 2023 04:31:34 GMT
location: https://usersync.gumgum.com/usersync?b=atm&i=Y7uYpgAJyssibgAe&gdpr=0&gdpr_consent=&_test=Y7uYpgAJyssibgAe
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-hhn-etou8220024-HHN
x-timer: S1673238695.737446,VS0,VE0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame BA77 170 B
188 B 41ms
35ms Document
image/png 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV81NmQxZGZiYi03ODZmLTRjOWYtYWY3ZC05MDIwNTcwYmIyMmQ=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 04:31:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame F2D0
Redirect Chain

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID&b64_redirect=aHR0cHM6Ly91c2Vyc3luYy5ndW1ndW0uY2...
https://cs.emxdgt.com/umcheck?apnxid=233672054626603939&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID&b64_redirect=aHR0cHM6Ly91c2Vyc3luYy5ndW1ndW0uY29tL3VzZXJzeW5jP2I9ZW14Jmk9JEVNWF...
https://usersync.gumgum.com/usersync?b=emx&i=233672054626603939brt53601673238694984046b2

35 B
250 B

44ms
44ms

Document
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=emx&i=233672054626603939brt53601673238694984046b2
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:35 GMT
Expires: 0
Pragma: no-cache

Redirect headers

content-length: 0
content-type: text/html
date: Mon, 09 Jan 2023 04:31:34 GMT
location: https://usersync.gumgum.com/usersync?b=emx&i=233672054626603939brt53601673238694984046b2

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame BDD9
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://usersync.gumgum.com/usersync?b=sus&i=Y7uYp8Co8X4AAD66K7UAAAAA

35 B
250 B

46ms
46ms

Document
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=sus&i=Y7uYp8Co8X4AAD66K7UAAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:35 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Mon, 09 Jan 2023 04:31:35 GMT
Location: https://usersync.gumgum.com/usersync?b=sus&i=Y7uYp8Co8X4AAD66K7UAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Server: nginx
X-SO-Ads-Time: 1
X-SO-Cluster-ID: 0
X-SO-HostName: m-ad410.dc4p.scaleout.jp
X-SO-IP: 217.114.218.26
X-SO-Key: Y7uYp8Co8X4AAD66K7UAAAAA
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"Y7uYp8Co8X4AAD66K7UAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad410"}
X-SO-LB-Hostname: m-tgng26.dc4p.scaleout.jp
X-SO-Upstream-ID: m-ad410

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame A227
Redirect Chain

https://cs.admanmedia.com/sync/gumgum?puid=e_56d1dfbb-786f-4c9f-af7d-9020570bb22d&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa=1---
https://usersync.gumgum.com/usersync?b=aad&i=b8df4e8a-3e0a-4e48-ba00-89e2d734f918

35 B
250 B

44ms
43ms

Document
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=aad&i=b8df4e8a-3e0a-4e48-ba00-89e2d734f918
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:34 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Date: Mon, 09 Jan 2023 04:31:34 GMT
Expires: 0
Location: https://usersync.gumgum.com/usersync?b=aad&i=b8df4e8a-3e0a-4e48-ba00-89e2d734f918
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Transfer-Encoding: chunked
X-Frame-Options: DENY

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame BF3A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=189872&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D
https://usersync.gumgum.com/usersync?b=iex&i=Y7uYpOfAh30dcfEuwBhyiwAA%265132

35 B
250 B

174ms
47ms

Document
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=iex&i=Y7uYpOfAh30dcfEuwBhyiwAA%265132
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:34 GMT
Expires: 0
Pragma: no-cache

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 786a71b11c792bbc-FRA
content-length: 0
date: Mon, 09 Jan 2023 04:31:34 GMT
expires: 0
location: https://usersync.gumgum.com/usersync?b=iex&i=Y7uYpOfAh30dcfEuwBhyiwAA%265132
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gl46raIQ9uLCokxUFXVa9b2b%2B9K0uppSAwxVc2Vq6jox3to%2BPvBp5ANKfo0jGJF1fP2mISPjHri8g%2BJSbQm0fuzdsnLAT7zNHfv%2B92RnfxNR1HiyxDao3i4CxOwLEQXdGiR8UhNnGv07WA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 4876
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://usersync.gumgum.com/usersync?b=rth&i=B4lkDRGkv08DAqI0XiTd&pi=gumgum&tc=1

