work.ink Open in urlscan Pro
2606:4700:20::681a:b77 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://workink.net/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
Effective URL:
https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
Submission Tags: falconsandbox
Submission: On January 29 via api (January 29th 2023, 7:52:59 pm UTC) from US — Scanned from DE

Summary HTTP 69 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 24 IPs in 5 countries across 20 domains to perform 69 HTTP transactions. The main IP is 2606:4700:20::681a:b77, located in United States and belongs to CLOUDFLARENET, US. The main domain is work.ink. The Cisco Umbrella rank of the primary domain is 897814.
TLS certificate: Issued by E1 on January 5th 2023. Valid for: 3 months.

This is the only time work.ink was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3030::6815:728	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2606:4700:20:... 2606:4700:20::681a:b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:400d:807::2004	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:d400:f:458e:2a80:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
3	2600:9000:206... 2600:9000:206f:a00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	23.35.232.201 23.35.232.201	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:116b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	92.123.36.4 92.123.36.4	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.15.219.226 52.15.219.226	16509 (AMAZON-02) (AMAZON-02)
1	13.56.39.236 13.56.39.236	16509 (AMAZON-02) (AMAZON-02)
19	2a00:1450:400... 2a00:1450:400d:80a::2016	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:211... 2600:9000:211e:1e00:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:206... 2600:9000:206f:e200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:206... 2600:9000:206f:5a00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.184.235.146 18.184.235.146	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:1901:0:8... 2600:1901:0:8344::	15169 (GOOGLE) (GOOGLE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	54.194.186.27 54.194.186.27	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
69	24

1 2606:4700:3030::6815:728 (United States)

ASN13335 (CLOUDFLARENET, US)

workink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:20::681a:b77 (United States)

ASN13335 (CLOUDFLARENET, US)

work.ink	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
redirect-api.work.ink	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:807::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:d400:f:458e:2a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.thisiswaldo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:206f:a00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.232.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-232-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:116b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.confiant-integrations.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.36.4 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-36-4.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.15.219.226 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-15-219-226.us-east-2.compute.amazonaws.com

thisiswaldo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.56.39.236 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-56-39-236.us-west-1.compute.amazonaws.com

ipfind.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:400d:80a::2016 (Ireland)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:1e00:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:e200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:5a00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.235.146 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-235-146.eu-central-1.compute.amazonaws.com

audit-tcfv2.cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8344:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.186.27 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-186-27.eu-west-1.compute.amazonaws.com

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 87	571 KB
13	work.ink work.ink — Cisco Umbrella Rank: 897814 redirect-api.work.ink	231 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	380 KB
5	quantcast.com test.cmp.quantcast.com — Cisco Umbrella Rank: 10347 cmp.quantcast.com — Cisco Umbrella Rank: 2796 audit-tcfv2.cmp.quantcast.com — Cisco Umbrella Rank: 11904	142 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 388 mug.criteo.com — Cisco Umbrella Rank: 2753	1 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2	41 KB
3	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190	158 KB
2	confiant-integrations.net cdn.confiant-integrations.net — Cisco Umbrella Rank: 1347	111 KB
2	consensu.org quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2961	45 KB
2	thisiswaldo.com cdn.thisiswaldo.com — Cisco Umbrella Rank: 48345 thisiswaldo.com — Cisco Umbrella Rank: 42614	104 KB
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 304	385 B
1	crwdcntrl.net id.crwdcntrl.net — Cisco Umbrella Rank: 1439	312 B
1	33across.com lexicon.33across.com — Cisco Umbrella Rank: 1656	245 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 904	625 B
1	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 979	10 KB
1	ipfind.co ipfind.co — Cisco Umbrella Rank: 61344	416 B
1	teads.tv a.teads.tv — Cisco Umbrella Rank: 1384	4 KB
1	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 463	62 KB
1	workink.net workink.net	660 B
0	rlcdn.com Failed api.rlcdn.com Failed
69	20

	Domain	Requested by
19	i.ytimg.com	work.ink
12	work.ink	workink.net work.ink
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.google.com	work.ink www.gstatic.com www.google.com
3	cmp.quantcast.com	quantcast.mgr.consensu.org
3	securepubads.g.doubleclick.net	cdn.thisiswaldo.com securepubads.g.doubleclick.net
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	fonts.gstatic.com	www.google.com
2	cdn.confiant-integrations.net	cdn.thisiswaldo.com cdn.confiant-integrations.net
2	quantcast.mgr.consensu.org	cdn.thisiswaldo.com quantcast.mgr.consensu.org
1	match.adsrvr.org	ads.pubmatic.com
1	id.crwdcntrl.net	ads.pubmatic.com
1	lexicon.33across.com	ads.pubmatic.com
1	audit-tcfv2.cmp.quantcast.com	cmp.quantcast.com
1	rules.quantcount.com	secure.quantserve.com
1	test.cmp.quantcast.com	quantcast.mgr.consensu.org
1	secure.quantserve.com	quantcast.mgr.consensu.org
1	ipfind.co	cdn.thisiswaldo.com
1	thisiswaldo.com	cdn.thisiswaldo.com
1	a.teads.tv	cdn.thisiswaldo.com
1	ads.pubmatic.com	cdn.thisiswaldo.com
1	cdn.thisiswaldo.com	work.ink
1	redirect-api.work.ink	work.ink
1	workink.net
0	api.rlcdn.com Failed	ads.pubmatic.com
69	26

This site contains links to these domains. Also see Links.

Domain
brightonclick.com

Subject Issuer	Validity	Valid
*.workink.net E1	`2023-01-05` - `2023-04-05`	3 months	crt.sh
*.work.ink E1	`2023-01-05` - `2023-04-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
cdn.thisiswaldo.com Go Daddy Secure Certificate Authority - G2	`2022-06-01` - `2023-06-16`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
cmp.quantcast.com R3	`2023-01-08` - `2023-04-08`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.confiant-integrations.net GTS CA 1P5	`2023-01-27` - `2023-04-27`	3 months	crt.sh
teads.tv R3	`2023-01-20` - `2023-04-20`	3 months	crt.sh
thisiswaldo.com R3	`2022-12-15` - `2023-03-15`	3 months	crt.sh
ipfind.co Amazon	`2022-12-04` - `2024-01-02`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
quantserve.com R3	`2023-01-10` - `2023-04-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-03-31`	3 months	crt.sh
lexicon.33across.com GTS CA 1D4	`2022-12-21` - `2023-03-21`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
Frame ID: 595E89F1960C55C8CBF7CE876E542E15
Requests: 57 HTTP requests in this frame

Frame: https://work.ink/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1675008000
Frame ID: BA033E249F150DD2F151C93BB994613F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSckcgAAAAADa4NiqiPWZBnTw9LyNml9nB9NrF&co=aHR0cHM6Ly93b3JrLmluazo0NDM.&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=vb4ioiccygtt
Frame ID: 754ACFB4ED7A09615490194C4B1EED09
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

bonn1e7hebunny-OF-leaks-MEGA0018 - Work.Ink

Page URL History Show full URLs

https://workink.net/2uF/bonn1e7hebunny-OF-leaks-MEGA0018 Page URL
https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018 Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Choice (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

quantcast\.mgr\.consensu\.org

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

69
Requests

97 %
HTTPS

65 %
IPv6

20
Domains

26
Subdomains

24
IPs

5
Countries

1863 kB
Transfer

4593 kB
Size

13
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://brightonclick.com/jump/next.php?r=6251878