35 B
250 B

73ms
45ms

Document
image/gif

52.210.15.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=rth&i=B4lkDRGkv08DAqI0XiTd&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.210.15.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-15-1.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:34 GMT
Expires: 0
Pragma: no-cache

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Mon, 09 Jan 2023 04:31:34 GMT Mon, 09 Jan 2023 04:31:34 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://usersync.gumgum.com/usersync?b=rth&i=B4lkDRGkv08DAqI0XiTd&pi=gumgum&tc=1
pragma: no-cache

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame F8B2
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

27ms
22ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 09 Jan 2023 04:31:34 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 09 Jan 2023 04:31:34 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1D8 0
20 B 56ms
55ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2612637328997&version=m202209210101&ct=77&x=1&cor=11315967812400090000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://931bf30fe858f3c5fc2c5db2a6c7b1a1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 7553 0
239 B 519ms
111ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=duration_media&khaos=LCOB4427-19-6V33
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 9e7742894a018a40b59a2ed2117c85b5
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 sync
ads.servenobid.com/ Frame 1BBE 0
344 B 184ms
184ms Image
image/avif 44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=590437383745507228&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1BBE
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NTkwNDM3MzgzNzQ1NTA3MjI4&gdpr=0&gdpr_consent=

170 B
188 B

30ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NTkwNDM3MzgzNzQ1NTA3MjI4&gdpr=0&gdpr_consent=

Requested by

Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NTkwNDM3MzgzNzQ1NTA3MjI4&gdpr=0&gdpr_consent=
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2 200 bsync
visitor.omnitagjs.com/visitor/ Frame 1BBE 0
0 126ms
31ms Image
text/html 185.255.84.152
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://visitor.omnitagjs.com/visitor/bsync?uid=627080440e659fbe0f85333c665ae1de&name=SMARTADSERVER&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D117%26partneruserid%3DPARTNER_USER_ID%26gdpr%3DGDPR%26gdpr_consent%3DGDPR_CONSENT&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.255.84.152 , France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 1BBE
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=2108469629519813651&gdpr=0&gdpr_consent=

43 B
418 B

31ms
30ms

Image
image/gif

185.86.139.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=2108469629519813651&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=2108469629519813651&gdpr=0&gdpr_consent=
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 1BBE
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=ReCRQFZNVGjx&ev=1&pid=560288&gdpr_consent=&gdpr=0

43 B
434 B

31ms
31ms

Image
image/gif

185.86.139.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=ReCRQFZNVGjx&ev=1&pid=560288&gdpr_consent=&gdpr=0
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:35 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=ReCRQFZNVGjx&ev=1&pid=560288&gdpr_consent=&gdpr=0
content-language: de-DE
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-stage-0
expires: -1

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame F8B2 34 KB
10 KB 25ms
25ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: aca8f26cd0c3dec0c3593541c6f4e3f8edaabf5b778aef823131f7d3fbe108ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:31:34 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Jan 2023 11:12:49 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=24129
Connection: keep-alive
Content-Length: 10067
Expires: Mon, 09 Jan 2023 11:13:43 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame F8B2 0
239 B 90ms
22ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=LCOB4427-19-6V33
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 7E06 35 B
468 B 44ms
44ms Document
image/gif 37.157.5.141
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=F01AFD79-9B5B-4692-A6C2-23D35166E5F9&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.141 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Mon, 09 Jan 2023 04:31:35 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3F49
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7uYpgAJyssibgAe&gdpr=0&gdpr_consent=

1 B
217 B

201ms
33ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7uYpgAJyssibgAe&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Mon, 09 Jan 2023 04:31:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Mon, 09 Jan 2023 04:31:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7uYpgAJyssibgAe&gdpr=0&gdpr_consent=
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-hhn-etou8220024-HHN
x-timer: S1673238695.049171,VS0,VE0

GET
H/1.1 200
OK dcm Show response
s.amazon-adsystem.com/ Frame 86D8 43 B
855 B 126ms
115ms Document
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=F01AFD79-9B5B-4692-A6C2-23D35166E5F9&redir=true&gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Mon, 09 Jan 2023 04:31:35 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: QC1STZMCTE2A8VZNC2M8

GET
H2 200 bridge Show response
cm.adgrx.com/ Frame 238C 43 B
283 B 527ms
28ms Document
image/gif 72.251.241.206