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://workink.net/2uF/bonn1e7hebunny-OF-leaks-MEGA0018 Page URL
https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 64

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwork.ink%2F&domain=work.ink&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=S3x033xhRzJ1VXBzV1l0MHd5MU1NVGJUQk5iQmkrNUVCa3ladW0wb3JkS2t4S0JFZklBenJUNzAvUjJxOFZYNUJZU0VRUlpTY0s5L2xxaUlOZ2g0dTAra0lJaGVKL2sxNXJOS2JPMGZFcHAyMmFod1pxQ0lzTnJSOW5JWENNM3JjOS9MM214MHpiYm5GNGJrak0vQ2FTN0xUbDBZNjhSdlY4dEFsYndsdGpYWDFwSW5tSndKZUd1SWpKYnVOaEhJU0RLNjBDMEQrenI3UUVSOE1rcUNoNWUwV0RmaHVreDVvVXZLUkhzVXl3YmFUVUZjPXw&cppv=2

69 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 bonn1e7hebunny-OF-leaks-MEGA0018
workink.net/2uF/ 338 B
660 B 373ms
122ms Document
text/html 2606:4700:3030::6815:728
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://workink.net/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:728 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 791482c6587390ec-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 29 Jan 2023 19:52:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ipaTcDgiZ7f%2BwLxr0MZ%2FZHnzSNGWoZ8Xt01vfJNqHZTW8HtqohPLJuXRX0DTFV5m7zFfb0z53PYP84hpCH1BnsfCW7lqp0fJjuRso1Jlxw9wSNR8vXUhIVRUEzRVVhZchJlFl86l3WjdYg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 vegur

GET
H2 200 Primary Request bonn1e7hebunny-OF-leaks-MEGA0018 Show response
work.ink/2uF/ 4 KB
3 KB 235ms
124ms Document
text/html 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Requested by

Host: workink.net
URL: https://workink.net/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b5c4572c7b28bd24f825720710b4f757f60c5a8a3d58b39a99acb1348d57e15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Referer: https://workink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 791482c7eb3f9112-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 29 Jan 2023 19:52:53 GMT
last-modified: Sun, 29 Jan 2023 18:05:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHvOM7EkFmO92IAWPQ3eMl2QYJxriFRdc2JJ%2BZOSbu%2FALWPZSmphiN6uoV%2FhJqsuNV5vZqtNKp8sJFZdgo7xuAVnuwz4EFKERezO%2BtdZBN%2FIDa5U9Mwj%2FY1NZombkyDNC9F2sj3j"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 vegur
x-frame-options: sameorigin

GET
H2 200 chunk-vendors.f4c76a04.js Show response
work.ink/js/ 248 KB
88 KB 67ms
66ms Script
application/x-javascript 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://work.ink/js/chunk-vendors.f4c76a04.js

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a424708ce92c39a8623c95bb072983b9f7c098383632fc80b660370fb690a30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 vegur
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6710
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 27 Jan 2023 20:22:18 GMT
server: cloudflare
etag: W/"63d4327a-3e1c1"
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: application/x-javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8SvprgTd8kvHV%2BxOG%2F8vLBMb30TGQ5Ye%2B5sKi9UqQ5AXbGMJq6TdPUu424ASZNRystBLUGoE8L3dMijLec1ts56frx3ESFNTk7q11AE2CASTB9uPRPJceNB5ITqKsr5RfvH5MC8M"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 791482c8bc859112-FRA

GET
H2 200 app.5929b197.js Show response
work.ink/js/ 199 KB
88 KB 45ms
44ms Script
application/x-javascript 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://work.ink/js/app.5929b197.js

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b8517322d533f3d027d637fcae8d7a3bba40642c7791bef35588607a71c889c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 vegur
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6445
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 29 Jan 2023 18:05:14 GMT
server: cloudflare
etag: W/"63d6b55a-31a4d"
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: application/x-javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8prQKzXhA195B%2Fec0QaHWiqDzE3DzZ5%2Bep4G2Rvh9eFK7P70K%2B4TZQWwqm%2F9tcXjd8xFUIURcyWcOxLUihrEdau9DhLuFkmyfNkRwtnQdUwl5jcjeMvxu9aaO5Zb3YQ58mzT8imH"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 791482c8bc919112-FRA

GET
H2 200 chunk-vendors.3ded2ec4.css
work.ink/css/ 51 KB
7 KB 40ms
39ms Stylesheet
text/css 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://work.ink/css/chunk-vendors.3ded2ec4.css

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13f5033c8999b1545c9ba66fbe446c2e7ad282dc1c43a53cdf3a23df33a92411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 vegur
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4352
cf-polished: origSize=52731
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 27 Jan 2023 20:22:18 GMT
server: cloudflare
etag: W/"63d4327a-cdfb"
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NaUzUXym5RkU9WHPPec3A7DkxrCyMtzqleZgkMEcSPP%2ByNDKu4ofT6T3c4dLdvsHmltxp1%2FWOTBg49F2FjneB%2FoATAkbP7SQjTbHd89IPvwaX2Qx3%2Fgv5qF2WX3eCCLR8XE%2FAFrD"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 791482c8bc8a9112-FRA

GET
H2 200 app.d9adc65b.css
work.ink/css/ 25 KB
5 KB 41ms
41ms Stylesheet
text/css 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://work.ink/css/app.d9adc65b.css

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da4b247bcd2a67fe47ef4bfc1c9fe8d28d691952ac228a5a51c6149ff051f4f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 vegur
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6445
cf-polished: origSize=26101
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 29 Jan 2023 18:05:14 GMT
server: cloudflare
etag: W/"63d6b55a-65f5"
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6b%2Fl0HHB97gmzMcvunMvz5fT6gWEy4KQVGae42PGpIJQVd2ONPsVYENw4lYF1cx9mIo59yZ0U7NomfFrgQsncfDKX1DMslt87cu%2FBBqAjv38q1RAZZdsq4O%2BsXytsQPTxMiFwtXz"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 791482c8bc8d9112-FRA

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
878 B 162ms
57ms Script
text/javascript 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: work.ink
URL: https://work.ink/js/chunk-vendors.f4c76a04.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cf6b8e5810b81c2eb90ca7454bd6413ec5df5d2af382a764302b797006c43ef0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 558
x-xss-protection: 1; mode=block
expires: Sun, 29 Jan 2023 19:52:54 GMT

GET
H2 200 ping Show response
redirect-api.work.ink/ 61 B
594 B 165ms
97ms Fetch
application/json 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://redirect-api.work.ink/ping
Requested by: Host: work.ink
URL: https://work.ink/js/app.5929b197.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 5313fda21559155ec23b0bea9696bd7c9b29afc43d1d4714ba04f6fc0a2290b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"3d-ofTSjhvdFlE6ud5TdI4/M1wCHgw"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TP0S4LT4vW6d9kBbNEJWSOCKyngi4k%2FxUq4stHMUhs8YL7Jb8lC1%2FYbPeDAluiPlNe6L5xY9vNnXZtntBdrkZr4%2FYd0myv4YOtZQvZttcAQOX4CClQ%2FjEgXRO4ApfoHZB%2BHauFTcM6y1Zd46OKhzvG3D7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 791482ca084d917d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15d36e8f871b1cf84be33fa8f1ff0e5dc96a123ccc194da4520ae3d81b32329d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 invisible.js Show response
work.ink/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame BA03 37 KB
16 KB 28ms
28ms Script
application/javascript 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://work.ink/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1675008000
Requested by: Host: workink.net
URL: https://workink.net/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e9e9b331106cae0b1771ef3846f8eb805ea8b892556cb9fe20b4bbc196e63dd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YrSm8hfA082VhqlUpGKznPi%2F8mRmC%2FzQnIl78BoGMWylc1gaYMd2bLOtxJYVVLNrOW5XlWTrxNHSM88yrtyUChvxhSkLM6YcDJNqQ1HxetYeygb7Ny%2BP08INeyal5eFsbQgCCVC7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 791482c99c115c9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 s.js Show response
work.ink/cdn-cgi/zaraz/ 5 KB
3 KB 51ms
51ms Script
text/javascript 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://work.ink/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyV29yay5pbmslMjAtJTIwQmVzdCUyMFJla29uaXNlJTIwJTI2JTIwTGlua3ZlcnRpc2UlMjBhbHRlcm5hdGl2ZSElMjIlMkMlMjJ4JTIyJTNBMC4wMjA3MzIyNDYxOTE2MzA4MzIlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndvcmsuaW5rJTJGMnVGJTJGYm9ubjFlN2hlYnVubnktT0YtbGVha3MtTUVHQTAwMTglMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZ3b3JraW5rLm5ldCUyRiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==
Requested by: Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c2f536684fd0983d74f5cd8883fae4e75c5f575d37dd94d808bd0e60b60f4b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-max-age: 600
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://work.ink
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8t0YiC5dWzeWUCZMgT6vA%2BeZqrizpGi%2B20r6ONgqpLrGvbRbl4CWzuEF2l6ZbsSiBOixPZRPdBwt5%2BAnno8nV%2BGBKOhXPj0dAfaVLFo77T9%2Bn9Z%2FOKWEIE44O2c8W1MYSWzA3%2BW1"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-credentials: true
cf-ray: 791482c99c135c9e-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
work.ink/cdn-cgi/challenge-platform/h/g/scripts/ Frame BA03 21 KB
9 KB 32ms
32ms Other
application/javascript 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://work.ink/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Requested by: Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99fb3f10d055d2ba4a90c51c3883609f916e070a5ca7c99b8cead3f2ffee8f56

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TWnlSTPgXqzayvRlMBfCwNlATKk61PwzptPxHlugZLxSD1K9KZbAK7n3pLS1QajD5cFvAvY2cl%2FFGS8HZ5c%2FzJhs%2Ft6mi4WNQzQsfpDOawWzdW5%2F2fWAh5m5OhAfPx7rSTGRY4yi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 791482c9fd0b5c9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 11929.js Show response
cdn.thisiswaldo.com/static/js/ 359 KB
103 KB 126ms
21ms Script
application/javascript 2600:9000:2057:d400:f:458e:2a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.thisiswaldo.com/static/js/11929.js

Requested by

Host: work.ink
URL: https://work.ink/js/chunk-vendors.f4c76a04.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d400:f:458e:2a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache/2.4.29 (Ubuntu) /

Resource Hash

10d0635b58ce75231ae4d539c1c96ce8f4e444d91b6ba8fed535d4847acf0d75

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 15:50:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 25 Jan 2023 14:41:32 GMT
server: Apache/2.4.29 (Ubuntu)
via: 1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: "59c43-5f317a0e90d3d-gzip"
age: 15108
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: Jv-WBUYfC-zqk0IXgx3xusI0O8sTwBCeAkdsbgV2bPd6RHd0KTiFdg==

GET
H3 200 workink-colorful-md.8d4b6dda.png
work.ink/img/ 6 KB
7 KB 56ms
56ms Image
image/webp 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://work.ink/img/workink-colorful-md.8d4b6dda.png

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5c1b6a869520bca4157c388c888ad09f47fa5661b54a32d6c97e8edde78b538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 vegur
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3574
cf-polished: origFmt=png, origSize=15564
content-disposition: inline; filename="workink-colorful-md.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6626
cf-bgj: imgq:100,h2pri
last-modified: Fri, 27 Jan 2023 20:22:18 GMT
server: cloudflare
etag: "63d4327a-3ccc"
vary: Accept
x-frame-options: sameorigin
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwK45YVWrodpaI1c%2FIn0lhS1KJeOHm4uW3Dmaajjip%2Fart6wADOQljqKLn8M4kKsq7FvfHIGOuHEESXKycC5A57cq%2FNv%2B61qosDIJU%2FWVGEhbIX1Sax0DnMW9z0ANjSihIFr7PJq"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 791482ca4da15c9e-FRA

GET
H3 200 loader.a62dee1e.svg
work.ink/img/ 593 B
833 B 42ms
41ms Image
image/svg+xml 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://work.ink/img/loader.a62dee1e.svg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d050efc0dba3583b7021291fd3f49d2dbce8f0c145b42d69f6d192e14ba6ebb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 vegur
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5771
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 27 Jan 2023 20:22:18 GMT
server: cloudflare
etag: W/"63d4327a-251"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v7ijewMGcxqolJcd5x0VEasfyJd3YQTjld%2Bi71LUbGlECpgY6hqHkOB7%2FhNJleeyzk3%2B%2BvdUzZ1TBqsP%2FDGY2Xi2hyRLsiX%2Fi9aA64MyUZiK8TJMl9LSeZPeMja3ulSFngTZRyJk"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 791482ca4da65c9e-FRA

GET
H3 200 workink-white-md.4be034e5.svg
work.ink/img/ 8 KB
3 KB 49ms
48ms Image
image/svg+xml 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://work.ink/img/workink-white-md.4be034e5.svg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a9a41dce59c224a6cb0a33e73b2f239e4e5ee3972556e669c7d43076d43e365

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 vegur
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5771
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 27 Jan 2023 20:22:18 GMT
server: cloudflare
etag: W/"63d4327a-2151"
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VrVOLz66BXKmfcAbsRrjipNrYTXSOOgAZrvFWmPID9E6CpvTMLqzFQ%2F0GLwB9OymVOghA9rdiwQszw5zddeZ9cnACcPwdP3iL9eILFhIuwseNXbFHUzhmZXwTI7O9pTbwVQfdprp"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 791482ca4da95c9e-FRA

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ 405 KB
162 KB 142ms
36ms Script
text/javascript 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://work.ink/
Origin: https://work.ink
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 06:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132781
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165279
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 28 Jan 2024 06:59:53 GMT

POST
H3 200 791482c7eb3f9112 Show response
work.ink/cdn-cgi/challenge-platform/h/g/cv/result/ Frame BA03 2 B
658 B 49ms
48ms XHR
text/plain 2606:4700:20::681a:b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://work.ink/cdn-cgi/challenge-platform/h/g/cv/result/791482c7eb3f9112
Requested by: Host: work.ink
URL: https://work.ink/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1675008000
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZOkz8m9dlG63JLO56NF93dqoDDqXqggrRMxCDZ7qiA2IyrOXiWuxOI1M3%2FX9mlpkTjA%2B92lbDefbPFkHXhCn4DoLrQmmsDrhy2E0%2Fyi8uSZh4JPDhsBVwL3i9vOi521g3KQx75ru"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 791482cbe90d5c9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/work.ink/ 4 KB
2 KB 117ms
29ms Script
application/javascript 2600:9000:206f:a00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/work.ink/choice.js
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/11929.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83fa6784ebee363043db50681bbde69c4624f13ea9152c1758f7ca2f609ea0f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
via: 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
last-modified: Tue, 29 Mar 2022 21:12:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 29
x-amz-server-side-encryption: AES256
etag: W/"84f67876c95a3a1982d1378d05722a85"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 3u_FyyQ9iNuI3hHbLt09Y6BWiTjm6BXIt00XE4l9lvRkC0fX9-yizg==

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/160082/7676/ 201 KB
62 KB 148ms
21ms Script
application/javascript 23.35.232.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/160082/7676/pwt.js
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/11929.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.232.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-232-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e587bef04b460fbfcf1cdebaca05b28a172bd76b65637be2875dbebb138c9cdd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: gzip
last-modified: Mon, 31 Oct 2022 16:52:35 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=17837
accept-ranges: bytes
content-length: 62752
expires: Mon, 30 Jan 2023 00:50:11 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 214ms
94ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/11929.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f9fc03eee3d731cd12ddaffd694c2853bb19e5e4d31a57849908799410a2fac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27594
x-xss-protection: 0
server: sffe
etag: "1467 / 540 of 1000 / last-modified: 1674860937"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 29 Jan 2023 19:52:54 GMT

GET
H2 200 config.js Show response
cdn.confiant-integrations.net/bbdvOAJnqH-Idffgn_02C2Cyx_E/gpt_and_prebid/ 220 KB
44 KB 102ms
41ms Script
text/javascript 2606:4700::6812:116b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/bbdvOAJnqH-Idffgn_02C2Cyx_E/gpt_and_prebid/config.js
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/11929.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2de1a2f560f6be550975ad6e311cf9e838d91945ee096b3098ee5b200c92330d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 19:45:03 GMT
server: cloudflare
x-amz-request-id: 6GVE979GPRQQ4324
age: 371
etag: W/"de381a9005b8d6c67f2e6941e66ed5a9"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 791482cc9d7b9bef-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 2VI+PmPtjbGo5TkFkeyjw83FCeiVDf1Q8VNEp9DFWWoCT5K+PFBpdrXW3EdkTguweR/MI4WQ9Z8=

GET
H2 200 tag.js Show response
a.teads.tv/analytics/ 11 KB
4 KB 197ms
42ms Script
text/javascript 92.123.36.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/analytics/tag.js
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/11929.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.36.4 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-36-4.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 221e69003af87e6e8f934828ab416477126f3c062500e3bcb636bb9d87bf9b06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: Y6qsPmt0o95KDo3Ibo2euzqSnxQebNV8
date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
last-modified: Wed, 02 Nov 2022 09:38:15 GMT
x-amz-request-id: CBPRAJ7T0JSPRA6Z
etag: "6ddfb3a828a563a7719081ff9aeedaba"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: private, max-age=3600
accept-ranges: bytes
content-length: 3391
x-amz-id-2: HXC/qEq/6Y8E9VFAR9IDt9+y8k3iOvxTM8x87I6MmIhNfFuVfnQDX155843rEIYaFjHCagx+9Pg=

POST
H/1.1 200
OK track-impression Show response
thisiswaldo.com/js/ 1 B
376 B 609ms
361ms XHR
application/json 52.15.219.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://thisiswaldo.com/js/track-impression

Requested by

Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/11929.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.15.219.226 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-15-219-226.us-east-2.compute.amazonaws.com

Software

Apache/2.4.29 (Ubuntu) /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://work.ink/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Sun, 29 Jan 2023 19:52:54 GMT
X-Content-Type-Options: nosniff, nosniff
Server: Apache/2.4.29 (Ubuntu)
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 1
Expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
H2 200 me Show response
ipfind.co/ 306 B
416 B 708ms
337ms XHR
application/json 13.56.39.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfind.co/me?auth=3757a9b9-5759-4813-bc1a-7fa0b8ba94c1
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/11929.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.56.39.236 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-56-39-236.us-west-1.compute.amazonaws.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 57985d953e87540fa862b9fed973fbf7c57695cc8286fa6a2831b53b153d906a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:55 GMT
content-encoding: gzip
server: Apache/2.4.18 (Ubuntu)
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://work.ink
cache-control: no-cache, private
access-control-allow-credentials: true
content-length: 199

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 754A 42 KB
22 KB 71ms
70ms Document
text/html 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSckcgAAAAADa4NiqiPWZBnTw9LyNml9nB9NrF&co=aHR0cHM6Ly93b3JrLmluazo0NDM.&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=vb4ioiccygtt

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

64998bcda77534727690d3f9539f334c95fb6003f0d840c3d723a01456c71039

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QYJ4K1tF0YWJZ1gCaaDFKg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://work.ink/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22321
content-security-policy: script-src 'report-sample' 'nonce-QYJ4K1tF0YWJZ1gCaaDFKg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 19:52:54 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/UceQrkp9kxg/ 26 KB
27 KB 145ms
37ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/UceQrkp9kxg/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab1e3a3ad9610a947eda9825d3f0724f882442a7554f3bb20997fcec027ec57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:05:54 GMT
x-content-type-options: nosniff
age: 2820
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27057
x-xss-protection: 0
server: sffe
etag: "1668708249"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:05:54 GMT

GET
H2 404 hqdefault.jpg
i.ytimg.com/vi/ulU3JosGUTw/ 1 KB
1 KB 273ms
165ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/ulU3JosGUTw/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
x-content-type-options: nosniff
server: sffe
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=30
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1097
x-xss-protection: 0
expires: Sun, 29 Jan 2023 19:53:24 GMT

GET
H2 404 hqdefault.jpg
i.ytimg.com/vi/CUdmp9_p8ew/ 1 KB
1 KB 231ms
124ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/CUdmp9_p8ew/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
x-content-type-options: nosniff
server: sffe
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=30
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1097
x-xss-protection: 0
expires: Sun, 29 Jan 2023 19:53:24 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/nkgdnEco-xk/ 38 KB
38 KB 273ms
166ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/nkgdnEco-xk/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232678fd138f5420821e8699abc88a71f9f9a7dc50abb9b2e50838f15dc4c7a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38827
x-xss-protection: 0
server: sffe
etag: "1670248281"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:52:54 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/nkka9yyCP8Q/ 40 KB
41 KB 177ms
70ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/nkka9yyCP8Q/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

203d9c214da119d3dc818b06b8bf982a26ccc2653b60cbd7927880aebfe40a4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:48:35 GMT
x-content-type-options: nosniff
age: 259
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41429
x-xss-protection: 0
server: sffe
etag: "1665151300"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:48:35 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/rS3tubC5nAU/ 48 KB
48 KB 149ms
95ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/rS3tubC5nAU/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ee169483756c7364468f03cf77500d9cca44fe714d320c6a689d66503b7bf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 18:38:22 GMT
x-content-type-options: nosniff
age: 4472
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48989
x-xss-protection: 0
server: sffe
etag: "1649271937"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 20:38:22 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/_eqyE7oQ9q8/ 17 KB
17 KB 158ms
155ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/_eqyE7oQ9q8/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e26472659e455ef386d02b13f3f5f6a554ac4a38ae96be025108581f3bfde59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17269
x-xss-protection: 0
server: sffe
etag: "1458416681"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:52:54 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/PuYYlxyrhts/ 36 KB
36 KB 164ms
162ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/PuYYlxyrhts/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

347669aebf08ca50596c33187463269b9c64fe82c58ad54017de80e0d7bebea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36532
x-xss-protection: 0
server: sffe
etag: "1672306119"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:52:54 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/AlRuSjp7cec/ 33 KB
33 KB 140ms
137ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/AlRuSjp7cec/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b886cbef15f578e194c5bdf8ae8ef28f1062e779b36e76585d2305a8e2e08ae4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:21:01 GMT
x-content-type-options: nosniff
age: 1913
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33354
x-xss-protection: 0
server: sffe
etag: "1658724269"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:21:01 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/ZVVSylyI_EU/ 34 KB
34 KB 144ms
141ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/ZVVSylyI_EU/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c785c1f5cc205b01538d4b35df41a00793cdc57312882733deac3aae95fb18b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:05 GMT
x-content-type-options: nosniff
age: 49
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35102
x-xss-protection: 0
server: sffe
etag: "1661708973"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:52:05 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/sKuGSdHb6rQ/ 43 KB
43 KB 158ms
155ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/sKuGSdHb6rQ/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5cca0caa967cf148a09dec3eb25eb9c9cef36e27f6692340c2cc7bf2df6b5862

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44345
x-xss-protection: 0
server: sffe
etag: "1672158617"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:52:54 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/SbvX4xTA71k/ 51 KB
51 KB 93ms
89ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/SbvX4xTA71k/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a7a84e597cc08c84bdf1eb0fe5b77d7b72c201f40d135f5055a887af6eb62f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 18:37:42 GMT
x-content-type-options: nosniff
age: 4512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52020
x-xss-protection: 0
server: sffe
etag: "1673936336"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 20:37:42 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/zCeQfpxQjDc/ 26 KB
26 KB 121ms
117ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/zCeQfpxQjDc/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8880fdae7b2f8ddf59514cec05ce7143cc2ee563fb03c038efeab0825480c17d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:41:49 GMT
x-content-type-options: nosniff
age: 665
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26480
x-xss-protection: 0
server: sffe
etag: "1666649614"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:41:49 GMT

GET
H2 404 hqdefault.jpg
i.ytimg.com/vi/G8qHU5zW5RI/ 1 KB
1 KB 157ms
154ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/G8qHU5zW5RI/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
x-content-type-options: nosniff
server: sffe
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=30
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1097
x-xss-protection: 0
expires: Sun, 29 Jan 2023 19:53:24 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/D2CKLLkhZlQ/ 34 KB
34 KB 167ms
164ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/D2CKLLkhZlQ/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6789c074b52636e8880e01e4c14ddb82ce2248fa0799a2c93c2d39e55586e26d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34640
x-xss-protection: 0
server: sffe
etag: "1667666448"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:52:54 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/mTFY7xSXpPk/ 37 KB
37 KB 127ms
123ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/mTFY7xSXpPk/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32ed9aff1947f8bbff87116578af4ba03e088b3d6c113b8921ac1664b1d10e04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 18:07:00 GMT
x-content-type-options: nosniff
age: 6354
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37511
x-xss-protection: 0
server: sffe
etag: "1663692174"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 20:07:00 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/xzpMHeazLHc/ 18 KB
18 KB 154ms
150ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/xzpMHeazLHc/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f60264f4ebc1a37effbac88a06ecbd4ebf3147b51812e96f4635b811bbf0f389

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 18:13:53 GMT
x-content-type-options: nosniff
age: 5941
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18057
x-xss-protection: 0
server: sffe
etag: "1649763670"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 20:13:53 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/ldj0qZ2Qav4/ 38 KB
38 KB 105ms
102ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/ldj0qZ2Qav4/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b5bf3e377df57cb639d8cd0b4cb1308f7bbf0a292dacf9114b33d2a5f94b381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:26:04 GMT
x-content-type-options: nosniff
age: 1610
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39030
x-xss-protection: 0
server: sffe
etag: "1670734572"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 21:26:04 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/JayZ8raXuAk/ 47 KB
47 KB 113ms
110ms Image
image/jpeg 2a00:1450:400d:80a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/JayZ8raXuAk/hqdefault.jpg

Requested by

Host: work.ink
URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2016 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

994452b1f40d55ce7672b2f4048a30b38b930b00c0a4f31af5c38ca2b90c2190

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 18:57:51 GMT
x-content-type-options: nosniff
age: 3303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48390
x-xss-protection: 0
server: sffe
etag: "1666429264"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 29 Jan 2023 20:57:51 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 25 KB
10 KB 124ms
25ms Script
application/javascript 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/work.ink/choice.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f7da44c9657d7a2dbd9d127c5d9834ab4d9599445f264f90e2b922e61bdc9ff9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: gzip
etag: "OVi4z6W4qM+KoQEZlRgh5w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Sun, 05 Feb 2023 19:52:54 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 177 KB
44 KB 26ms
26ms Script
text/javascript 2600:9000:206f:a00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=work.ink
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/work.ink/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2bd23d1a6781e5c15a107f6d5e2fd7b55ae061d92180e3c9b099ccfe6e2b7f01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 18:58:52 GMT
content-encoding: br
via: 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 3249
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 10 Nov 2022 18:23:42 GMT
server: AmazonS3
etag: W/"37fdfbac0c6ef64496f7d86258c934a8"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-meta-qc-ineu: True
vary: Accept-Encoding
x-amz-cf-id: 34MdUzbe-L-9hvPEaWYQImTmUMq-1JY2U7NUSmjEEaWdCVBVdy6bSQ==

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 754A 55 KB
24 KB 107ms
35ms Stylesheet
text/css 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSckcgAAAAADa4NiqiPWZBnTw9LyNml9nB9NrF&co=aHR0cHM6Ly93b3JrLmluazo0NDM.&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=vb4ioiccygtt

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 21:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 167538
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jan 2024 21:20:36 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 754A 405 KB
161 KB 125ms
53ms Script
text/javascript 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 06:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132781
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165279
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 28 Jan 2024 06:59:53 GMT

GET
H2 200 wrap.js Show response
cdn.confiant-integrations.net/gptprebidnative/202212211045/ 216 KB
68 KB 43ms
42ms Script
application/javascript 2606:4700::6812:116b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/gptprebidnative/202212211045/wrap.js
Requested by: Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/bbdvOAJnqH-Idffgn_02C2Cyx_E/gpt_and_prebid/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b59e31aeaca17f052e5e16fa1713cb48d45997454c26ae2876302420b77751c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Dec 2022 15:47:15 GMT
server: cloudflare
x-amz-request-id: AJ16MF7MV5ZBMEN7
age: 3375992
etag: W/"fa407ba001f2ac06196124f41d523471"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 791482cd0e789bef-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: GjUn9sGzmnRhNV8lWhoQdx1lyEhLjlHIUmNKXDAUup6NHC2n4/1ChMTnKh8cJWO66zj70kVurAo/rk4Z+jFu3A==

GET
H2 200 cmp-list.json Show response
test.cmp.quantcast.com/GVL-v2/ 10 KB
3 KB 83ms
21ms XHR
application/json 2600:9000:211e:1e00:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.cmp.quantcast.com/GVL-v2/cmp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=work.ink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:1e00:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a8efe51cbecdad4bc99bcab6208c535224c81077f92247249f93ce079be3b4a7

Request headers

Accept: application/json, text/plain, */*
Referer: https://work.ink/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:31 GMT
x-amz-version-id: 4AIQAJ98xxQb5Z9H_UdCs9PW1_AVpdm2
content-encoding: br
via: 1.1 103eb504d36d97c9f30550032223d996.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 24
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 29 Jan 2023 19:52:29 GMT
server: AmazonS3
etag: W/"104d73e097947079d97b7ce656d124ce"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: N_QEjSPCZIvVTgm7GcNwF1AbKzbHIVFzXrLJL9ora8ERqTf_Q7_8xQ==

GET
H2 200 rules-p-fTfJtcPmQDwZG.js Show response
rules.quantcount.com/ 160 B
625 B 81ms
22ms Script
application/javascript 2600:9000:206f:e200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-fTfJtcPmQDwZG.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:e200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 922b0d2d4adb5ed473a915258165047db5642276b6edad0dc15a0d47ed4ea19c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:01:07 GMT
via: 1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 3121
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Fri, 14 Oct 2022 06:30:36 GMT
server: AmazonS3
etag: "65712c30333d33050e268b43b70b60ea"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: kqKaHLmn1X8Jxh_S5TgjYArw1iWFjJ6Uz4OF3j8YMAEQ8Exzcz-Q3A==

GET
H2 200 cmp2ui-en.js Show response
cmp.quantcast.com/tcfv2/45/ 248 KB
61 KB 55ms
24ms Script
text/javascript 2600:9000:206f:a00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/45/cmp2ui-en.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=work.ink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1411268d26be0a8e9200cb1b62fc2252dd389902e94a88cc951a307053487628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 14:26:46 GMT
content-encoding: br
via: 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 105969
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 10 Nov 2022 18:23:24 GMT
server: AmazonS3
etag: W/"39d0cac7e548f81f1e1e1c36db3c775e"
access-control-max-age: 604800
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: TpQBhxam2htC0cII1ZSlapaYQjU2tDOYol-9dLEZa6d7Us3gH0eeUQ==

GET
H2 200 vendor-list-trimmed-v1.json Show response
cmp.quantcast.com/GVL-v2/ 350 KB
43 KB 100ms
26ms XHR
application/json 2600:9000:206f:5a00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=work.ink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 80fd4cf05bd80846d467d08abcb621742769fe832f83fa40c9816b8eb3a7e831

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 03:00:36 GMT
content-encoding: br
via: 1.1 3dd91613764eafe7ad199013ce202442.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 60739
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 29 Jan 2023 03:00:34 GMT
server: AmazonS3
etag: W/"721c912bad0ae28ec9367496fc725a0d"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: jrGGk62_soUXlZcgYwOTyzQxonewr9Y_2qVlN6Ma9I9QfINQGnfBWw==

GET
H2 200 google-atp-list.json Show response
cmp.quantcast.com/tcfv2/ 151 KB
36 KB 119ms
46ms XHR
application/json 2600:9000:206f:5a00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/google-atp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=work.ink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b

Request headers

Accept: application/json, text/plain, */*
Referer: https://work.ink/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 03:00:30 GMT
content-encoding: br
via: 1.1 3dd91613764eafe7ad199013ce202442.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 60745
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 29 Jan 2023 03:00:26 GMT
server: AmazonS3
etag: W/"1dbfd79d4ea7f69c0c42a2f6065532e7"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: o_QnIl6ajqlB96PkU119yI0ulip8AqVE_AcjsZpKp5VV0Z23xVN7ag==

GET
H2 200 pubads_impl_2023012301.js Show response
securepubads.g.doubleclick.net/gpt/ 385 KB
130 KB 37ms
36ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071867

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79e66558ee620ce57bc0a6be17a96c32074065e763b49f0be5551799623943a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 01:49:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 237817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133281
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 09:36:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 27 Jan 2024 01:49:17 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 176 B
121 B 265ms
191ms XHR
application/json 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=work.ink

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87771dae5b516f4806b5c381879864616104362f72eb76c46effcd5b543d5d90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96
x-xss-protection: 0
expires: Sun, 29 Jan 2023 19:52:54 GMT

GET
H2 200 / Show response
audit-tcfv2.cmp.quantcast.com/ 2 B
101 B 216ms
23ms XHR
text/plain 18.184.235.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%22fTfJtcPmQDwZG%22%2C%22domain%22%3A%22work.ink%22%2C%22publisher%22%3A%22%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.45%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22KkI%2FKU5jPenQbNeBBXEZcg%22%2C%22clientTimestamp%22%3A1675021974748%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-hpv1rb0ebvpg2ewl02xs%22%7D
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/45/cmp2ui-en.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.235.146 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-235-146.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://work.ink/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 29 Jan 2023 19:52:54 GMT
content-length: 2
content-type: text/plain; charset=utf-8

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 754A 2 KB
2 KB 150ms
150ms Image
image/png 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 15:21:21 GMT
x-content-type-options: nosniff
age: 448293
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 31 Jan 2023 15:21:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 754A 15 KB
15 KB 149ms
134ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 13:18:51 GMT
x-content-type-options: nosniff
age: 542043
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 13:18:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 754A 15 KB
15 KB 151ms
137ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 03:11:30 GMT
x-content-type-options: nosniff
age: 232884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jan 2024 03:11:30 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 754A 102 B
134 B 149ms
148ms Other
text/javascript 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cec2fe6ccfa38f972e79f25c46c812727d1048f7d364d3d5639cb2e9528acf5f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSckcgAAAAADa4NiqiPWZBnTw9LyNml9nB9NrF&co=aHR0cHM6Ly93b3JrLmluazo0NDM.&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=vb4ioiccygtt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-xss-protection: 1; mode=block
expires: Sun, 29 Jan 2023 19:52:54 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame 754A 32 KB
18 KB 106ms
105ms XHR
application/json 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LeSckcgAAAAADa4NiqiPWZBnTw9LyNml9nB9NrF

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

65f9afd0833c87ae0e45d88c54167d0a0d554c02d17e603a9753afb4c7f39380

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSckcgAAAAADa4NiqiPWZBnTw9LyNml9nB9NrF&co=aHR0cHM6Ly93b3JrLmluazo0NDM.&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=vb4ioiccygtt
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Sun, 29 Jan 2023 19:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18597
x-xss-protection: 1; mode=block
expires: Sun, 29 Jan 2023 19:52:55 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 108ms
37ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwork.ink%2F&domain=work.ink&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://work.ink
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://work.ink
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 29 Jan 2023 19:52:56 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 507059
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 49 B
245 B 462ms
374ms XHR
application/json 2600:1901:0:8344::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0015a0000344WOAAA2&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160082/7676/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8344:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer: https://work.ink/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 29 Jan 2023 19:52:56 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://work.ink
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwork.ink%2F&domain=work.ink&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=S3x033xhRzJ1VXBzV1l0MHd5MU1NVGJUQk5iQmkrNUVCa3ladW0wb3JkS2t4S0JFZklBenJUNzAvUjJxOFZYNUJZU0VRUlpTY0s5L2xxaUlOZ2g0dTAra0lJaGVKL2sxNXJOS2JPMGZFcHAyMmFod1pxQ0lzTnJSOW5JWE...

357 B
646 B

96ms
34ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=S3x033xhRzJ1VXBzV1l0MHd5MU1NVGJUQk5iQmkrNUVCa3ladW0wb3JkS2t4S0JFZklBenJUNzAvUjJxOFZYNUJZU0VRUlpTY0s5L2xxaUlOZ2g0dTAra0lJaGVKL2sxNXJOS2JPMGZFcHAyMmFod1pxQ0lzTnJSOW5JWENNM3JjOS9MM214MHpiYm5GNGJrak0vQ2FTN0xUbDBZNjhSdlY4dEFsYndsdGpYWDFwSW5tSndKZUd1SWpKYnVOaEhJU0RLNjBDMEQrenI3UUVSOE1rcUNoNWUwV0RmaHVreDVvVXZLUkhzVXl3YmFUVUZjPXw&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

efdc91846dff5c212df5864c2ce63d2074b7effbfbe1ae56ca90bafac03b4050

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://work.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Jan 2023 19:52:56 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1129794
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 29 Jan 2023 19:52:56 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=S3x033xhRzJ1VXBzV1l0MHd5MU1NVGJUQk5iQmkrNUVCa3ladW0wb3JkS2t4S0JFZklBenJUNzAvUjJxOFZYNUJZU0VRUlpTY0s5L2xxaUlOZ2g0dTAra0lJaGVKL2sxNXJOS2JPMGZFcHAyMmFod1pxQ0lzTnJSOW5JWENNM3JjOS9MM214MHpiYm5GNGJrak0vQ2FTN0xUbDBZNjhSdlY4dEFsYndsdGpYWDFwSW5tSndKZUd1SWpKYnVOaEhJU0RLNjBDMEQrenI3UUVSOE1rcUNoNWUwV0RmaHVreDVvVXZLUkhzVXl3YmFUVUZjPXw&cppv=2
access-control-allow-origin: https://work.ink
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 599793
content-length: 0
expires: 0

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 id Show response
id.crwdcntrl.net/ 43 B
312 B 163ms
49ms XHR
application/json 54.194.186.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160082/7676/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.186.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-186-27.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer: https://work.ink/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 29 Jan 2023 19:52:56 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://work.ink
cache-control: no-cache
x-server: 10.45.5.52
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
385 B 144ms
43ms XHR
application/json 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160082/7676/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 0a05bc91b6a897943439bb0d375962ab095ee5e64cb78767ac91dc9cf39eb5df

Request headers

Referer: https://work.ink/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 29 Jan 2023 19:52:56 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://work.ink
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Tue, 28 Feb 2023 19:52:56 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 162ms
44ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 29 Jan 2023 19:52:56 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 6627313
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=1258

Verdicts & Comments Add Verdict or Comment

161 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 13:36:13	Name: _GRECAPTCHA Value: 09AOOcfwvk2wWyd1Cujs0rD1pWwNTdAPnMl-fKdAzvF78NW-UCew195gPe7seTbGcPKIaStVRZGgW7eNMNVK2Hi0A
.work.ink/	1970-01-20 18:53:01	Name: _ga Value: 6e28691b-f08f-4a8d-b941-09497ab15cf8
.work.ink/	1970-01-20 09:17:03	Name: __cf_bm Value: vOHp3uyKkESrOwCFbg0nAQFw4jGGrAFUXkhxHTk6yis-1675021974-0-AdT4ti4HF7Abqjs72kA60f689aXQLpzky0GIWKRDAy26Z/FREy9fmQjyGPejMuOzR1B2zKCzzzFO9kgnf5FAFJ55ptaFtO5+K18pWrveXPgXB8n2weqanA5sVkQ4KJBk6oCquTtdjRxg8lR/Of4GTkk=
work.ink/	1970-01-20 10:00:13	Name: _pbjs_userid_consent_data Value: 3524755945110770
.work.ink/	1970-01-20 13:36:13	Name: _pubcid Value: da4a74c3-54b5-483a-bdd2-95b02d50597e
work.ink/	1970-01-20 11:26:37	Name: waldo_country Value: DE
work.ink/	1970-01-20 11:26:37	Name: waldo_continent Value: EU
work.ink/	1970-01-20 11:26:37	Name: waldo_region Value: null
work.ink/	1970-01-20 09:17:05	Name: _lr_retry_request Value: true
work.ink/	1970-01-20 10:00:13	Name: _lr_env_src_ats Value: false
work.ink/	1970-01-20 10:43:25	Name: pbjs-unifiedid Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-01-29T19%3A52%3A56%22%7D
.work.ink/	1970-01-20 18:38:37	Name: cto_bundle Value: caMWpl9yOXY5TVpwY2pQUlIlMkIxQ29WOVBiN0hIM2FuQ0xrcjlmNnJxQm5uZ2Zra2JWMHhSYVY5MUVNUmxjUWloRHFRJTJGY0E3TTJCbW51aVAlMkZLUWFsUEk3aFJ4MDhMRWY2SU9lc1JGN1ZHVkt6UUxVSjdzTmVTaTBMN3hFb05uMUpPYVBYUw
.work.ink/	1970-01-20 18:38:37	Name: cto_bidid Value: mrLjyF8zeE1ybkF5Q1NhYW9VUTAzMjdjSkE1bklxN2ZBcUFEWTllVWxZaWZhenJWQmFZcTRlMTBWWEQyJTJGZ09JazclMkI3ZU1uZ1FRbHdrTnNDd20wUnFEQ3czOFElM0QlM0Q

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://i.ytimg.com/vi/CUdmp9_p8ew/hqdefault.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://i.ytimg.com/vi/ulU3JosGUTw/hqdefault.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://i.ytimg.com/vi/G8qHU5zW5RI/hqdefault.jpg Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://work.ink/2uF/bonn1e7hebunny-OF-leaks-MEGA0018 Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=1258' from origin 'https://work.ink' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=1258 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.teads.tv
ads.pubmatic.com
api.rlcdn.com
audit-tcfv2.cmp.quantcast.com
cdn.confiant-integrations.net
cdn.thisiswaldo.com
cmp.quantcast.com
fonts.gstatic.com
gum.criteo.com
i.ytimg.com
id.crwdcntrl.net
ipfind.co
lexicon.33across.com
match.adsrvr.org
mug.criteo.com
quantcast.mgr.consensu.org
redirect-api.work.ink
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
test.cmp.quantcast.com
thisiswaldo.com
work.ink
workink.net
www.google.com
www.gstatic.com
api.rlcdn.com
13.56.39.236
178.250.0.157
18.184.235.146
23.35.232.201
2600:1901:0:8344::
2600:9000:2057:d400:f:458e:2a80:93a1
2600:9000:206f:5a00:9:46dc:4700:93a1
2600:9000:206f:a00:9:46dc:4700:93a1
2600:9000:206f:e200:6:44e3:f8c0:93a1
2600:9000:211e:1e00:3:a4cd:8380:93a1
2606:4700:20::681a:b77
2606:4700:3030::6815:728
2606:4700::6812:116b
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:400d:807::2004
2a00:1450:400d:80a::2002
2a00:1450:400d:80a::2003
2a00:1450:400d:80a::2016
2a02:2638::1c
35.71.131.137
52.15.219.226
54.194.186.27
92.123.36.4
0a05bc91b6a897943439bb0d375962ab095ee5e64cb78767ac91dc9cf39eb5df
10d0635b58ce75231ae4d539c1c96ce8f4e444d91b6ba8fed535d4847acf0d75
11ee169483756c7364468f03cf77500d9cca44fe714d320c6a689d66503b7bf8
13f5033c8999b1545c9ba66fbe446c2e7ad282dc1c43a53cdf3a23df33a92411
1411268d26be0a8e9200cb1b62fc2252dd389902e94a88cc951a307053487628
15d36e8f871b1cf84be33fa8f1ff0e5dc96a123ccc194da4520ae3d81b32329d
1a9a41dce59c224a6cb0a33e73b2f239e4e5ee3972556e669c7d43076d43e365
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
203d9c214da119d3dc818b06b8bf982a26ccc2653b60cbd7927880aebfe40a4f
20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711
221e69003af87e6e8f934828ab416477126f3c062500e3bcb636bb9d87bf9b06
232678fd138f5420821e8699abc88a71f9f9a7dc50abb9b2e50838f15dc4c7a1
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2bd23d1a6781e5c15a107f6d5e2fd7b55ae061d92180e3c9b099ccfe6e2b7f01
2de1a2f560f6be550975ad6e311cf9e838d91945ee096b3098ee5b200c92330d
31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b
32ed9aff1947f8bbff87116578af4ba03e088b3d6c113b8921ac1664b1d10e04
347669aebf08ca50596c33187463269b9c64fe82c58ad54017de80e0d7bebea8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e26472659e455ef386d02b13f3f5f6a554ac4a38ae96be025108581f3bfde59
3e9e9b331106cae0b1771ef3846f8eb805ea8b892556cb9fe20b4bbc196e63dd
447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7
4b5bf3e377df57cb639d8cd0b4cb1308f7bbf0a292dacf9114b33d2a5f94b381
4b8517322d533f3d027d637fcae8d7a3bba40642c7791bef35588607a71c889c
4c2f536684fd0983d74f5cd8883fae4e75c5f575d37dd94d808bd0e60b60f4b1
5313fda21559155ec23b0bea9696bd7c9b29afc43d1d4714ba04f6fc0a2290b1
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57985d953e87540fa862b9fed973fbf7c57695cc8286fa6a2831b53b153d906a
5a424708ce92c39a8623c95bb072983b9f7c098383632fc80b660370fb690a30
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b5c4572c7b28bd24f825720710b4f757f60c5a8a3d58b39a99acb1348d57e15
5c785c1f5cc205b01538d4b35df41a00793cdc57312882733deac3aae95fb18b
5cca0caa967cf148a09dec3eb25eb9c9cef36e27f6692340c2cc7bf2df6b5862
5f9fc03eee3d731cd12ddaffd694c2853bb19e5e4d31a57849908799410a2fac
64998bcda77534727690d3f9539f334c95fb6003f0d840c3d723a01456c71039
65f9afd0833c87ae0e45d88c54167d0a0d554c02d17e603a9753afb4c7f39380
6789c074b52636e8880e01e4c14ddb82ce2248fa0799a2c93c2d39e55586e26d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
79e66558ee620ce57bc0a6be17a96c32074065e763b49f0be5551799623943a4
80fd4cf05bd80846d467d08abcb621742769fe832f83fa40c9816b8eb3a7e831
83fa6784ebee363043db50681bbde69c4624f13ea9152c1758f7ca2f609ea0f4
87771dae5b516f4806b5c381879864616104362f72eb76c46effcd5b543d5d90
8880fdae7b2f8ddf59514cec05ce7143cc2ee563fb03c038efeab0825480c17d
8a7a84e597cc08c84bdf1eb0fe5b77d7b72c201f40d135f5055a887af6eb62f8
8d050efc0dba3583b7021291fd3f49d2dbce8f0c145b42d69f6d192e14ba6ebb
922b0d2d4adb5ed473a915258165047db5642276b6edad0dc15a0d47ed4ea19c
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
994452b1f40d55ce7672b2f4048a30b38b930b00c0a4f31af5c38ca2b90c2190
99fb3f10d055d2ba4a90c51c3883609f916e070a5ca7c99b8cead3f2ffee8f56
a8efe51cbecdad4bc99bcab6208c535224c81077f92247249f93ce079be3b4a7
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
b59e31aeaca17f052e5e16fa1713cb48d45997454c26ae2876302420b77751c2
b5c1b6a869520bca4157c388c888ad09f47fa5661b54a32d6c97e8edde78b538
b886cbef15f578e194c5bdf8ae8ef28f1062e779b36e76585d2305a8e2e08ae4
cec2fe6ccfa38f972e79f25c46c812727d1048f7d364d3d5639cb2e9528acf5f
cf6b8e5810b81c2eb90ca7454bd6413ec5df5d2af382a764302b797006c43ef0
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
da4b247bcd2a67fe47ef4bfc1c9fe8d28d691952ac228a5a51c6149ff051f4f0
e587bef04b460fbfcf1cdebaca05b28a172bd76b65637be2875dbebb138c9cdd
efdc91846dff5c212df5864c2ce63d2074b7effbfbe1ae56ca90bafac03b4050
f60264f4ebc1a37effbac88a06ecbd4ebf3147b51812e96f4635b811bbf0f389
f7da44c9657d7a2dbd9d127c5d9834ab4d9599445f264f90e2b922e61bdc9ff9
fab1e3a3ad9610a947eda9825d3f0724f882442a7554f3bb20997fcec027ec57

work.ink Open in urlscan Pro 2606:4700:20::681a:b77 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

69 Requests

97 %HTTPS

65 %IPv6

20 Domains

26 Subdomains

24 IPs

5 Countries

1863 kBTransfer

4593 kBSize

13 Cookies

1 Outgoing links

Page URL History

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

work.ink Open in urlscan Pro
2606:4700:20::681a:b77 Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

97 %
HTTPS

65 %
IPv6

20
Domains

26
Subdomains

24
IPs

5
Countries

1863 kB
Transfer

4593 kB
Size

13
Cookies

69 HTTP transactions
1 data transactions