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.206 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 43
content-type: image/gif
date: Mon, 09 Jan 2023 04:31:35 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: ams-delivery-4

GET
H2 200 sync Show response
ads.servenobid.com/ Frame 67B5 0
357 B 185ms
183ms Document
text/html 44.231.108.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/sync?pid=316&uid=F01AFD79-9B5B-4692-A6C2-23D35166E5F9
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.231.108.53 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-231-108-53.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
amp-access-control-allow-source-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-length: 0
content-type: text/html;charset=ISO-8859-1
date: Mon, 09 Jan 2023 04:31:35 GMT

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7D00
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8Br9eZtbRpKmwiPTUWbl-Q%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

34ms
34ms

Image
text/html

2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:35 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=20766
accept-ranges: bytes
content-length: 5554
expires: Mon, 09 Jan 2023 10:17:41 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 420486.gif
idsync.rlcdn.com/ Frame 7D00 0
98 B 108ms
30ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/420486.gif?partner_uid=F01AFD79-9B5B-4692-A6C2-23D35166E5F9
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:35 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 7D00
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=F01AFD79-9B5B-4692-A6C2-23D35166E5F9&gdpr=0&gdpr_consent=
https://spl.zeotap.com/?zdid=1332&zcluid=341f3732875f6c2f
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=5baaee8e-372a-4f6f-54a5-45b1f574dffc&reqId=de2d983d-b6a5-4afd-794c-7177e13607b7&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESEDXx4cj1xEHlyq_WU66Ur7A&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=5baaee8e-372a-4f6f-54a5-45b1f574dffc&reqId=de2d983d-b6a5-4afd-794c-717...

95 B
163 B

45ms
36ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEDXx4cj1xEHlyq_WU66Ur7A&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=5baaee8e-372a-4f6f-54a5-45b1f574dffc&reqId=de2d983d-b6a5-4afd-794c-7177e13607b7&zcluid=341f3732875f6c2f&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:35 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 786a71b58a692bde-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEDXx4cj1xEHlyq_WU66Ur7A&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=5baaee8e-372a-4f6f-54a5-45b1f574dffc&reqId=de2d983d-b6a5-4afd-794c-7177e13607b7&zcluid=341f3732875f6c2f&zdid=1332
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 7D00
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjAxQUZENzktOUI1Qi00NjkyLUE2QzItMjNEMzUxNjZFNUY5&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
245 B

634ms
169ms

Image
image/gif

104.36.113.107

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 104.36.113.107 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 09 Jan 2023 04:31:35 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 7D00
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEOe81BMvrg0n8giNrMacXM8&google_cver=1

42 B
376 B

633ms
169ms

Image
image/gif

104.36.113.107

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEOe81BMvrg0n8giNrMacXM8&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 104.36.113.107 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 09 Jan 2023 04:31:35 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 04:31:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEOe81BMvrg0n8giNrMacXM8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 7D00 43 B
610 B 111ms
27ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 08 Jan 2023 04:31:35 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 7D00
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2460668329877520288&gdpr=0&gdpr_consent=&us_privacy=

1 B
407 B

46ms
32ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2460668329877520288&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Mon, 09 Jan 2023 04:31:35 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2460668329877520288&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 7D00 70 B
264 B 45ms
42ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 09 Jan 2023 04:31:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 F01AFD79-9B5B-4692-A6C2-23D35166E5F9
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 7D00 43 B
602 B 47ms
45ms Image
image/gif 2a05:d018:d29:3602:e21e:b28b:5a38:9bc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/F01AFD79-9B5B-4692-A6C2-23D35166E5F9?gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:e21e:b28b:5a38:9bc Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:35 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 7D00
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F01AFD79-9B5B-4692-A6C2-23D35166E5F9&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-msODjCVE2uWHi0nzOpnaIjT7Su3ZnwU-~A&gdpr=0

0
260 B

551ms
169ms

Image
text/plain

204.237.133.121

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-msODjCVE2uWHi0nzOpnaIjT7Su3ZnwU-~A&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 204.237.133.121 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 04:31:34 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-msODjCVE2uWHi0nzOpnaIjT7Su3ZnwU-~A&gdpr=0
date: Mon, 09 Jan 2023 04:31:35 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 1BFB 0
860 B 28ms
27ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS