www.teamblind.com Open in urlscan Pro
99.84.156.83  Public Scan

10 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://links910.mixmaxusercontent.com/5edee374e48ca800304aa4b8/l/BCpS7eE9WrtQc1Y5f?messageId=o5PL1XlpAK587fnnh&rn=&re=gIt92YuMXZjJXdvNXZyF2ZyFGdANHZsVWamJnI&sc=false HTTP 302
   https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 144

• https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-157687-884638-9&mkcid=4&mkevt=2&mpt=3860139453&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=529704 HTTP 301
• https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Request Chain 154

• https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDPuoCdLhCwCRisAjIIDwAhueo-8IU HTTP 301
• https://tpc.googlesyndication.com/simgad/6037977029595278777

Request Chain 160

• https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJXrGU44AxOgDJJByAYIlKU&google_cver=1&google_push=AQvitUKxj3AiMWoW0EbP7bql9QS-1HtMmiVgPbBm0BLbUccqtO_e8HlxtB8TlhA6kV36AJBoKzV1Ibd_4ZPJzoc5-sKPkphhWfc HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUKxj3AiMWoW0EbP7bql9QS-1HtMmiVgPbBm0BLbUccqtO_e8HlxtB8TlhA6kV36AJBoKzV1Ibd_4ZPJzoc5-sKPkphhWfc

Request Chain 161

• https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEBGyrNRQafOXFrVutq7vdRs&google_cver=1&google_push=AQvitUKJ2NDIpNDGB3SJxjDJmkBrmoS6C6xURKycHV7KZnf5r48TuPwd59P2shvs3Y2rvRYtWURtCGgbKkVIy7tptshj5HlcmaA HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBGyrNRQafOXFrVutq7vdRs&google_push=AQvitUKJ2NDIpNDGB3SJxjDJmkBrmoS6C6xURKycHV7KZnf5r48TuPwd59P2shvs3Y2rvRYtWURtCGgbKkVIy7tptshj5HlcmaA

Request Chain 162

• https://d5p.de17a.com/cookies/google?google_gid=CAESEK2pWGExMSyRtPy3ZAkiM5c&google_cver=1&google_push=AQvitUJioVtEI8QpKZhwtEkTLy9ei0WCXi3Kl5EQsRKDLTwGQVlchw_lVWx5mpKblKC-CZQhEFydl4akJKZPiii1T_EEvRThhqQP HTTP 302
• https://d5p.de17a.com/cookies/google;c?google_gid=CAESEK2pWGExMSyRtPy3ZAkiM5c&google_cver=1&google_push=AQvitUJioVtEI8QpKZhwtEkTLy9ei0WCXi3Kl5EQsRKDLTwGQVlchw_lVWx5mpKblKC-CZQhEFydl4akJKZPiii1T_EEvRThhqQP HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUJioVtEI8QpKZhwtEkTLy9ei0WCXi3Kl5EQsRKDLTwGQVlchw_lVWx5mpKblKC-CZQhEFydl4akJKZPiii1T_EEvRThhqQP

Request Chain 163

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECCnhcKC36J6agUdL8sFOEc&google_cver=1&google_push=AQvitUL8v4VieIMFk-M5uqqexC-27N3LiyTb1nDvx2MY1PXRSpeyD7jQBRofhTEhNyTrJHbhXO3F2Mg-ORd8WZ94BrjDodFpq74 HTTP 302
• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECCnhcKC36J6agUdL8sFOEc&google_cver=1&google_push=AQvitUL8v4VieIMFk-M5uqqexC-27N3LiyTb1nDvx2MY1PXRSpeyD7jQBRofhTEhNyTrJHbhXO3F2Mg-ORd8WZ94BrjDodFpq74&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH2YdzCjdwZDlAOst6HYagAABIEAAAAB&google_gid=CAESECCnhcKC36J6agUdL8sFOEc&google_cver=1&google_push=AQvitUL8v4VieIMFk-M5uqqexC-27N3LiyTb1nDvx2MY1PXRSpeyD7jQBRofhTEhNyTrJHbhXO3F2Mg-ORd8WZ94BrjDodFpq74

Request Chain 164

• https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEPqICAGIbV-vB5Yw3mRtpNo&google_cver=1&google_push=AQvitUK1bFLBbwuJEZ9ZWfrhx2E9749_GGMGm1pn7kQwaXLT50wKXBzWWgkdkf0aJ78SE10GJQbgzonQC7KO0nz-iqChY7fWgodt HTTP 302
• https://sync.targeting.unrulymedia.com/csync/RX-7a803927-1200-4ec0-b76d-dacc610d01d8-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUK1bFLBbwuJEZ9ZWfrhx2E9749_GGMGm1pn7kQwaXLT50wKXBzWWgkdkf0aJ78SE10GJQbgzonQC7KO0nz-iqChY7fWgodt%26google_hm%3DA3qAOScSAE7At23azGENAdg HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUK1bFLBbwuJEZ9ZWfrhx2E9749_GGMGm1pn7kQwaXLT50wKXBzWWgkdkf0aJ78SE10GJQbgzonQC7KO0nz-iqChY7fWgodt&google_hm=A3qAOScSAE7At23azGENAdg

Request Chain 199

• https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-157687-884638-9&mkcid=4&mkevt=2&mpt=901382182&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=529704 HTTP 301
• https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Request Chain 214

• https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCnw6mFRxCwCRiwCTIIwAwarVHbLMA HTTP 301
• https://tpc.googlesyndication.com/simgad/12925602498586286455

Request Chain 219

• https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGZGQ_3WFvMZzpWnc6kF4Ho&google_cver=1&google_push=AQvitUJ2mOy4OOJ9e1ORPEY-9NjwyOk2rR3pCYFpk6vVouSEIm4Pehem2cGwbwBXMeWpuzrMT2Kz3jYUyibycNn5NFd3nWOjmxia HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDExOTY0ODc3Njk4ODQwNDI4MA== HTTP 302
• https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEGZGQ_3WFvMZzpWnc6kF4Ho&google_cver=1

Request Chain 220

• https://a.tribalfusion.com/i.match?p=b6&u=CAESEAFdzXeW6AyKsiXZXbkQnzA&google_cver=1&google_push=AQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
• https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAFdzXeW6AyKsiXZXbkQnzA&google_cver=1&google_push=AQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 222

• https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELTP8cr9fiZrLxvCY3K-L3k&google_cver=1&google_push=AQvitUINeObgYr9zqL43tA4SRFvNOwttMWCYQ5EE1WfF_u5b-tb9APe1ejEnI05Y8aKBCDl4pctEMwkyGiHfaCi0vjE8BFExmKtsZw HTTP 302
• https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELTP8cr9fiZrLxvCY3K-L3k&google_cver=1&google_push=AQvitUINeObgYr9zqL43tA4SRFvNOwttMWCYQ5EE1WfF_u5b-tb9APe1ejEnI05Y8aKBCDl4pctEMwkyGiHfaCi0vjE8BFExmKtsZw HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQwODEwMTkxMzYzNDUxMzEyNw&google_push=AQvitUINeObgYr9zqL43tA4SRFvNOwttMWCYQ5EE1WfF_u5b-tb9APe1ejEnI05Y8aKBCDl4pctEMwkyGiHfaCi0vjE8BFExmKtsZw

Request Chain 240

• https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCnw6mFRxCwCRiwCTIIwAwarVHbLMA HTTP 301
• https://tpc.googlesyndication.com/simgad/12925602498586286455

Request Chain 241

• https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-157687-884638-9&mkcid=4&mkevt=2&mpt=2118222445&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=529704 HTTP 301
• https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Request Chain 246

• https://d.agkn.com/pixel/2175/?google_gid=CAESEJauls5BwHg3hlGZbcgc_jI&google_cver=1&google_push=AQvitUJTI5LGSF1f5xhOPNB-t4cd6kY4dmTpCW7d37hGu662kKJ4I-rifnjfpArj0s7t-zoRbaA959Iu4noP3vS0qH0wMX1DNSqn HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJTI5LGSF1f5xhOPNB-t4cd6kY4dmTpCW7d37hGu662kKJ4I-rifnjfpArj0s7t-zoRbaA959Iu4noP3vS0qH0wMX1DNSqn&google_hm=Q0FFU0VKYXVsczVCd0hnM2hsR1piY2djX2pJ

Request Chain 248

• https://rtb.openx.net/sync/dds?google_gid=CAESEMdFHTTBnbAdANYBkAFHASg&google_cver=1&google_push=AQvitULxCmCZi8n8MKpDneCMtYml8rcfWtVhv9DnDMyffBzyYg_2Rxp0cg0H2fiQ-HRoNyuwSjQ0eaoZFunCDwna6mruseJlz_cUNQ HTTP 302
• https://rtb.openx.net/sync/dds?google_gid=CAESEMdFHTTBnbAdANYBkAFHASg&google_cver=1&google_push=AQvitULxCmCZi8n8MKpDneCMtYml8rcfWtVhv9DnDMyffBzyYg_2Rxp0cg0H2fiQ-HRoNyuwSjQ0eaoZFunCDwna6mruseJlz_cUNQ&ox_sc=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULxCmCZi8n8MKpDneCMtYml8rcfWtVhv9DnDMyffBzyYg_2Rxp0cg0H2fiQ-HRoNyuwSjQ0eaoZFunCDwna6mruseJlz_cUNQ&google_hm=9OL4d3pEyFMK2CO4eOQwWQ==

Request Chain 249

• https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIynzaJw232-ZrzKI4uVWiw&google_cver=1&google_push=AQvitUK60QnLThQMLeIYoQEdXkFqiYXexNT96l0qN1ejVleapT2wqTUNplo6MlXiL4WJ5lwaGgHmQ0fw3r8pT0jevXrDsPP-rpyYEA HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05PUFM2NFAtMVEtQlBaTQ==&google_push=AQvitUK60QnLThQMLeIYoQEdXkFqiYXexNT96l0qN1ejVleapT2wqTUNplo6MlXiL4WJ5lwaGgHmQ0fw3r8pT0jevXrDsPP-rpyYEA

Request Chain 251

• https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEMisld6jHZ6DoBerzbSuo68&google_cver=1&google_push=AQvitUIDGll_HfAw2b3ynSUlWBFbWU6_oOsWW5akbSXV18vHsgAXQFr79eH5at0D3NlU4J-2wsr8hnVN4pNFDugrPgKxOj4ljJzZNTA HTTP 301
• https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIDGll_HfAw2b3ynSUlWBFbWU6_oOsWW5akbSXV18vHsgAXQFr79eH5at0D3NlU4J-2wsr8hnVN4pNFDugrPgKxOj4ljJzZNTA&google_hm=

264 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7 Show response www.teamblind.com/post/ Redirect Chain https://links910.mixmaxusercontent.com/5edee374e48ca800304aa4b8/l/BCpS7eE9WrtQc1Y5f?messageId=o5PL1XlpAK587fnnh&rn=&re=gIt92YuMXZjJXdvNXZyF2ZyFGdANHZsVWamJnI&sc=false https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainatio...	217 KB 38 KB	1382ms 1382ms	Document text/html	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 7b6be423a91cf6383b7248a671deed764bae01cfc504bdef7e3b8d5ceb66ab63 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :method GET :authority www.teamblind.com :scheme https :path /post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-type text/html; charset=utf-8 date Mon, 19 Apr 2021 14:49:22 GMT x-dns-prefetch-control off x-frame-options SAMEORIGIN strict-transport-security max-age=5184000; includeSubDomains x-download-options noopen x-permitted-cross-domain-policies none referrer-policy same-origin x-xss-protection 1; mode=block etag "3659e-HX/anGtzfZpqn/Z9I8/c/2/tGQ0" accept-ranges none vary Accept-Encoding content-encoding gzip x-cache Miss from cloudfront via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) x-amz-cf-pop TXL52-C1 x-amz-cf-id moMLp6SCtnDz7dN7-ipwNW8GNr1n--NhR4y-J0WsJNQaJ0LTULf9Ww== Redirect headers date Mon, 19 Apr 2021 14:49:20 GMT content-type text/html; charset=utf-8 content-length 478 location https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme x-robots-tag noindex, nofollow x-content-type-options nosniff x-xss-protection 1; mode=block strict-transport-security max-age=7200 content-security-policy frame-ancestors 'self' https://*.mixmax.com chrome-extension://ocpljaamllnldhepankaeljmeeeghnid chrome-extension://iepajgdflhljdlfldkfbikiiaiahimjl https://mail.google.com https://inbox.google.com https://*.force.com https://*.salesforce.com; frame-src; report-uri /csp-violation referrer-policy no-referrer cache-control no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0 x-ratelimit-limit 100 x-ratelimit-reset 1618930152 x-ratelimit-remaining 89 vary Accept, Accept-Encoding
GET H2	200	c6b3bcfbca640f0cf2b1.js Show response www.teamblind.com/_nuxt/	8 KB 3 KB	31ms 29ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash d94fd083706070305d8283c037e8d06e82cd891d2100d313073226114ebb481a Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/c6b3bcfbca640f0cf2b1.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:53 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538649 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:32 GMT x-frame-options SAMEORIGIN etag W/"20be-178ca7f229d" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id JL4KB-zalEhylO3XdUE50TE9tWsmtjp8_k-Pswj5sH9LLD8RG6EQRQ==
GET H2	200	af446fab3a380652e754.js Show response www.teamblind.com/_nuxt/	191 KB 66 KB	32ms 30ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/af446fab3a380652e754.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 1b441c58d9eca505d906bae067895b62fdfc6916fcedaf35dff03badbad6bb57 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/af446fab3a380652e754.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:53 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538649 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:43 GMT x-frame-options SAMEORIGIN etag W/"2facd-178ca7f4c5b" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id lH8a6NN5wEWA7R6inK3W58H0lSL7RO6JYO-79UDlwo-1n7l4Oc3kFw==
GET H2	200	c15ae5eeabcffb56ce7a.js Show response www.teamblind.com/_nuxt/	1 MB 385 KB	31ms 29ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 6fb69481ea7b123e0f401570d39621586a0213ead61855be488ab5aeb945b5b8 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/c15ae5eeabcffb56ce7a.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 17 Apr 2021 23:41:38 GMT content-encoding gzip x-permitted-cross-domain-policies none age 140864 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:36 GMT x-frame-options SAMEORIGIN etag W/"169799-178ca7f3221" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id irnRjnRasOU3LUp-_-ap0pbqKW8woDl3_ZTHJR543mzJN9xtX2aiUg==
GET H2	200	7e434926e2c070fb4d99.css www.teamblind.com/_nuxt/	896 KB 113 KB	31ms 29ms	Stylesheet text/css	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash ae7d05618d5b0db7b893212ff02b6f0ff33c4a0dfc9184f008c5b6def805d0ac Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/7e434926e2c070fb4d99.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 17 Apr 2021 17:00:24 GMT content-encoding gzip x-permitted-cross-domain-policies none age 164938 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:32 GMT x-frame-options SAMEORIGIN etag W/"dfff8-178ca7f2095" x-download-options noopen vary Accept-Encoding content-type text/css; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id SEwj-DhH_yHkyth4ems7WFu9ivdpC8C0pogy0cXcvRakd4C9eC6sYA==
GET H2	200	630732b05e14a94bcf9d.js Show response www.teamblind.com/_nuxt/	328 KB 82 KB	298ms 297ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/630732b05e14a94bcf9d.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 53280905b2db2aa2c72a68c4dc4c3e63d640fc581343f26842e830ed8866206c Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/630732b05e14a94bcf9d.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:53 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538649 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:34 GMT x-frame-options SAMEORIGIN etag W/"52187-178ca7f295d" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id 6dODvspDh1CWQYZF7Zhvmy79loIQcNjRcr6RlpqDQx3aMLK12XwxCQ==
GET H2	200	92082029542712d22845.js Show response www.teamblind.com/_nuxt/	80 KB 20 KB	300ms 299ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/92082029542712d22845.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 32200079af3431dac0a17d4fc12fefa2f8f598be001d9b36cf0f4c76fca4ed3b Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/92082029542712d22845.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 01:09:31 GMT content-encoding gzip x-permitted-cross-domain-policies none age 135591 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Sat, 17 Apr 2021 23:42:30 GMT x-frame-options SAMEORIGIN etag W/"14145-178e236e122" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id bGMsiKaMeNrebMTEO4V4B03Yff0bl0gC_MN6HYEf-qtBfiLjyGvNtw==
GET H2	200	0c450cef490b6b08b6a1.css www.teamblind.com/_nuxt/	285 B 730 B	299ms 298ms	Stylesheet text/css	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/0c450cef490b6b08b6a1.css Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash d7272d71b8b5e6750cd47d2d26bf7a8ec8c531f8aff15297c9101491bea4c26f Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/0c450cef490b6b08b6a1.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 12 Apr 2021 00:29:15 GMT content-encoding gzip x-permitted-cross-domain-policies none age 656407 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Sun, 11 Apr 2021 20:59:35 GMT x-frame-options SAMEORIGIN etag W/"11d-178c2bb919c" x-download-options noopen vary Accept-Encoding content-type text/css; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id GtI7h9zap0LMhxCyh7OGFvd3K_zSqC4SUfO3u50tephXqOFISmydaQ==
GET H2	200	afe86dc7d98057e5ed34.js Show response www.teamblind.com/_nuxt/	17 KB 5 KB	31ms 30ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/afe86dc7d98057e5ed34.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash dc2127679b8d871e3955b5209a0bbce29a6088e0ce0bb633984f98c2f3220b05 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/afe86dc7d98057e5ed34.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:53 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538649 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:53 GMT x-frame-options SAMEORIGIN etag W/"432a-178ca7f729b" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id 8FPunJMCzCUlmRPqdtZwSvPfvfKC4JSOEVz9Zw8ojH7oAg4znWkpKw==
GET H2	200	swiper.min.css www.teamblind.com/swiper/css/	19 KB 4 KB	453ms 453ms	Stylesheet text/css	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/swiper/css/swiper.min.css Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /swiper/css/swiper.min.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:22 GMT content-encoding gzip x-permitted-cross-domain-policies none x-amz-cf-pop TXL52-C1 x-dns-prefetch-control off x-cache Miss from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Mon, 19 Apr 2021 14:05:06 GMT x-frame-options SAMEORIGIN etag W/"4d42-178ea72f6be" x-download-options noopen vary Accept-Encoding content-type text/css; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id ZjhaRe4s3qQXerax4A19e5VMJm0_fHDl6Zqm1sPQ_z5r_g_s6W5DbA==
GET H2	200	gtm.js Show response www.googletagmanager.com/	145 KB 52 KB	15ms 14ms	Script application/javascript	2a00:1450:4001:801::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-KS76Q2H&l=dataLayer Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash c43130cdcab2a3d2c91ef3ac772e799d735d4de8b87b5a37eb032011663adbbd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:22 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 53536 x-xss-protection 0 last-modified Mon, 19 Apr 2021 12:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 19 Apr 2021 14:49:22 GMT
GET H2	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/	134 KB 48 KB	25ms 23ms	Script text/javascript	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash dad2ac3f093b8cdcca3bfce4fb4d0d7c2e72bd3247ea05ec5e383559d4c3a77f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:22 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 48646 x-xss-protection 0 server cafe etag 9885252380620520250 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Mon, 19 Apr 2021 14:49:22 GMT
GET H2	200	stickybits.min.js Show response www.teamblind.com/js/	6 KB 3 KB	452ms 447ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/js/stickybits.min.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash cec04fe7936fce4f9e63fd026c4466f66deda2e5fa9e1b6aac3bfbb18d787b04 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /js/stickybits.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:23 GMT content-encoding gzip x-permitted-cross-domain-policies none x-amz-cf-pop TXL52-C1 x-dns-prefetch-control off x-cache Miss from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:34 GMT x-frame-options SAMEORIGIN etag W/"1744-178ca7f28cd" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 8WhF0RqRM1W1hkePe34mueTDGB6PClQ5cI6-UHs5raMkr1COjDofeA==
GET H2	200	swiper.min.js Show response www.teamblind.com/swiper/js/	125 KB 33 KB	450ms 447ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/swiper/js/swiper.min.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash b9c90c601bc81ad71ed8be557ff9b095de5aae947926e84011e2728cf65250a6 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /swiper/js/swiper.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:23 GMT content-encoding gzip x-permitted-cross-domain-policies none x-amz-cf-pop TXL52-C1 x-dns-prefetch-control off x-cache Miss from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Mon, 19 Apr 2021 14:04:54 GMT x-frame-options SAMEORIGIN etag W/"1f3be-178ea72c8fe" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id F2xDy3mcOkUI0R0lWROrXLGYjvPlZrHYrdTRKZUqyhSqsuMqzEU8iA==
GET H2	200	iscroll.js Show response www.teamblind.com/js/	54 KB 13 KB	772ms 770ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/js/iscroll.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 2dea8a79d16c66887e8e766c7e8249d4828dc753e637f254600d2db24654d303 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /js/iscroll.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:23 GMT content-encoding gzip x-permitted-cross-domain-policies none x-amz-cf-pop TXL52-C1 x-dns-prefetch-control off x-cache Miss from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Mon, 19 Apr 2021 14:04:40 GMT x-frame-options SAMEORIGIN etag W/"d740-178ea72921e" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 0ItBh-xJPzE58YPXcFMx7VjExN2i6uoEaQXV6lAwTEti-rqJae9omw==
GET H/1.1	200 OK	logo_f0e9d7fa.png teamblindstatics.s3.ap-northeast-1.amazonaws.com/img/companyPage/	9 KB 10 KB	1057ms 278ms	Image image/png	52.219.136.254 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://teamblindstatics.s3.ap-northeast-1.amazonaws.com/img/companyPage/logo_f0e9d7fa.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.219.136.254 Tokyo, Japan, ASN16509 (AMAZON-02, US), Reverse DNS s3-ap-northeast-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash d07e79e862add2cf902bd1cbfdfbfa356b5c36bbe569fa017dd7c0baa5790a30 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 19 Apr 2021 14:49:24 GMT Last-Modified Thu, 26 Dec 2019 02:44:58 GMT Server AmazonS3 x-amz-request-id 0V0WBFM2MG0NG4RX ETag "2f5203d12a82e36752115b503f74e580" Content-Type image/png x-amz-version-id jPqs1XgeoNNznqgtMm70DXtQjJPrYT0q Accept-Ranges bytes Content-Length 9615 x-amz-id-2 4sL5sUwYKlh1YddNLj/v8rZVU5DlW1WWBBmsxTyg+VU9N/t1x3UoCap8+YqOiCAejeWjT5DlOGs=
GET H2	200	logo_100219.jpg d2u3dcdbebyaiu.cloudfront.net/img/companyPage/	5 KB 6 KB	34ms 34ms	Image image/jpeg	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/companyPage/logo_100219.jpg Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 9fda17a1f3f9bfaef174418e93302fa68dcaff37546a25d286fb3a066168e49f Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 10 Dec 2020 09:38:33 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Fri, 13 Dec 2019 02:18:43 GMT server AmazonS3 age 11250650 etag "7049ae9dad4b6ec315aa07277e89fb88" x-cache Hit from cloudfront x-amz-version-id AITtcY5SGTGGkjF0lFC7FqdXeXf828t9 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/jpeg content-length 5528 x-amz-cf-id fdDtp3y1MdjTegNYZikQZX8l1S0puw8q8zVyXvKwcGbPEFNcvnj3Gg==
GET H2	200	logo_109165.jpg d2u3dcdbebyaiu.cloudfront.net/img/companyPage/	10 KB 10 KB	56ms 56ms	Image image/jpeg	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/companyPage/logo_109165.jpg Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 13d8d24d56ed11238a516563650af59e3537d6460229c777bdb43ae6e8fa33cd Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 12 Feb 2021 05:07:30 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 06 May 2020 06:00:09 GMT server AmazonS3 age 5737313 etag "4bec68e3f8b72dc14adfb7b2de630b4b" x-cache Hit from cloudfront x-amz-version-id HMlSZa6NKjSk0PmaYBKGyPsrJOf5GD_N x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/jpeg content-length 10102 x-amz-cf-id 7gKdIH6ccENWbHqlFF0j3IegUfdOxUsgxh75Qo-wK4t4Si6ynLrkvQ==
GET H2	200	blind-logo.png d2u3dcdbebyaiu.cloudfront.net/img/www/	3 KB 4 KB	32ms 31ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/blind-logo.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 3688ea0b958780bd7c481db25d847cdc7027b0ca122d532d9bbf000579bf3164 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 07 Mar 2021 18:36:29 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:44 GMT server AmazonS3 age 3701574 etag "acf72d94070ecea25cd61702ade8304a" x-cache Hit from cloudfront x-amz-version-id f.TdYbeUaaCBlQB02PXbl3VTOiaYhQfk cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 3551 x-amz-cf-id d33PxpDZx7K2jV4ob763qwPMtYASPjSTRZaKUQMZptFX6RsrfPfEkQ==
GET H2	200	sp-union-onboard.png d2u3dcdbebyaiu.cloudfront.net/img/www/	179 KB 180 KB	32ms 31ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/sp-union-onboard.png?time=sep20201 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 98fb894f615476d2c142ab2b8dfb56035ecd9e58393bbb3feb8f067f5490d5f4 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 07 Mar 2021 18:36:29 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 23 Dec 2020 07:14:35 GMT server AmazonS3 age 3701573 etag "2a7576b463332089f02fdfb341f21d77" x-cache Hit from cloudfront x-amz-version-id CJlsVrXZjEshXbBzLxYNWg3QtTb7oKp8 cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 183225 x-amz-cf-id zVAd_lTWeWOhrZL75kCMjUhywzKAutoQH-qJbIUddTba3mMBlhbVZw==
GET H2	200	bg-gradation.png d2u3dcdbebyaiu.cloudfront.net/img/www/	1 KB 1 KB	44ms 44ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/bg-gradation.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash c1e484c08f5ca34c45c51c5e73a54369fea83e13a0fd54e880dc5841e8d89d92 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 02 Mar 2021 18:34:19 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:44 GMT server AmazonS3 age 4133704 etag "8679a9ebcd8fcc895cead4fac9dd5d2f" x-cache Hit from cloudfront x-amz-version-id 6_hR0ANysrShYf7gVh_n6rJbcXlFnDiQ cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 1082 x-amz-cf-id 2YNjyWXQ6tYmXYLAiRIrkGiBQpiBXfcsKRwfQdU-fpXzZE1vHUMwUg==
GET H2	200	bg-gradation-xs.png d2u3dcdbebyaiu.cloudfront.net/img/www/	6 KB 7 KB	43ms 43ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/bg-gradation-xs.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 53b12bb0978b2dc52d02ff9c820c4ec89fb32acf07b86737eb7d731f5841c272 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 01 Mar 2021 12:53:48 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:44 GMT server AmazonS3 age 4240535 etag "6842e1866c518de6ff9d6d91ee004747" x-cache Hit from cloudfront x-amz-version-id 8au3HjyIVNwPPW_7QSKrVfkA4JSOITob cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 6598 x-amz-cf-id uTkTlXTn7wywILZB7ywwnBcB0H7a1Ve-MsfhEkoNpbFBQw8_RKxt-w==
GET H2	200	sp-company.png d2u3dcdbebyaiu.cloudfront.net/img/www/	26 KB 26 KB	43ms 42ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/sp-company.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 4634a8b80b516b7224c93c4e2170929d261e6f46277040da4fccfa10179e1428 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 21 Mar 2021 21:10:00 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:46 GMT server AmazonS3 age 2482763 etag "ea19f9358cb9ba1e8cfdc2fe06537e62" x-cache Hit from cloudfront x-amz-version-id _4iQSIsqKM2QMOhF.h0225ZGx6BvR9hp cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 26283 x-amz-cf-id LuxV3FzvTs_IaKGBIZm-AvvRAkuxkeEl0ezMp7kGvde6B_5lBd8LHg==
GET H2	200	sp-cmp.png d2u3dcdbebyaiu.cloudfront.net/img/www/	225 KB 225 KB	42ms 42ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/sp-cmp.png?time=oct2020 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash f730ee4f88627a54cb6f3a147e09d8a8f8a8193fda99b59055414cf92270893d Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 11 Jan 2021 21:28:49 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Tue, 05 Jan 2021 08:35:02 GMT server AmazonS3 age 8443234 etag "b25fdefb57c6f6ccd4b8cd6a0af58c0a" x-cache Hit from cloudfront x-amz-version-id lbqPvVQfywkb8JF.fLMQGTHL2S0f8Cy7 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 230256 x-amz-cf-id Js4gocP74nwNtBT30-R3cICVIyEt2y7Y3WhDNcAPGgBXeSdGfaAxaQ==
GET H2	200	/ Show response uswwwnotifier.teamblind.com/socket.io/	101 B 614 B	182ms 182ms	XHR application/octet-stream	54.189.67.184 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZgcuCi Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.189.67.184 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-189-67-184.us-west-2.compute.amazonaws.com Software / Resource Hash 052672b562871c75b656888d71efef3ec9aed3f14d2c28bd9bdd187870e14f06 Request headers Accept */* Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin https://www.teamblind.com date Mon, 19 Apr 2021 14:49:23 GMT access-control-allow-credentials true content-length 101 content-type application/octet-stream
GET H2	200	/ Show response uswwwnotifier.teamblind.com/socket.io/	101 B 612 B	182ms 182ms	XHR application/octet-stream	54.189.67.184 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZgcuCw Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.189.67.184 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-189-67-184.us-west-2.compute.amazonaws.com Software / Resource Hash 75259a3ad2cd94b3b519c2154e7c30b5ccc693474cb3329f59f1e146539e87fb Request headers Accept */* Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin https://www.teamblind.com date Mon, 19 Apr 2021 14:49:23 GMT access-control-allow-credentials true content-length 101 content-type application/octet-stream
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	4 KB 2 KB	7ms 6ms	Script application/x-javascript	2a02:26f0:7100:48a::25ea AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KS76Q2H&l=dataLayer Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100:48a::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 19 Apr 2021 14:49:23 GMT Content-Encoding gzip Last-Modified Mon, 04 Jan 2021 22:14:03 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=47392 Connection keep-alive Accept-Ranges bytes Content-Length 1855
GET H/1.1	200 OK	obtp.js Show response amplify.outbrain.com/cp/	7 KB 3 KB	8ms 8ms	Script application/x-javascript	184.30.21.80 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://amplify.outbrain.com/cp/obtp.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 184.30.21.80 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-30-21-80.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash e15eca5878352d8972f4e93b9aed80e34860514c23bfe9ee0a01767a291cf28a Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 19 Apr 2021 14:49:23 GMT Content-Encoding gzip Last-Modified Mon, 22 Mar 2021 12:03:44 GMT Server AkamaiNetStorage ETag "c43e7f1b0459d05cce32768dd16af59b:1616414624.063318" Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=1200 Connection keep-alive Accept-Ranges bytes Content-Length 2864 Expires Mon, 19 Apr 2021 15:09:23 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	92 KB 24 KB	6ms 6ms	Script application/x-javascript	2a03:2880:f02d:12:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 98e6165f4ca935ed2cd034d3f71ed277bfa1b20b684fb180a7935d2c4b853bf4 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; content-encoding gzip x-content-type-options nosniff x-xss-protection 0 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 23963 x-fb-rlafr 0 pragma public x-fb-debug bkXWmQb7IxNuPmKde9sXvbfmL2sh/1UuNfIE6RgeG7e4iuPl38PDNvXOHAmZLJv1HKgbMDdmkNqwBaKpp2LlDA== x-fb-trip-id 917726464 x-frame-options DENY cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Mon, 19 Apr 2021 14:49:23 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	trackpush.min.js Show response s3.amazonaws.com/cdn.aimtell.com/trackpush/	46 KB 13 KB	451ms 155ms	Script text/javascript	52.216.110.85 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.110.85 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash bb52029b82278a64a7fdba2848eed6c0314756f16d2b242ed5d68198278e73a3 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 19 Apr 2021 14:49:24 GMT Content-Encoding gzip Last-Modified Fri, 16 Apr 2021 18:02:02 GMT Server AmazonS3 x-amz-request-id 0V0J88SZNZX8PC8W ETag "ad444c6967981129ff2651aeebb6a405" Content-Type text/javascript Cache-Control max-age=86400 Accept-Ranges bytes Content-Length 12961 x-amz-id-2 VjODdzQsiOWwpSPJ6NDBLJmbcodev30a/yV14dIlOIQc0m2pMC+2qc0i9Y7Gnn+m3WnGfgBh3CU=
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 19 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/630732b05e14a94bcf9d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Fri, 19 Mar 2021 19:22:18 GMT server Golfe2 age 3181 date Mon, 19 Apr 2021 13:56:22 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19463 expires Mon, 19 Apr 2021 15:56:22 GMT
GET H3-29	200	show_ads_impl_with_ama_fy2019.js Show response pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/	222 KB 83 KB	28ms 28ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 11d5cc5bb3db6c56fb91f9068e7f4741f6212c8e2e5546b17039c1c58720fb83 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:23 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 84747 x-xss-protection 0 server cafe etag 7950800710615234990 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Mon, 19 Apr 2021 14:49:23 GMT
GET H2	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20210414/r20190131/ Frame 2135	10 KB 5 KB	5ms 5ms	Document text/html	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20210414/r20190131/zrt_lookup.html Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /pagead/html/r20210414/r20190131/zrt_lookup.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 19 Apr 2021 14:17:37 GMT expires Mon, 03 May 2021 14:17:37 GMT content-type text/html; charset=UTF-8 etag 10446291943670460780 x-content-type-options nosniff content-encoding gzip server cafe content-length 4644 x-xss-protection 0 age 1906 cache-control public, max-age=1209600 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H2	200	tcSamples Show response www.teamblind.com/api/salary/	742 B 2 KB	569ms 568ms	XHR application/json	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/api/salary/tcSamples Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/af446fab3a380652e754.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 2427a72b32d93d51300bbf1462a2130b556b072b46be257e49dd363eb7b39632 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-fetch-mode cors origin https://www.teamblind.com accept-encoding gzip, deflate, br accept-language en-US sec-fetch-dest empty cookie _gcl_au=1.1.1279177587.1618843764 content-length 358 :path /api/salary/tcSamples pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 content-type application/json;charset=UTF-8 accept application/json, text/plain, */* cache-control no-cache :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method POST Accept application/json, text/plain, */* Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/json;charset=UTF-8 Response headers date Mon, 19 Apr 2021 14:49:24 GMT via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) x-permitted-cross-domain-policies none x-amz-cf-pop TXL52-C1 x-dns-prefetch-control off x-cache Miss from cloudfront content-length 742 x-xss-protection 1; mode=block referrer-policy same-origin x-frame-options SAMEORIGIN etag W/"2e6-34umGlHTXF6qa0EQRwW9HoItXp4" x-download-options noopen strict-transport-security max-age=5184000; includeSubDomains content-type application/json; charset=utf-8 set-cookie bl_session=eyJub3dJbk1pbnV0ZXMiOjI2OTgwNzI5LCJwdWJLZXkiOiItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUExaFZUeVhRWThDSWNOMGRpYXVWYlxuK2VtaDgyb1ZnOTdidkZPdlRteFpYeDkrNVlwOTdlYmlKNW12V0tueVIraU9FKytoM2U5amZBdVU2UjZVaksrSlxudGRQZjJBM2pNNWNXaXJWcFlSa3ZoeURpV3E5bkoyUFl1cTFUVDJUUjJFSGxpaEFDNEdyWUh2dldBU29CZnBUalxuRjVYcUNaL1A5NU9EYzRuU1lRcGFOekV1dFdPS3RsS1N0cDVXLzBEREg0RDB4eFlpQW9wZ0dTV1c5MURUS0FwV1xuSGtBWDFIZ1Uvcm92N3FLOFNOUk1Ud1BISUdhSXh3Z0JUcUZUS3BNMGNpUjVBejZ1b3JVdDh5T0FYb0JiM20zRlxuQ0tOR3V4ak85TlJqVDVwNmhocThGYVM3YmdlbllqclFXQ1hsMG9xM3FmMXFMai9HVmJCOVlQUy9DOHpZRHRBcVxuendJREFRQUJcbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLVxuIiwia2V5Ijoib1k3Z05kRzUiLCJ6bCI6InlFa0RIRnhwOC9uQmY5cEpUL1JhN0JSMDJISnB4VVRHRmlnU28rTUNOK3ZLY2loNGErbVNOK28xS1B0VU4zUXdNMUhvaVZBZHFBNjRlZTVFZEdabWNNN28zb3NSY21hTlJsenA5VFhlRERRQ1N3THVGdHdFSm41Z09tWHpFelVkK2ozeGJkZVl0bVE0clNnMElVWk5MVy9qT1NNbW1ROTJxMkRjS1QrWVRZVmFFZjRPa1YvTm9ValVrK28zSnNjMjJvaU5CWjVjaUhmRkh5QXR0c2RkdHFMNm1xZWE2bi9rWUZ2S2VqeHFMNWU2T25TQWFqNGZXMXBNVmNhWjBybExMeXRGaFdNZEtnZmwvMzJMclc3eUFMWVdid1VQWkRIeEplNFJzNkVOV2JRaDF0VmdBd29mZ09DTTFZZW9FeE8xTWlTTFBtaGxMVFZhQUZFVXB5RFNBdz09In0=; path=/; expires=Mon, 03 May 2021 14:49:24 GMT; httponly bl_session.sig=aXV4WbJVm08Qcgg3bPDUATqmkJM; path=/; expires=Mon, 03 May 2021 14:49:24 GMT; httponly x-amz-cf-id sHaG5WL2quiQA5Lp9RnHt9W3BygMV4n4Ak4-m4Mouyv5A-PferYSyQ==
GET H2	200	/ Show response uswwwnotifier.teamblind.com/socket.io/	5 B 513 B	183ms 182ms	XHR application/octet-stream	54.189.67.184 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZgcuFh&sid=swU5HVWKqYyldMsQsDxs Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.189.67.184 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-189-67-184.us-west-2.compute.amazonaws.com Software / Resource Hash 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a Request headers Accept */* Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin https://www.teamblind.com date Mon, 19 Apr 2021 14:49:23 GMT access-control-allow-credentials true content-length 5 content-type application/octet-stream
GET H2	200	collect px.ads.linkedin.com/	0 461 B	139ms 139ms	Image application/javascript	2620:119:50e6:101::6cae:b05 LINKEDIN
General Check archive.org Show headers Download Go to Show image Full URL https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=471108&time=1618843763693&url=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dexplainationgme Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:119:50e6:101::6cae:b05 , United States, ASN14413 (LINKEDIN, US), Reverse DNS Software Play / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:23 GMT server Play linkedin-action 1 x-li-fabric prod-lva1 x-li-proto http/2 x-li-pop prod-ech2 content-type application/javascript content-length 0 x-li-uuid WnhSfdNJdxZgrjJTcCsAAA==
GET H/1.1	200 OK	cachedClickId Show response tr.outbrain.com/	35 B 239 B	369ms 95ms	Script application/javascript	70.42.32.95 AS-OUTBRAIN
General Check archive.org Show headers Download Go to Full URL https://tr.outbrain.com/cachedClickId?marketerId=00036f62ef463ea29a8544928b83649d57 Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 70.42.32.95 , United States, ASN22075 (AS-OUTBRAIN, US), Reverse DNS ny.outbrain.com Software / Resource Hash 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 19 Apr 2021 14:49:24 GMT content-encoding gzip X-TraceId 95134e7ba026d294fd7842c94d8f1133 Content-Length 56 Content-Type application/javascript
GET H/1.1	200 OK	unifiedPixel tr.outbrain.com/	43 B 256 B	394ms 99ms	Image image/gif	70.42.32.95 AS-OUTBRAIN
General Check archive.org Show headers Download Go to Show image Full URL https://tr.outbrain.com/unifiedPixel?marketerId=00036f62ef463ea29a8544928b83649d57&obApiVersion=1.1&obtpVersion=1.4.1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&optOut=false&bust=05799326826626843 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 70.42.32.95 , United States, ASN22075 (AS-OUTBRAIN, US), Reverse DNS ny.outbrain.com Software / Resource Hash 33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 19 Apr 2021 14:49:24 GMT Cache-Control no-cache X-TraceId 733a546c1a2e504f8842812777b66612 content-encoding gzip Content-Length 60 Content-Type image/gif;
GET H3-29	200	172618923088387 Show response connect.facebook.net/signals/config/	254 KB 72 KB	53ms 53ms	Script application/x-javascript	2a03:2880:f02d:12:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/172618923088387?v=2.9.39&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash a3c7456ae6bd6bc3fb2f7a7c10452e8539643a7bf9c46456e72679c94db8796c Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; content-encoding gzip x-content-type-options nosniff x-xss-protection 0 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 x-fb-rlafr 0 pragma public x-fb-debug 5A2OB2S9pB3LFzb/M6kcXekw6Hcuz2cgGxCzeITQysO4c0v2s88p+fJsiKJD3aEcpJBeLth+aFwQOvGZe7Ijzg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-frame-options DENY date Mon, 19 Apr 2021 14:49:23 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
POST H3-29	200	collect Show response www.google-analytics.com/j/	4 B 24 B	13ms 13ms	XHR text/plain	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j89&a=1376191487&t=pageview&_s=1&dl=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&dp=%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ul=en-us&de=UTF-8&dt=Full%20explanation%20of%20the%20GME%2C%20RH%2C%20and%20Citadel%20debacle%20-%20Blind&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAAC~&jid=1584085326&gjid=64974879&cid=143427871.1618843764&tid=UA-44450149-4&_gid=625887198.1618843764&_r=1&_slc=1&z=1618273575 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:23 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.teamblind.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3-29	200	collect Show response www.google-analytics.com/j/	2 B 22 B	13ms 13ms	XHR text/plain	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j89&a=1376191487&t=pageview&_s=1&dl=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&dp=%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ul=en-us&de=UTF-8&dt=Full%20explanation%20of%20the%20GME%2C%20RH%2C%20and%20Citadel%20debacle%20-%20Blind&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAAC~&jid=773403786&gjid=1529370139&cid=143427871.1618843764&tid=UA-169230122-5&_gid=625887198.1618843764&_r=1&_slc=1&z=251944051 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:23 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.teamblind.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response uswwwnotifier.teamblind.com/socket.io/	5 B 520 B	182ms 182ms	XHR application/octet-stream	54.189.67.184 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZgcuG2&sid=a0XZ-1MptF-k_ImlHb6R Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.189.67.184 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-189-67-184.us-west-2.compute.amazonaws.com Software / Resource Hash 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a Request headers Accept */* Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin https://www.teamblind.com date Mon, 19 Apr 2021 14:49:23 GMT access-control-allow-credentials true content-length 5 content-type application/octet-stream
GET H2	200	c945bdf7ec430fe8339a.js Show response www.teamblind.com/_nuxt/	54 KB 16 KB	26ms 24ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/c945bdf7ec430fe8339a.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 96b6681f28903bd40dea8277fd55e57ae37b4eda06dc3e68150f81fe3b032bce Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/c945bdf7ec430fe8339a.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:54 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:51 GMT x-frame-options SAMEORIGIN etag W/"d7b8-178ca7f69ff" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id 0OB7zaqtmD3oVD8tGIH7dSUHHTFCtI3iRXETx70nrFLi68-lsg_93Q==
GET H2	200	eca3529c80e91b1d06c0.js Show response www.teamblind.com/_nuxt/	215 B 737 B	28ms 26ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/eca3529c80e91b1d06c0.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 1dfedaa4297bda780ac46ebab35b55e8fe26415a2f84ce832ffff0736df5284c Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/eca3529c80e91b1d06c0.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:55 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:35 GMT x-frame-options SAMEORIGIN etag W/"d7-178ca7f2edf" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id pQMuK9FP3dpeJnqOIDMBM4EqOVQvzrGzJKYIVMZgUgRh2iZxLHr6QA==
GET H2	200	76d9f12a96a0481865c9.js Show response www.teamblind.com/_nuxt/	32 KB 10 KB	28ms 26ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/76d9f12a96a0481865c9.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 6166176f087dcb2e34b8ab4aac5f3ceab876353aaeb4f701b140868fc62ef8cf Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/76d9f12a96a0481865c9.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 20:55:00 GMT content-encoding gzip x-permitted-cross-domain-policies none age 64463 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Sun, 18 Apr 2021 16:29:24 GMT x-frame-options SAMEORIGIN etag W/"812f-178e5d0b75f" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id QkcoQuHnYb5V9UnaB9ETfMrU01CNdu39rwqJB2Mz2gFd84_a8XnNYQ==
GET H2	200	3edc3777e4c0cbb2c76c.js Show response www.teamblind.com/_nuxt/	73 KB 19 KB	33ms 29ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/3edc3777e4c0cbb2c76c.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 49f7dca11b1d6ec82fb96142bf05e5588fd6a6276ea79a9b56af916c29838f65 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/3edc3777e4c0cbb2c76c.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:55 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:37 GMT x-frame-options SAMEORIGIN etag W/"1240d-178ca7f3685" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id ZA-3Emc_dTeSkqiIxCCTquSwQHpBsBmVU9h4lPM5G14TchHAqg2ivw==
GET H2	200	6b3b5679b79359cf5f60.js Show response www.teamblind.com/_nuxt/	174 KB 53 KB	30ms 27ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/6b3b5679b79359cf5f60.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash ebd74ccd61864d807768b9d61cf9f71c5e175a4ec83fdc0fe78d7daa229c8ffc Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/6b3b5679b79359cf5f60.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 00:43:53 GMT content-encoding gzip x-permitted-cross-domain-policies none age 137130 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:33 GMT x-frame-options SAMEORIGIN etag W/"2b76d-178ca7f23f5" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id H8ftqBfYS00esdGgpRwSUWmGl6ER7Z0vu9Gl_fXOKooN9jD6dIeaag==
GET H2	200	fa7a203f99c8d9d241e1.js Show response www.teamblind.com/_nuxt/	59 KB 11 KB	30ms 28ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/fa7a203f99c8d9d241e1.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 9a6593db707489a4b3966aa68899741fd3ea0ef0c20f65250fbadfed8e83d22f Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/fa7a203f99c8d9d241e1.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:12:47 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538596 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:37 GMT x-frame-options SAMEORIGIN etag W/"eadb-178ca7f35ed" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id KKWs1kDy8a9XmQfBxMfbnt0jw4W0T6Ngk4Op0jbi68Ghk8C-ohdKGQ==
GET H2	200	0e4338761429b4eb16ac.css www.teamblind.com/_nuxt/	0 569 B	33ms 29ms	Stylesheet text/css	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/0e4338761429b4eb16ac.css Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/0e4338761429b4eb16ac.css pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 08 Feb 2021 01:58:52 GMT content-encoding gzip x-permitted-cross-domain-policies none age 6094231 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Fri, 05 Feb 2021 04:44:13 GMT x-frame-options SAMEORIGIN etag W/"0-17770813b18" x-download-options noopen vary Accept-Encoding content-type text/css; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id CJxah0bfWJ-KCfnqrKnU7qvSnpkSk4IpZe2D0cVze3ECkkb-_D58zQ==
GET H2	200	3e8aa9aa2ca83f8ed7d1.js Show response www.teamblind.com/_nuxt/	18 KB 6 KB	28ms 26ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/3e8aa9aa2ca83f8ed7d1.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash cad3d12505a78bcab262663591b8a66cb6c8353aa7c97fcc7b80155a29075ac5 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/3e8aa9aa2ca83f8ed7d1.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:12:47 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538596 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:31 GMT x-frame-options SAMEORIGIN etag W/"460f-178ca7f1cdd" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id 87pXvpTHBscokJgfhXCaAyDPZGZKCQMQbC5ytr2pOHLV4j6DroY08g==
GET H2	200	e7d373feff01774a2bdc.css www.teamblind.com/_nuxt/	868 B 904 B	31ms 28ms	Stylesheet text/css	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/e7d373feff01774a2bdc.css Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 20039be919968b930cff518868ad1ef9ded693de4a14d265aa2ff7a3f7254498 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/e7d373feff01774a2bdc.css pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 03 Apr 2021 06:34:16 GMT content-encoding gzip x-permitted-cross-domain-policies none age 1412107 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 31 Mar 2021 02:19:43 GMT x-frame-options SAMEORIGIN etag W/"364-1788614565b" x-download-options noopen vary Accept-Encoding content-type text/css; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id C17vShdSe-dV7QF_qOF5aiuuiCJ01713wyUDI0C2ylXBtBW_JM5zIw==
GET H2	200	efe06874fc31a240fcca.js Show response www.teamblind.com/_nuxt/	12 KB 5 KB	25ms 25ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/efe06874fc31a240fcca.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 4ce43b5281d10d1f3023c8caddb4402c0d5ab46aee3db71ad264939305d5a178 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/efe06874fc31a240fcca.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:12:47 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538596 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:41 GMT x-frame-options SAMEORIGIN etag W/"3139-178ca7f445f" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id -_JlG2tNBMYNkHW_PfhUwvxCOAsuRAmW2Ko-mdKz3xZaxha4KZsznA==
GET H2	200	bc6b08e2ffb8d1573eef.js Show response www.teamblind.com/_nuxt/	11 KB 4 KB	26ms 26ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/bc6b08e2ffb8d1573eef.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 472dc749acd81926fc743a1c840a99c0ed3c255fc062dec09b0ffa569b52aa00 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/bc6b08e2ffb8d1573eef.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:18:58 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538225 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:43 GMT x-frame-options SAMEORIGIN etag W/"2d20-178ca7f4d03" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id v5cBsgH8DTDORzA6emzz5OhNsjtnfPJEpTwQ-HbdCCfylyPMRkKi-Q==
GET H2	200	15554803253c99968b5d.js Show response www.teamblind.com/_nuxt/	12 KB 4 KB	29ms 25ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/15554803253c99968b5d.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 613b31e17ab2a749e393f68251fd890dfc7b8df27d6349cb17334aa6ede7f28b Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/15554803253c99968b5d.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:12:48 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538595 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:36 GMT x-frame-options SAMEORIGIN etag W/"2fb4-178ca7f2fd1" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id rYI9-7afwXLjC8FVyGTQoQGM6lUyTd4DxaR83i0sK6HYr_5s38ZhMQ==
GET H2	200	f1d46d8e7ad62731ec63.js Show response www.teamblind.com/_nuxt/	43 KB 13 KB	27ms 26ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/f1d46d8e7ad62731ec63.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash b6846c26f2d487e6b10fc3addd1dcd73dfa35578b39c1180fa57c1618d3d6013 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/f1d46d8e7ad62731ec63.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:12:48 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538595 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:53 GMT x-frame-options SAMEORIGIN etag W/"aa9f-178ca7f7207" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id 14SZQRrjm58Augg1K1U8Grg7ct2GkoK5HLTgbueds7nnaXS5nR-6Kg==
GET H2	200	667cd15069cbccd7ae04.js Show response www.teamblind.com/_nuxt/	3 KB 1 KB	26ms 25ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/667cd15069cbccd7ae04.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash da1febf9bfaf1967fcbc91dd2ed2a84f86df03aebb879714db3a87967b8f56f0 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/667cd15069cbccd7ae04.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:12:48 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538595 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:54 GMT x-frame-options SAMEORIGIN etag W/"a39-178ca7f7547" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id 152b6LIPiQC26QdnW1vYvE_dv-L8M_pU6ZOyEGUK3C4jzeqicR4EHQ==
GET H2	200	fe562ebd2e4e545800e8.js Show response www.teamblind.com/_nuxt/	8 KB 3 KB	28ms 27ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/fe562ebd2e4e545800e8.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash a131c13741a159b975b0fe5c57ed1bb636d7191a624dc066e475ae042e4c1f64 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/fe562ebd2e4e545800e8.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:12:48 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538595 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:35 GMT x-frame-options SAMEORIGIN etag W/"1f1b-178ca7f2ddf" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id lYA5rw1YCnpJeFgeESXV-_gXIA1a_d0-eJrd9JTtGRk-tTjE0FRCTQ==
GET H2	200	b14337cf6a09ba8ad3bb.js Show response www.teamblind.com/_nuxt/	19 KB 5 KB	26ms 26ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/b14337cf6a09ba8ad3bb.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 074a51b3011aa6b78ebe9c4862a4e5582e35c1046eb1d789c8b99e34ea8cbdd9 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/b14337cf6a09ba8ad3bb.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:55 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:56 GMT x-frame-options SAMEORIGIN etag W/"4af5-178ca7f80e3" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id Zc6dcMRd4y4fnH9HpKvnCkFwha8k9JYN0MN6FpWWvYfueFodtV3feA==
GET H2	200	557393fdbaf44fcc631c.js Show response www.teamblind.com/_nuxt/	1 KB 1 KB	30ms 28ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/557393fdbaf44fcc631c.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash ebdca285c848e8ea65777d7005c5e9a0bad20d802142bd91c2747ea762f2b1ab Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/557393fdbaf44fcc631c.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ; _fbp=fb.1.1618843763797.1342787307 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:54 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:52 GMT x-frame-options SAMEORIGIN etag W/"4f5-178ca7f7117" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id i865LvPky66dnF6iDsQiXHl-rVZecy15d0dK2anpPkQ3RMDboKAQfg==
GET H2	200	df7d4498a385afabc1c3.css www.teamblind.com/_nuxt/	175 B 698 B	29ms 28ms	Stylesheet text/css	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/df7d4498a385afabc1c3.css Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 6a3696975c783c5019b7f4e0eed0595e74670023da3b94e828adf9b77ff2b99d Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/df7d4498a385afabc1c3.css pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 08 Mar 2021 06:12:53 GMT content-encoding gzip x-permitted-cross-domain-policies none age 3659789 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Mon, 08 Mar 2021 00:19:45 GMT x-frame-options SAMEORIGIN etag W/"af-1780f344017" x-download-options noopen vary Accept-Encoding content-type text/css; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id 9wsB3uZf6FtzHAsHaNEZ29vfNoLHLExrIvMviHKvAwpx_psuTPIefA==
GET H2	200	1ce3a7b95b9eafaae095.js Show response www.teamblind.com/_nuxt/	28 KB 7 KB	27ms 25ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/1ce3a7b95b9eafaae095.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 34bd88854d8b0eb5be11fc8fbe2c1e3ca118a24b88a6d9e8510ca370e799f374 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/1ce3a7b95b9eafaae095.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ; _fbp=fb.1.1618843763797.1342787307 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:54 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:34 GMT x-frame-options SAMEORIGIN etag W/"70aa-178ca7f28fd" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id oDeric2LRkqEGkWzsMHIR3gOyGLno1m-Et7279wHBhbU_Te57Vq_2g==
GET H2	200	4ca33a56b3437a8b7a62.js Show response www.teamblind.com/_nuxt/	20 KB 5 KB	30ms 29ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/4ca33a56b3437a8b7a62.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 9f98af25136d691914cb644e8621ef6ef17f52d47abb1a828fadb1ce3867f42c Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/4ca33a56b3437a8b7a62.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ; _fbp=fb.1.1618843763797.1342787307 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:55 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:44 GMT x-frame-options SAMEORIGIN etag W/"5037-178ca7f503b" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id IKSfhIcWKrziNXXk-9qfyDJIkdNelW-Fu-GvkldyqFbHZyeyDECPbw==
GET H2	200	df25a6e90537a80804c7.js Show response www.teamblind.com/_nuxt/	51 KB 14 KB	29ms 28ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/df25a6e90537a80804c7.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 7ec5836e36d08e44e48f7c03716bb2da5d1cdf0b26e8c205baf764eebb7fcfd5 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/df25a6e90537a80804c7.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ; _fbp=fb.1.1618843763797.1342787307 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:55 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:47 GMT x-frame-options SAMEORIGIN etag W/"cbb2-178ca7f5ce7" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id 3qEZ_YtRpul2XH2K4s5U3UGk-zlIGkMDe6rGZP2NtPjTB27SNHnfEg==
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 70 B	14ms 14ms	XHR text/plain	2a00:1450:400c:c0c::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-44450149-4&cid=143427871.1618843764&jid=1584085326&gjid=64974879&_gid=625887198.1618843764&_u=YGDACEAABAAAAC~&z=327955356 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Mon, 19 Apr 2021 14:49:23 GMT content-type text/plain access-control-allow-origin https://www.teamblind.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	cookie.js Show response partner.googleadservices.com/gampad/	203 B 262 B	18ms 17ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://partner.googleadservices.com/gampad/cookie.js?domain=www.teamblind.com&callback=_gfp_s_&client=ca-pub-4146116731128638 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash 889b791c49b9f113c7dc5a1b830bc348700f514d85550ac7c8d45023808a1dd9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:23 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type text/javascript; charset=UTF-8 cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 193 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 165 B	16ms 15ms	Script application/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=www.teamblind.com Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:23 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 165 B	16ms 15ms	Script application/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.teamblind.com Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:23 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame 3821	54 B 56 B	80ms 79ms	Document text/html	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&adk=1812271804&adf=3025194257&lmt=1618843763&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843763680&bpp=3&bdt=1300&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=494529842499&frm=20&pv=2&ga_vid=143427871.1618843764&ga_sid=1618843764&ga_hid=1376191487&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C31060828&oid=3&pvsid=743476523407528&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=67 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /pagead/ads?client=ca-pub-4146116731128638&output=html&adk=1812271804&adf=3025194257&lmt=1618843763&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843763680&bpp=3&bdt=1300&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=494529842499&frm=20&pv=2&ga_vid=143427871.1618843764&ga_sid=1618843764&ga_hid=1376191487&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C31060828&oid=3&pvsid=743476523407528&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=67 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Mon, 19 Apr 2021 14:49:23 GMT server cafe content-length 34 x-xss-protection 0 set-cookie test_cookie=CheckForPermission; expires=Mon, 19-Apr-2021 15:04:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Mon, 19 Apr 2021 14:49:23 GMT cache-control private
GET H2	200	osd.js Show response www.googletagservices.com/activeview/js/current/	73 KB 28 KB	13ms 13ms	Script text/javascript	2a00:1450:4001:800::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:23 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1618423639646658" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28266 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:23 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 107 B	37ms 28ms	Image image/gif	2a00:1450:4001:809::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-44450149-4&cid=143427871.1618843764&jid=1584085326&_u=YGDACEAABAAAAC~&z=2029829840 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:23 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	38ms 29ms	Image image/gif	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-44450149-4&cid=143427871.1618843764&jid=1584085326&_u=YGDACEAABAAAAC~&z=2029829840 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:23 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	df99a81df463dd034928.js Show response www.teamblind.com/_nuxt/	36 KB 10 KB	30ms 30ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/df99a81df463dd034928.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 7b4c2bf3f3ac9dd6facfbb6252788c8201a97f1ee9c6fad66326d662d395a7ff Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/df99a81df463dd034928.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ; _fbp=fb.1.1618843763797.1342787307 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 09:11:55 GMT content-encoding gzip x-permitted-cross-domain-policies none age 538648 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:32 GMT x-frame-options SAMEORIGIN etag W/"8f85-178ca7f1fd9" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id _zDFQzi9ssuEei3qOiFopdBNMvJzRQ6xWdpynicD-3if4_LddwWCyQ==
GET H2	200	fc2de0d16269c1c0c96c.js Show response www.teamblind.com/_nuxt/	27 KB 6 KB	25ms 25ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/fc2de0d16269c1c0c96c.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash 68ab8f9b3d4ac03fc0a526843c8f50dc2b6c98d9950f517447f8f56018b393f9 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/fc2de0d16269c1c0c96c.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ; _fbp=fb.1.1618843763797.1342787307 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 00:39:25 GMT content-encoding gzip x-permitted-cross-domain-policies none age 137398 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Tue, 13 Apr 2021 09:10:38 GMT x-frame-options SAMEORIGIN etag W/"6b5a-178ca7f36e1" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id y-OO1L9oLzcLsWC3tlgF7UL4oUWozZT-4yzAbpYE-kkhpA5feHiquw==
GET H2	200	f0ad1197e847e913db92.js Show response www.teamblind.com/_nuxt/	13 KB 5 KB	26ms 25ms	Script application/javascript	99.84.156.83 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.teamblind.com/_nuxt/f0ad1197e847e913db92.js Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.156.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-156-83.txl52.r.cloudfront.net Software / Resource Hash d719d335250de336d88b878985a732ec3f0b499b46564acbae5bebab2e320e33 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :path /_nuxt/f0ad1197e847e913db92.js pragma no-cache cookie _gcl_au=1.1.1279177587.1618843764; _ga=GA1.2.143427871.1618843764; _gid=GA1.2.625887198.1618843764; _gat=1; _gat_company=1; __gads=ID=857134ac9cddcaa5-223d34dd99a700f6:T=1618843763:RT=1618843763:S=ALNI_Ma4vYgrgI8KKnZ9zpR7-hc_B3hjCQ; _fbp=fb.1.1618843763797.1342787307 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.teamblind.com referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme :scheme https sec-fetch-site same-origin :method GET Referer https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 00:39:25 GMT content-encoding gzip x-permitted-cross-domain-policies none age 137398 x-dns-prefetch-control off x-cache Hit from cloudfront strict-transport-security max-age=5184000; includeSubDomains x-xss-protection 1; mode=block referrer-policy same-origin last-modified Sat, 17 Apr 2021 23:42:34 GMT x-frame-options SAMEORIGIN etag W/"33dc-178e236f0de" x-download-options noopen vary Accept-Encoding content-type application/javascript; charset=UTF-8 via 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop TXL52-C1 accept-ranges bytes x-amz-cf-id nsdhgM-E-w8LWMks-KLfsMKOI9xJLhTIFzf4-BeeOo3VQYI_ShpGzw==
GET H2	200	/ www.facebook.com/tr/	44 B 259 B	6ms 6ms	Image image/gif	2a03:2880:f12d:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=172618923088387&ev=PageView&dl=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&rl=&if=false&ts=1618843763798&sw=1600&sh=1200&v=2.9.39&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1618843763797.1342787307&it=1618843763700&coo=false&rqm=GET Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:23 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 44 expires Mon, 19 Apr 2021 14:49:23 GMT
GET H2	200	adopJ.js Show response compass.adop.cc/assets/js/adop/	3 KB 2 KB	30ms 30ms	Script application/javascript	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/assets/js/adop/adopJ.js?v=14 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/af446fab3a380652e754.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:04 GMT content-encoding gzip last-modified Wed, 03 Jun 2020 07:46:29 GMT age 142 etag W/"5ed75555-d79" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) cache-control max-age=600 x-amz-cf-pop ZRH50-C1 content-length 1938 x-amz-cf-id U7GsxkoEaYYAeLyZ9z8O5YhcRaakD4XKfjBizA8-lzQzeRyroMyjqQ== expires Mon, 19 Apr 2021 14:57:01 GMT
GET H2	200	/ Show response uswwwnotifier.teamblind.com/socket.io/	4 B 518 B	674ms 674ms	XHR application/octet-stream	54.189.67.184 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZgcuIa&sid=swU5HVWKqYyldMsQsDxs Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.189.67.184 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-189-67-184.us-west-2.compute.amazonaws.com Software / Resource Hash a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474 Request headers Accept */* Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin https://www.teamblind.com date Mon, 19 Apr 2021 14:49:24 GMT access-control-allow-credentials true content-length 4 content-type application/octet-stream
GET H2	200	/ Show response uswwwnotifier.teamblind.com/socket.io/	4 B 518 B	1208ms 1208ms	XHR application/octet-stream	54.189.67.184 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZgcuIw&sid=a0XZ-1MptF-k_ImlHb6R Requested by Host: www.teamblind.com URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.189.67.184 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-189-67-184.us-west-2.compute.amazonaws.com Software / Resource Hash a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474 Request headers Accept */* Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin https://www.teamblind.com date Mon, 19 Apr 2021 14:49:25 GMT access-control-allow-credentials true content-length 4 content-type application/octet-stream
GET H2	200	474d5ace-ea34-4e47-bde6-b87fddf21d92 Show response compass.adop.cc/RE/ Frame 8142	2 KB 1 KB	722ms 722ms	Script text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=H3Q&percentage=false&size_width=728&size_height=90& Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 6cc2c71e5b4b0b52e63c0444ab02200fb17013f82f55071b38ce90ff2db89089 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:24 GMT via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" vary Accept-Encoding x-cache Miss from cloudfront content-type text/html; charset=UTF-8 content-encoding gzip content-length 724 x-amz-cf-id MxNArK33YxMJts7XhHWk4m7wxz36sqMDCx7oXE85Rbq9hHyEB6J0KA==
GET H2	200	c4f33366-ecd8-4dca-a7ed-3a8756afe75d Show response compass.adop.cc/RE/ Frame F230	2 KB 1 KB	265ms 264ms	Script text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=Jtk&percentage=false&size_width=728&size_height=90& Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 3874d40e2b7738445cafa045c773c04561b17dd3f2f6539d116cfacbdfd7539b Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:24 GMT via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" vary Accept-Encoding x-cache Miss from cloudfront content-type text/html; charset=UTF-8 content-encoding gzip content-length 813 x-amz-cf-id FA8J4mRjJcw7iomT7KVy4xBoO9_S7jn_FGrjUkpLzRX07unw0UsEog==
GET H2	200	cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c Show response compass.adop.cc/RE/ Frame 9913	2 KB 1 KB	720ms 720ms	Script text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=Fvo&percentage=false&size_width=160&size_height=600& Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash d6691bdb7be9d6f2c74fa86e53ae9639ddfdeeb9b394fb8e6252416d54d27e83 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:24 GMT via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" vary Accept-Encoding x-cache Miss from cloudfront content-type text/html; charset=UTF-8 content-encoding gzip content-length 724 x-amz-cf-id bnp2XXGQWUNthhixghx7lzgBwm-lZs_XbIMp_ZF8CoRQcWHSMo-flw==
GET H2	200	ico-logo-amazon.png d2u3dcdbebyaiu.cloudfront.net/img/www/icon/	3 KB 3 KB	34ms 32ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-amazon.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 6a91d2c8e11934ec55a15d7a22b9dc32a1428b8a98241ba84b297a4edb8e6f20 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 30 Jan 2021 09:30:52 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:48 GMT server AmazonS3 age 6844713 etag "04581e68d5670f56d5c1ee1428e86134" x-cache Hit from cloudfront x-amz-version-id y7lC2I9xJir3tnAbWKu0CBtSJ78_UdOo cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 2595 x-amz-cf-id uvmFCMdB0iJpTJuyelCvnBGndBY_tQi-neny9VNRDSTQpsptTS5flg==
GET H2	200	ico-logo-linkedin.png d2u3dcdbebyaiu.cloudfront.net/img/www/icon/	3 KB 3 KB	37ms 36ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-linkedin.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 9bb3dc638484e87a867e622b36c13b0d59a20ca5cf1dc687d7b4e3ccf004a484 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 17 Mar 2021 08:15:09 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:48 GMT server AmazonS3 age 2874856 etag "87494544b84193ae63d25b1b27c16faa" x-cache Hit from cloudfront x-amz-version-id KzENIixoMv8ao0uEC8a9ex0tk1IGJiMB cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 2819 x-amz-cf-id BopmkGwoBXIEpVV9DsQM6vqt_tEqfzSvhHHmLYVahfheAlNxQ33A7g==
GET H2	200	ico-logo-microsoft.png d2u3dcdbebyaiu.cloudfront.net/img/www/icon/	2 KB 2 KB	37ms 35ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-microsoft.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 455b1caff0664a32ffc448ada91ef26315a17335812b2b4d881c4765ee19c04c Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 31 Dec 2020 07:34:17 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:48 GMT server AmazonS3 age 9443708 etag "9f0267302ffc5dcc2cad345b5323a1c9" x-cache Hit from cloudfront x-amz-version-id 8AKeppPsYSQl3dMU6C33JsLH_DXH804a cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 1558 x-amz-cf-id QzdyedosU4F_dY7v-Xj4Q_0FO669kY_ELqEvqyrVG1qJiBXVu1ZWqQ==
GET H2	200	ico-logo-uber.png d2u3dcdbebyaiu.cloudfront.net/img/www/icon/	2 KB 3 KB	38ms 36ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-uber.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash fa365bf1b43e688febeae4e09e4410cfddc0dece34ac9a29dff505b799d60ad6 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 01 Apr 2021 01:56:23 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:48 GMT server AmazonS3 age 1601581 etag "7818581634b06a19367b2e6f78ede1c6" x-cache Hit from cloudfront x-amz-version-id CJNXEH9EDhQ5t942iTjB1eGGzENk3wBC cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 2177 x-amz-cf-id l7T9f-Rmka-2aDU_rE_NnAit1WoFIf1oDCzLibDuQLx-lY0LbftpsA==
GET H2	200	ico-logo-yahoo.png d2u3dcdbebyaiu.cloudfront.net/img/www/icon/	2 KB 3 KB	37ms 36ms	Image image/png	13.224.89.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-yahoo.png Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.89.157 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-89-157.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 93a95660fef2314044a7f8512cb4020aad4c6393e0b962a9ca8fdfe0af1dce34 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 12 Dec 2020 21:01:35 GMT via 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront) last-modified Wed, 18 Nov 2020 07:12:48 GMT server AmazonS3 age 11036870 etag "42097080ea1cb65e5b6af670583104f9" x-cache Hit from cloudfront x-amz-version-id c.GjwQa31soVcsL1kbKXswYgvdp96_HC cache-control s-max-age=7776000, max-age=31536000 x-amz-cf-pop ZRH50-C1 accept-ranges bytes content-type image/png content-length 2513 x-amz-cf-id O2KC2siY_E6hb27Hl4x-xaiOOTnwWmx_KebfDY1Wm8oAhNSQvlj9ug==
POST H2	200	/ www.facebook.com/tr/	0 109 B	6ms 6ms	Ping text/plain	2a03:2880:f12d:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryfB5hHCEf0q0hDbHn Response headers strict-transport-security max-age=31536000; includeSubDomains server proxygen-bolt date Mon, 19 Apr 2021 14:49:24 GMT content-type text/plain access-control-allow-origin https://www.teamblind.com access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 0
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame F230	19 KB 8 KB	14ms 13ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=Jtk&percentage=false&size_width=728&size_height=90& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353338 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id Jh8X2oUnIzaKLfFi7m0tL9b3HHxWfi5CNHmjK6MbAcJJ_knLKuzqnQ==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame F230	2 B 96 B	285ms 284ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144924&aid=d236c104-57ca-4211-aa7f-d0ac14753a4d&zid=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&r=Qnod Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=Jtk&percentage=false&size_width=728&size_height=90& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	adop.js Show response compass.adop.cc/assets/js/adop/ Frame F230	3 KB 2 KB	29ms 29ms	Script application/javascript	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/assets/js/adop/adop.js?v=14 Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=Jtk&percentage=false&size_width=728&size_height=90& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash b0bc5e3662f35ed2dc29a0687c30b85ed673275ad4ebcc2e5d6422316db85b50 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:43:11 GMT content-encoding gzip last-modified Thu, 18 Jun 2020 04:56:42 GMT age 374 etag W/"5eeaf40a-b3e" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) cache-control max-age=600 x-amz-cf-pop ZRH50-C1 content-length 1564 x-amz-cf-id Zbp6kfBqu6UTDw1xmqRJbEnUWBdwqEOBO6Jt3S3c4CmR_nbDt8X_2A== expires Mon, 19 Apr 2021 14:53:10 GMT
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame F230	2 B 96 B	277ms 277ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI0IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC04MzNiN2U3MDY5YWE0MGQzIiwibmV0IjoiIiwid2d0IjoiNjUiLCJvcmQiOiI0LzQiLCJ6aWQiOiJjNGYzMzM2Ni1lY2Q4LTRkY2EtYTdlZC0zYTg3NTZhZmU3NWQiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4OS4yNDkuNjQuMTcxIiwiZmxvYyI6Imh0dHBzOi8vd3d3LnRlYW1ibGluZC5jb20vcG9zdC9mdWxsLWV4cGxhbmF0aW9uLW9mLXRoZS1nbWUtcmgtYW5kLWNpdGFkZWwtZGViYWNsZS1xYnN1Ymd6Nz91dG1fc291cmNlPW1peG1heCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj10cmVuZGluZyZ1dG1fY29udGVudD13aG8lMjdzaGlyaW5nJnV0bV9jb250ZW50PWV4cGxhaW5hdGlvbmdtZSIsImNkdCI6IjIxMDQxOTE0NDkyNCIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame 8142	19 KB 8 KB	15ms 12ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=H3Q&percentage=false&size_width=728&size_height=90& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353338 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id TGpRed8clQleMwGg6KZZW5fRxiejnPxM8NvWbJ5w9QXfQsQbytXLLQ==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame 8142	2 B 96 B	391ms 277ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144924&aid=c5b077fe-442f-4999-8ad4-6a8242c070c8&zid=474d5ace-ea34-4e47-bde6-b87fddf21d92&r=y5uW Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=H3Q&percentage=false&size_width=728&size_height=90& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	adopJ.js Show response compass.adop.cc/assets/js/adop/ Frame 8142	3 KB 2 KB	44ms 41ms	Script application/javascript	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/assets/js/adop/adopJ.js?v=14 Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=H3Q&percentage=false&size_width=728&size_height=90& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:04 GMT content-encoding gzip last-modified Wed, 03 Jun 2020 07:46:29 GMT age 143 etag W/"5ed75555-d79" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) cache-control max-age=600 x-amz-cf-pop ZRH50-C1 content-length 1938 x-amz-cf-id ztqzcZAaeCB9r4CwvjfOeeVODJrxts18UXm5XTY6Ii-bD6NO_nRCgw== expires Mon, 19 Apr 2021 14:57:01 GMT
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame 9913	19 KB 8 KB	15ms 13ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=Fvo&percentage=false&size_width=160&size_height=600& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353338 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id 6VDj8bDKP80Tm0QxXNS6L0Qg62Ano70zJrqoEN8LHmNIfaVqy9EDlg==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame 9913	2 B 96 B	667ms 277ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144924&aid=46e1536d-dc00-4526-bc83-694d95095d7d&zid=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&r=KOjT Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=Fvo&percentage=false&size_width=160&size_height=600& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	adopJ.js Show response compass.adop.cc/assets/js/adop/ Frame 9913	3 KB 2 KB	43ms 42ms	Script application/javascript	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/assets/js/adop/adopJ.js?v=14 Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=Fvo&percentage=false&size_width=160&size_height=600& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:04 GMT content-encoding gzip last-modified Wed, 03 Jun 2020 07:46:29 GMT age 143 etag W/"5ed75555-d79" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) cache-control max-age=600 x-amz-cf-pop ZRH50-C1 content-length 1938 x-amz-cf-id F6HCeLRBtN_VmpVvu9GEUfykIS3coIDQqGjj1_d5FVib1F9cXOYxGA== expires Mon, 19 Apr 2021 14:57:01 GMT
GET H2	200	787308ee-7ead-4a7a-85c9-ed795ccd976b Show response compass.adop.cc/RD/ Frame 3D20	3 KB 3 KB	723ms 723ms	Document text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 2ea1f2d4cc8dcf2e6579520a9a65070ac6866e49a86ec0d55224c504aca32faf Request headers :method GET :authority compass.adop.cc :scheme https :path /RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US cookie ADOP_CID=GB-210419144924-2e198856b0b949b8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-type text/html; charset=UTF-8 content-length 2147 content-encoding gzip date Mon, 19 Apr 2021 14:49:25 GMT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" set-cookie ADOP_CID=GB-210419144924-2e198856b0b949b8; expires=Sun, 18-Jul-2021 14:49:25 GMT; Max-Age=7776000; path=/; samesite=none; domain=.adop.cc; secure; httponly ADOP_P_U=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; samesite=none; domain=.adop.cc; secure; httponly vary Accept-Encoding x-cache Miss from cloudfront via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 x-amz-cf-id q5bYEPmZ4FNXbs7ToFRJZBl2TF9ZrgPi1SWnqqO5WTdZzsdDsOioTQ==
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame 8142	2 B 96 B	465ms 287ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI0IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC1hZTRlNDY1YWExMzE0NjMxIiwibmV0IjoiIiwid2d0IjoiODAiLCJvcmQiOiIyLzQiLCJ6aWQiOiI0NzRkNWFjZS1lYTM0LTRlNDctYmRlNi1iODdmZGRmMjFkOTIiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4OS4yNDkuNjQuMTcxIiwiZmxvYyI6Imh0dHBzOi8vd3d3LnRlYW1ibGluZC5jb20vcG9zdC9mdWxsLWV4cGxhbmF0aW9uLW9mLXRoZS1nbWUtcmgtYW5kLWNpdGFkZWwtZGViYWNsZS1xYnN1Ymd6Nz91dG1fc291cmNlPW1peG1heCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj10cmVuZGluZyZ1dG1fY29udGVudD13aG8lMjdzaGlyaW5nJnV0bV9jb250ZW50PWV4cGxhaW5hdGlvbmdtZSIsImNkdCI6IjIxMDQxOTE0NDkyNCIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	52fce88e-1ea1-4a0e-b29c-442d551e5a48 Show response compass.adop.cc/RE/ Frame D745	4 KB 2 KB	789ms 789ms	Script text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=S9F&percentage=false&size_width=728&size_height=90& Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 2aef36063715ff65b8f3cebe74f2c2d46880a62658a0cf69091949122d52513b Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:25 GMT via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" vary Accept-Encoding x-cache Miss from cloudfront content-type text/html; charset=UTF-8 content-encoding gzip content-length 1454 x-amz-cf-id FHgaFf_o85gVcCdWXTw0ukmPoqnRK9-JuOKhib0daqG5_sRMVg312A==
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame 9913	2 B 96 B	277ms 277ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI0IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC0yZTE5ODg1NmIwYjk0OWI4IiwibmV0IjoiIiwid2d0IjoiMTAwIiwib3JkIjoiMi8yIiwiemlkIjoiY2JmYTQ4ZTItYTZjZC00NDMzLThhYzQtYmE0MGFlMDVjYjBjIiwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODkuMC40Mzg5LjcyIFNhZmFyaS81MzcuMzYiLCJicm93IjoiQ2hyb21lIiwiZGV2IjoiZGVza3RvcCIsIm9zIjoiV2luZG93cyIsImlwIjoiODkuMjQ5LjY0LjE3MSIsImZsb2MiOiJodHRwczovL3d3dy50ZWFtYmxpbmQuY29tL3Bvc3QvZnVsbC1leHBsYW5hdGlvbi1vZi10aGUtZ21lLXJoLWFuZC1jaXRhZGVsLWRlYmFjbGUtcWJzdWJnejc%2FdXRtX3NvdXJjZT1taXhtYXgmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249dHJlbmRpbmcmdXRtX2NvbnRlbnQ9d2hvJTI3c2hpcmluZyZ1dG1fY29udGVudD1leHBsYWluYXRpb25nbWUiLCJjZHQiOiIyMTA0MTkxNDQ5MjQiLCJ3ZCI6IlkiLCJwYiI6Ik4iLCJwdCI6Imh0dHBzIiwibG9nIjoiYmFzaWMifQ%3D%3D Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame 3D20	19 KB 8 KB	13ms 12ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353339 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id hz4kHg_3U-f1v_RQJ3q4Lj_kMjsG_1qMLRFS4AE08FN4yQon-fN0lg==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame 3D20	2 B 96 B	298ms 298ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144925&aid=03bcb456-9742-4f31-af5b-affbe10aaf13&zid=787308ee-7ead-4a7a-85c9-ed795ccd976b&r=BR5z Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	gpt.js Show response www.googletagservices.com/tag/js/ Frame 3D20	62 KB 21 KB	14ms 13ms	Script text/javascript	2a00:1450:4001:800::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4c6023c1dc550003e874c9442f763d217f2cf3f6c56ac21f448c12d1b7514b57 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:25 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "847 / 440 of 1000 / last-modified: 1618830481" vary Accept-Encoding content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21054 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:25 GMT
GET H2	200	c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f Show response compass.adop.cc/RE/ Frame BE65	4 KB 3 KB	758ms 758ms	Script text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=U3E&percentage=false&size_width=160&size_height=600& Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 5338f59626480a1ddc4348f18319a37c2f72f0d3e8e98ffc1901010d27daa5be Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" vary Accept-Encoding x-cache Miss from cloudfront content-type text/html; charset=UTF-8 content-encoding gzip content-length 2121 x-amz-cf-id _DFxUWgbKAhe0MWD9W2WqZHHgYSRYm9oPn6Hjy33lEnFrIhaKUNbzg==
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame 3D20	2 B 96 B	307ms 306ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI1IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC0yZTE5ODg1NmIwYjk0OWI4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxLzQiLCJ6aWQiOiI3ODczMDhlZS03ZWFkLTRhN2EtODVjOS1lZDc5NWNjZDk3NmIiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4OS4yNDkuNjQuMTcxIiwiZmxvYyI6Imh0dHBzOi8vIiwiY2R0IjoiMjEwNDE5MTQ0OTI0IiwiZGlyIjoidiIsInciOiI3MjgiLCJoIjoiOTAiLCJsYW5nIjoiZW4tdXMiLCJzY3IiOiIxNjAweDEyMDAiLCJ2cCI6IjcyOHg5MCIsInBhdGgiOiIvUkQvNzg3MzA4ZWUtN2VhZC00YTdhLTg1YzktZWQ3OTVjY2Q5NzZiIiwidHAiOiJycyIsInJlZiI6IiIsInRpdGxlIjoiRnVsbCUyMGV4cGxhbmF0aW9uJTIwb2YlMjB0aGUlMjBHTUUlMkMlMjBSSCUyQyUyMGFuZCUyMENpdGFkZWwlMjBkZWJhY2xlJTIwLSUyMEJsaW5kIiwicGwiOiJMaW51eCB4ODZfNjQiLCJ3ZCI6IlkiLCJwYiI6Ik4iLCJwdCI6Imh0dHBzIiwibG9nIjoiYmFzaWMifQ%3D%3D Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	pubads_impl_2021041401.js Show response securepubads.g.doubleclick.net/gpt/ Frame 3D20	298 KB 105 KB	17ms 17ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash 80d0a278e7a208ae2bd234aafcbdece69e63c9bf11e800d0ab5fa3c82176cf2c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:25 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 14 Apr 2021 08:43:31 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control private, immutable, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 107268 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:25 GMT
GET H2	200	integrator.js Show response adservice.google.de/adsid/ Frame 3D20	107 B 165 B	14ms 14ms	Script application/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=compass.adop.cc Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:25 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/ Frame 3D20	107 B 165 B	15ms 14ms	Script application/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=compass.adop.cc Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:25 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/ Frame 3D20	422 B 219 B	412ms 412ms	XHR text/plain	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2731559936665674&correlator=3032564986614374&output=ldjh&impl=fifs&eid=31060396&vrg=2021041401&ptt=17&sc=1&sfv=1-0-38&ecs=20210419&iu_parts=5932629%2Cca-pub-1474238860523410-tag%2Cteamblind_us_bottom_728x90-200305&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&eri=4&cdm=compass.adop.cc&bc=31&abxe=1&dt=1618843765914&dlt=1618843765547&idt=351&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=3&adxs=0&adys=0&adks=2979578203&ucis=j2rm93yhhg34&ifi=1&ifk=2783379717&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=www.teamblind.com&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=www.teamblind.com&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=728x90&msz=728x90&ga_vid=447957780.1618843766&ga_sid=1618843766&ga_hid=1399319876&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash ce209e26c6ed2238b3b821f4cb8b3bae3972e2e9b5f2a5645e59b9e181e55c98 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 189 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://compass.adop.cc cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html daac9dfff441b1618fbe9ebebaff5a2b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3D20	0 0	28ms 14ms	Other text/html	2a00:1450:4001:828::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://daac9dfff441b1618fbe9ebebaff5a2b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	container.html tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame 3D20	0 0	6ms 6ms	Other text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame D745	19 KB 8 KB	13ms 12ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=S9F&percentage=false&size_width=728&size_height=90& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353340 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id JiuGWNEgab6tUJ-FQ_XYs54K8kZc9e95QQZSX-84uOWc64jtPl11hA==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame D745	2 B 96 B	294ms 294ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144925&aid=50adc1ef-c357-4b89-b00c-94b9b4be0fbc&zid=52fce88e-1ea1-4a0e-b29c-442d551e5a48&r=eo4q Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=S9F&percentage=false&size_width=728&size_height=90& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	publishertag.js Show response static.criteo.net/js/ld/ Frame D745	114 KB 37 KB	68ms 24ms	Script text/javascript	2a02:2638::3 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://static.criteo.net/js/ld/publishertag.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=S9F&percentage=false&size_width=728&size_height=90& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software nginx / Resource Hash 59883dc82297de1d8ff485a115678ff6e56102eb1fc170c9808737535f6f8070 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT content-encoding gzip last-modified Thu, 18 Mar 2021 09:52:29 GMT server nginx etag W/"605322dd-1c9d1" content-type text/javascript access-control-allow-origin * cache-control max-age=86400, public timing-allow-origin * expires Tue, 20 Apr 2021 14:49:26 GMT
GET H2	200	334b6f2a-8e59-4bc4-9869-a8353ce75ab2 Show response compass.adop.cc/RE/ Frame E4DD	5 KB 2 KB	722ms 721ms	Script text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RE/334b6f2a-8e59-4bc4-9869-a8353ce75ab2 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 88ffa57786d2ae33ea3464afacbbcbbc25039f6891ca3757e7a6293fb474fa3d Request headers Referer https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" vary Accept-Encoding x-cache Miss from cloudfront content-type text/html; charset=UTF-8 content-encoding gzip content-length 1746 x-amz-cf-id iOIs5FetP6Cqv3z4s-Y40fEY6o347QwDyiGLqniclwtfGi5ZndZ7vg==
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame 3D20	9 KB 7 KB	17ms 17ms	XHR application/json	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041401&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 48102315bb17b933e397aa3ee05b45cc2de1f6e3dd39d0adcec8e7511eba6496 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:26 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6987 x-xss-protection 0
GET H3-29	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame 3D20	17 KB 6 KB	14ms 14ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1616005470650935" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6437 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:26 GMT
GET H3-29	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/222/ Frame 6091	12 KB 5 KB	6ms 6ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/222/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://compass.adop.cc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://compass.adop.cc/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin content-length 5022 date Mon, 19 Apr 2021 14:48:42 GMT expires Tue, 19 Apr 2022 14:48:42 GMT last-modified Wed, 20 Jan 2021 19:23:06 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 44 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Show response pagead2.googlesyndication.com/bg/ Frame 6091	14 KB 6 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 693a39255f808f38ae64d4daf12a78de32d51bca970b01fb398534e81fb641b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 05:34:55 GMT content-encoding br x-content-type-options nosniff last-modified Thu, 08 Apr 2021 09:18:00 GMT server sffe age 33271 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5682 x-xss-protection 0 expires Tue, 19 Apr 2022 05:34:55 GMT
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame BE65	19 KB 8 KB	14ms 13ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=U3E&percentage=false&size_width=160&size_height=600& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353340 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id vNOlVlqfxFRX2mR3OTUOqdKVPIo7vHht5Uz_XWe1o93sFbb6dyJLTg==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame BE65	2 B 96 B	278ms 278ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144926&aid=f17aeacb-ed38-4703-a626-bb1d77131a00&zid=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&r=KSrD Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=U3E&percentage=false&size_width=160&size_height=600& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H3-29	200	gpt.js Show response www.googletagservices.com/tag/js/ Frame BE65	62 KB 21 KB	15ms 14ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=U3E&percentage=false&size_width=160&size_height=600& Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bc8fca8a7e079b133ee4f57e3129fa6ce6a46a1de54f624e81a1d4a650a33d7f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "847 / 833 of 1000 / last-modified: 1618843586" vary Accept-Encoding content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21064 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:26 GMT
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame D745	2 B 96 B	294ms 294ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI1IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC0yZTE5ODg1NmIwYjk0OWI4IiwibmV0IjoiQ3JpdGVvX1BNIiwid2d0IjoiMTAwIiwib3JkIjoiMS8zIiwiemlkIjoiNTJmY2U4OGUtMWVhMS00YTBlLWIyOWMtNDQyZDU1MWU1YTQ4IiwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODkuMC40Mzg5LjcyIFNhZmFyaS81MzcuMzYiLCJicm93IjoiQ2hyb21lIiwiZGV2IjoiZGVza3RvcCIsIm9zIjoiV2luZG93cyIsImlwIjoiODkuMjQ5LjY0LjE3MSIsImZsb2MiOiJodHRwczovL3d3dy50ZWFtYmxpbmQuY29tL3Bvc3QvZnVsbC1leHBsYW5hdGlvbi1vZi10aGUtZ21lLXJoLWFuZC1jaXRhZGVsLWRlYmFjbGUtcWJzdWJnejc%2FdXRtX3NvdXJjZT1taXhtYXgmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249dHJlbmRpbmcmdXRtX2NvbnRlbnQ9d2hvJTI3c2hpcmluZyZ1dG1fY29udGVudD1leHBsYWluYXRpb25nbWUiLCJjZHQiOiIyMTA0MTkxNDQ5MjQiLCJkaXIiOiJ2IiwidyI6IjcyOCIsImgiOiI5MCIsImxhbmciOiJlbi11cyIsInNjciI6IjE2MDB4MTIwMCIsInZwIjoiNzI4eDkwIiwicGF0aCI6Ii9wb3N0L2Z1bGwtZXhwbGFuYXRpb24tb2YtdGhlLWdtZS1yaC1hbmQtY2l0YWRlbC1kZWJhY2xlLXFic3ViZ3o3IiwidHAiOiJyZSIsInJlZiI6IiIsInRpdGxlIjoiRnVsbCUyMGV4cGxhbmF0aW9uJTIwb2YlMjB0aGUlMjBHTUUlMkMlMjBSSCUyQyUyMGFuZCUyMENpdGFkZWwlMjBkZWJhY2xlJTIwLSUyMEJsaW5kIiwicGwiOiJMaW51eCB4ODZfNjQiLCJ3ZCI6IlkiLCJwYiI6Ik4iLCJwdCI6Imh0dHBzIiwibG9nIjoiYmFzaWMifQ%3D%3D Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
POST H2	204	cdb Show response bidder.criteo.com/ Frame D745	0 147 B	59ms 20ms	XHR text/plain	178.250.0.165 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://bidder.criteo.com/cdb?ptv=106&profileId=184&cb=9016204746 Requested by Host: static.criteo.net URL: https://static.criteo.net/js/ld/publishertag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS bidder.par.vip.prod.criteo.com Software Finatra / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers access-control-allow-origin https://www.teamblind.com date Mon, 19 Apr 2021 14:49:26 GMT access-control-allow-credentials true server Finatra timing-allow-origin * vary Origin
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 3D20	0 20 B	41ms 40ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041401&jk=2731559936665674&bg=!-fql-r7NAAZUuIlwVLg7ACkAdvg8Wt8HbwF1dLSxGgTbuPv2ywMZ-4bWA3oRzg8vDLtlID7lyyvOXwIAAABOUgAAAApoAQcKANL0zGuTaoZ1i-0KxEEvbDUh1u46GT3cQPeRi2ABvMKJEknoN6VyEV8xwkWv5J1pzofk4l0fpGuHwbXLB0lWllnxI0egUPPWXSOMbqrHU_U88eS9DIGNxcpOmXz6v73-Es-_D_bXL3w_9Ewk5fZjM-tXS5PIJdaEjuXjkM-NRTOr1CQGikrwYpgNfueILoa2SaUjCUe2rOR10BtB-bUaQovSYNDPv_X1W-7qLWw1jOu9n0rjexOBfn4Ix9ZMZ8U9bBRvzKlfENWoWuDxGjujKtEkoOqZAmP3vXW2e_h2BFzYzQ0i0o0SMjwa1oWC8KOpQCNcnXQg8yTcGL5ML_dnbfJlYQSXDaUfiv551cxMvsmT6aSZvXOhPTUe_hqWxjJLcf3DWAv4ilS_Sc7K3L0o2oKFT9F19pmnJdVg1KDia31SmwLpz2pTUckj5tZb46vGtCfM0QlWopr8erDN_3CkD5AqEHuwmDNusf1KERsHl6bU73broqYgo3e4JJ-n3kAQlO2hGBl-GoJeovjWQPMjLfb_5_f2nVLDG1flS8Br8SvRmWubvXZ3pd9WFBg7xbnPWuC5nL-OVPKI4KjwVG5NTM5w1a59bUpeDX534n91YDgw89kg79-k6WZMXk4iWvvBMH6MPHwyt3MbFnx-1NCHMQ7YVd_etTtcYeab0iURtHMsbOs8cmQPEFVQd2exwyZriWdLIjk8csxN44nVeWJs6jMmMI0lN7HunhWLEkCIM2a67Rpqt2aXib3K2oiK-HhPyngaXJx6Z4_EhOzypd8lrHfORE_FL0pTokyAEGnW0-fnIMh6Tka_1E4MOC083tIgVJboVNlwVYRHKjZpQSBtIZjEZUhlNfdc5S5gzBzYCEqCstAv3Jz62_5hSflgWnPb-VVibkWrVLx1-KWNJxSL0rWx7lRY2q0Go8r_1sPwFSM97DLWQuxSd4GJc8esqlokoyK-XpcDeW39epup_pOce3j_t3UCHnQhVrpL8taJq1c8nhUvV53wVdtDzXRh48wbRSlhYPz4Tw4_IDgrZgJ5m0Nj8f9Gwa2sf2wEJer5w1_l2TAuQ_utV389WtQB6PD9ppwk9_Y0-6oIlw Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:26 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	adop.js Show response compass.adop.cc/assets/js/adop/ Frame B7C9	3 KB 2 KB	32ms 32ms	Script application/javascript	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/assets/js/adop/adop.js?v=14 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash b0bc5e3662f35ed2dc29a0687c30b85ed673275ad4ebcc2e5d6422316db85b50 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:43:11 GMT content-encoding gzip last-modified Thu, 18 Jun 2020 04:56:42 GMT age 376 etag W/"5eeaf40a-b3e" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) cache-control max-age=600 x-amz-cf-pop ZRH50-C1 content-length 1564 x-amz-cf-id Jut0f2ifOfMWpaTw6EXLKi8r0rbId_1vsE7Mg0UPhXuWo1Sf30eVwg== expires Mon, 19 Apr 2021 14:53:10 GMT
POST H2	204	events bidder.criteo.com/csm/ Frame D745	0 147 B	20ms 20ms	Ping text/plain	178.250.0.165 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://bidder.criteo.com/csm/events Requested by Host: static.criteo.net URL: https://static.criteo.net/js/ld/publishertag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS bidder.par.vip.prod.criteo.com Software Finatra / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers access-control-allow-origin https://www.teamblind.com date Mon, 19 Apr 2021 14:49:26 GMT access-control-allow-credentials true server Finatra timing-allow-origin * vary Origin
GET H2	200	pixel.gif static.criteo.net/images/ Frame D745	43 B 260 B	25ms 24ms	Image image/gif	2a02:2638::3 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Show image Full URL https://static.criteo.net/images/pixel.gif?ch=1 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT last-modified Tue, 09 Dec 2008 16:52:36 GMT server nginx etag "493ea254-2b" content-type image/gif access-control-allow-origin * cache-control max-age=31104000, public accept-ranges bytes timing-allow-origin * content-length 43 expires Thu, 14 Apr 2022 14:49:26 GMT
GET H2	200	pixel.gif static.criteo.net/images/ Frame D745	43 B 260 B	23ms 23ms	Image image/gif	2a02:2638::3 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Show image Full URL https://static.criteo.net/images/pixel.gif?ch=2 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT last-modified Tue, 09 Dec 2008 16:52:36 GMT server nginx etag "493ea254-2b" content-type image/gif access-control-allow-origin * cache-control max-age=31104000, public accept-ranges bytes timing-allow-origin * content-length 43 expires Thu, 14 Apr 2022 14:49:26 GMT
GET H2	200	47dd25ee-f82d-4382-984e-e860109a0124 Show response compass.adop.cc/RD/ Frame C79E	3 KB 3 KB	736ms 736ms	Document text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 311c72a1bf3afe4e64ea9846726c399e1493d05fe1c6d4ca4f79e6470a15cb1d Request headers :method GET :authority compass.adop.cc :scheme https :path /RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US cookie ADOP_CID=GB-210419144924-2e198856b0b949b8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-type text/html; charset=UTF-8 content-length 2121 content-encoding gzip date Mon, 19 Apr 2021 14:49:27 GMT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" set-cookie ADOP_CID=GB-210419144924-2e198856b0b949b8; expires=Sun, 18-Jul-2021 14:49:27 GMT; Max-Age=7776000; path=/; samesite=none; domain=.adop.cc; secure; httponly vary Accept-Encoding x-cache Miss from cloudfront via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 x-amz-cf-id lo3JOtnhy7mpJHQ5MDd98fO3uERjSt0h7KIvq-PzWCSDWeDlJYMxYA==
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame BE65	2 B 96 B	282ms 282ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI2IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC0yZTE5ODg1NmIwYjk0OWI4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxLzQiLCJ6aWQiOiJjNDNiM2VjMS1kMzc4LTRjM2QtOGNhZi02YTZmMWVkZmEyN2YiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4OS4yNDkuNjQuMTcxIiwiZmxvYyI6Imh0dHBzOi8vd3d3LnRlYW1ibGluZC5jb20vcG9zdC9mdWxsLWV4cGxhbmF0aW9uLW9mLXRoZS1nbWUtcmgtYW5kLWNpdGFkZWwtZGViYWNsZS1xYnN1Ymd6Nz91dG1fc291cmNlPW1peG1heCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj10cmVuZGluZyZ1dG1fY29udGVudD13aG8lMjdzaGlyaW5nJnV0bV9jb250ZW50PWV4cGxhaW5hdGlvbmdtZSIsImNkdCI6IjIxMDQxOTE0NDkyNCIsImRpciI6InYiLCJ3IjoiMTYwIiwiaCI6IjYwMCIsImxhbmciOiJlbi11cyIsInNjciI6IjE2MDB4MTIwMCIsInZwIjoiMTYweDYwMCIsInBhdGgiOiIvcG9zdC9mdWxsLWV4cGxhbmF0aW9uLW9mLXRoZS1nbWUtcmgtYW5kLWNpdGFkZWwtZGViYWNsZS1xYnN1Ymd6NyIsInRwIjoicmUiLCJyZWYiOiIiLCJ0aXRsZSI6IkZ1bGwlMjBleHBsYW5hdGlvbiUyMG9mJTIwdGhlJTIwR01FJTJDJTIwUkglMkMlMjBhbmQlMjBDaXRhZGVsJTIwZGViYWNsZSUyMC0lMjBCbGluZCIsInBsIjoiTGludXggeDg2XzY0Iiwid2QiOiJZIiwicGIiOiJOIiwicHQiOiJodHRwcyIsImxvZyI6ImJhc2ljIn0%3D Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H3-29	200	pubads_impl_2021041401.js Show response securepubads.g.doubleclick.net/gpt/ Frame BE65	298 KB 105 KB	16ms 15ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash 80d0a278e7a208ae2bd234aafcbdece69e63c9bf11e800d0ab5fa3c82176cf2c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:26 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 14 Apr 2021 08:43:31 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control private, immutable, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 107268 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:26 GMT
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/ Frame BE65	107 B 122 B	29ms 14ms	Script application/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=www.teamblind.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:26 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/ Frame BE65	107 B 122 B	31ms 15ms	Script application/javascript	2a00:1450:4001:828::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.teamblind.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:26 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/ Frame BE65	65 KB 17 KB	454ms 454ms	XHR text/plain	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3059150141615089&correlator=3305398929257480&output=ldjh&impl=fifs&eid=31060789&vrg=2021041401&ptt=17&sc=1&sfv=1-0-38&ecs=20210419&iu_parts=5932629%2Cca-pub-1474238860523410-tag%2Cteamblind_us_w_rt_160x600&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&eri=4&cookie_enabled=1&cdm=www.teamblind.com&bc=31&abxe=1&dt=1618843766743&dlt=1618843765653&idt=1086&ea=0&frm=23&biw=1600&bih=1200&isw=160&ish=600&oid=3&adxs=1113&adys=779&adks=681645340&ucis=q1l31rsq2e4i&ifi=1&ifk=251478172&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=www.teamblind.com&loc=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&top=www.teamblind.com&vis=1&dmc=8&scr_x=0&scr_y=0&psz=160x600&msz=160x600&ga_vid=1958103581.1618843767&ga_sid=1618843767&ga_hid=472424234&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash 41900d0752d8182e1770916c327d95c982dc463b1bc44e0a2ef543cac1b76b90 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 17714 x-xss-protection 0 google-lineitem-id -1 pragma no-cache server cafe google-creative-id -1 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.teamblind.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BE65	0 0	27ms 13ms	Other text/html	2a00:1450:4001:828::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3-29	200	container.html tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame BE65	0 0	7ms 7ms	Other text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame E4DD	19 KB 8 KB	16ms 15ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/334b6f2a-8e59-4bc4-9869-a8353ce75ab2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353341 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id 6Hq2SCZOqun-Jm-5jyI417_4igk-BTNlOGs6zo26aYNGHQu9uHag4w==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame E4DD	2 B 96 B	278ms 277ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144926&aid=77a1646f-142b-41fa-9ba8-9f440a46dfe1&zid=334b6f2a-8e59-4bc4-9869-a8353ce75ab2&r=Sanw Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/334b6f2a-8e59-4bc4-9869-a8353ce75ab2 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	publishertag.js Show response static.criteo.net/js/ld/ Frame E4DD	114 KB 37 KB	24ms 23ms	Script text/javascript	2a02:2638::3 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://static.criteo.net/js/ld/publishertag.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RE/334b6f2a-8e59-4bc4-9869-a8353ce75ab2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software nginx / Resource Hash 59883dc82297de1d8ff485a115678ff6e56102eb1fc170c9808737535f6f8070 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip last-modified Thu, 18 Mar 2021 09:52:29 GMT server nginx etag W/"605322dd-1c9d1" content-type text/javascript access-control-allow-origin * cache-control max-age=86400, public timing-allow-origin * expires Tue, 20 Apr 2021 14:49:27 GMT
GET H3-29	200	container.html Show response beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9513	6 KB 3 KB	8ms 8ms	Document text/html	2a00:1450:4001:828::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html?n=2 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 3108 date Mon, 19 Apr 2021 14:49:26 GMT expires Tue, 19 Apr 2022 14:49:26 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 1 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	osd.js Show response www.googletagservices.com/activeview/js/current/ Frame BE65	73 KB 28 KB	14ms 14ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1618423639646658" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28266 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:27 GMT
GET H3-29	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame BE65	9 KB 7 KB	22ms 22ms	XHR application/json	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041401&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 907e9b438aa364dc7e857dec3f7438f7cba0b415f87a8082802c43e54f502b56 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7060 x-xss-protection 0
GET H3-29	200	load_preloaded_resource_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame 9513	1 KB 910 B	6ms 6ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/load_preloaded_resource_fy2019.js Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:48:37 GMT content-encoding gzip x-content-type-options nosniff age 50 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 882 x-xss-protection 0 server cafe etag 11243716317595354070 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:48:37 GMT
GET H2	200	view_pixel_1x1.gif Show response secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/ Frame 9513 Redirect Chain https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-157687-884638-9&mkcid=4&mkevt=2&mpt=3860139453&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=529704 https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif	43 B 505 B	67ms 22ms	Fetch image/gif	104.75.89.51 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-51.deploy.static.akamaitechnologies.com Software envoy / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers suppress-x-frame-options true content-encoding gzip x-content-type-options nosniff x-cache-lookup MISS from include-cache-1:80 x-ebay-pop-id UFES2-SYD-irstatic-1 x-envoy-upstream-service-time 262 content-length 57 x-xss-protection 1; mode=block server envoy date Mon, 19 Apr 2021 14:49:27 GMT vary Accept-Encoding access-control-allow-methods GET content-type image/gif access-control-allow-origin * cache-control public, max-age=31536000, immutable access-control-allow-credentials true rlogid t6q%60uebwh%3D9vjdq%60uebwh*5kkvq%28rbpv6770-17569c27810-0xce access-control-allow-headers * expires Tue, 19 Apr 2022 14:49:27 GMT Redirect headers Date Mon, 19 Apr 2021 14:49:27 GMT Strict-Transport-Security max-age=31536000 Location https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif Cache-Control private,no-cache,no-store RlogId t6baubqsodf%3F%3Ctofgcp%60tqjfc*mup%3F1%28rbpv6775-178ea9b93aa-0x2329 Connection keep-alive Keep-Alive timeout=20 Content-Length 0
GET H3-29	200	adview securepubads.g.doubleclick.net/pagead/ Frame 9513	0 0	18ms 18ms	Fetch text/html	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CESQBdph9YMvvL_6h7_UPyr6B0AKNuc2RYszH0P_9C_OCtqCsGBABIPXfiiRglfrwgYwHoAHtg83BA8gBCakCyT5i3-sytD7gAgCoAwHIA5sEqgTbAU_QQvjfikhjnXfRNlc9fzr_oxNQpd56vWN7hlJS27-F-gvejS9wGTAj5BzM2hrBiZghRqvNd3c0wClAJAovsvh0uiV-FJqsxfttzptFJ0wu7R33QokFWUeEdSVnd-joeOnwrm-MiL-LNgpvV4jG4D4JjH0fj0UkwzQkDP3FB91L_2dwNHJqt1UYkwwxI8k_756sHeBzyeaR-AdEPTG5qdl6VGclvK-DPht9R7R-UXvGuQcVZ-SK30c8foriHq_cyLUdXxdmSGMd-C6r3lDSDLuDLr3DnRQQKrcfUsAE9oe3-8EC4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_v7sj6oB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEENa7A9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMjE1NzQ2Njg4NjY5ODkwN4AKA8gLAdgTC4gUBdAVAZgWAYAXAbIXGgoYCAASFHB1Yi0xNDc0MjM4ODYwNTIzNDEw&sigh=P1FGuG1q6i8&template_id=494 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software / Resource Hash Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3-29	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/ Frame 9513	17 KB 7 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/abg_lite_fy2019.js Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 76d293cad87de584b5105472b9672fb1460dcf35f82079e274e44a47860bf700 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:12 GMT content-encoding gzip x-content-type-options nosniff age 15 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7113 x-xss-protection 0 server cafe etag 11066897925667386271 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:49:12 GMT
GET H3-29	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame 9513	2 KB 1 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/window_focus_fy2019.js Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:49 GMT content-encoding gzip x-content-type-options nosniff age 98 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1303 x-xss-protection 0 server cafe etag 14729628269804859526 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:47:49 GMT
GET H3-29	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 9513	118 KB 36 KB	14ms 14ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1618423651533291" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36717 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:27 GMT
GET H3-29	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame 9513	13 KB 5 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/qs_click_protection_fy2019.js Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:29 GMT content-encoding gzip x-content-type-options nosniff age 118 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5602 x-xss-protection 0 server cafe etag 7525161794280374107 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:47:29 GMT
GET H2	200	a0b5068ca1fc7f6ff765c7833258ec42.js Show response www.gstatic.com/mysidia/ Frame 9513	25 KB 10 KB	7ms 6ms	Script text/javascript	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/a0b5068ca1fc7f6ff765c7833258ec42.js?tag=mysidia_one_click_handler_one_afma_2019 Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 789a93f4315357995e96053e32ee793d6b12f592fad617bb04f795c750f0c3bf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 10:26:44 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 13 Apr 2021 02:07:20 GMT server sffe age 15763 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7776000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 10491 x-xss-protection 0 expires Sun, 18 Jul 2021 10:26:44 GMT
GET H2	200	shopping encrypted-tbn0.gstatic.com/ Frame 9513	20 KB 20 KB	9ms 4ms	Image image/jpeg	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQF-jdY6sBW98qwnealBKLI5fGOM0XpisHnWDBt_2Gk1B_oeDcD3srie58AAw&usqp=CAI Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4daaa557ca68c1cb52fdac13a33618b071d8cbbd6f2fe3c95fb4bdffde28fbae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:04:01 GMT x-content-type-options nosniff last-modified Thu, 23 Jul 2020 17:25:44 GMT server sffe age 103526 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20679 x-xss-protection 0 expires Mon, 18 Apr 2022 10:04:01 GMT
GET H2	200	shopping encrypted-tbn3.gstatic.com/ Frame 9513	37 KB 37 KB	15ms 10ms	Image image/jpeg	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQbKyq8c1vfphS7NwMgghqjvlpviMrAseoFgZwaq-MVbvC42_9Q1DnT4dsDH2o&usqp=CAI Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e2bc21ae8a507917372991892dec98aaed553518fe406591bcd6669ed1dba3e5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 10:44:20 GMT x-content-type-options nosniff last-modified Wed, 26 Feb 2020 15:13:58 GMT server sffe age 360307 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 38059 x-xss-protection 0 expires Fri, 15 Apr 2022 10:44:20 GMT
GET H2	200	shopping encrypted-tbn2.gstatic.com/ Frame 9513	33 KB 33 KB	11ms 6ms	Image image/jpeg	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQm15bcKvJQLcwVTqtXlCyHK1ifR5FbP7iwninE7d_j4Cwte-CSvdQlsAgqO9c&usqp=CAI Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 881c4674332895e983677c8f65445306ccebd1f3b0d4c2c28cb0bcecf3d8fbe3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:38 GMT x-content-type-options nosniff last-modified Wed, 13 Jan 2021 21:45:06 GMT server sffe age 103549 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 33430 x-xss-protection 0 expires Mon, 18 Apr 2022 10:03:38 GMT
GET H3-29	200	6037977029595278777 tpc.googlesyndication.com/simgad/ Frame 9513 Redirect Chain https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDPuoCdLhCwCRisAjIIDwAhueo-8IU https://tpc.googlesyndication.com/simgad/6037977029595278777	148 KB 148 KB	7ms 7ms	Image image/png	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/6037977029595278777 Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cd127d352968353a32ac7851343015c73cae54a4a6a855a42ecae4889b435242 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 02:03:03 GMT x-content-type-options nosniff age 391584 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 151821 x-xss-protection 0 last-modified Fri, 30 Oct 2020 23:23:16 GMT server sffe content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 15 Apr 2022 02:03:03 GMT Redirect headers timing-allow-origin * date Sun, 18 Apr 2021 19:46:27 GMT x-content-type-options nosniff server cafe age 68580 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" location https://tpc.googlesyndication.com/simgad/6037977029595278777 cache-control public, max-age=2592000 cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Tue, 18 May 2021 19:46:27 GMT
GET H3-29	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame BE65	17 KB 6 KB	21ms 21ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1616005470650935" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6437 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:27 GMT
GET H3-29	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame EDFB	1 KB 749 B	6ms 5ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority pagead2.googlesyndication.com :scheme https :path /pagead/s/cookie_push_onload.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 19 Apr 2021 03:14:09 GMT expires Tue, 20 Apr 2021 03:14:09 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 cache-control public, max-age=86400 age 41718 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame 9513	214 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 788cea68089367ebe8197f169ef89eda1fbf5ee991d59fd27687d752340303bc Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H3-29	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/222/ Frame 2B96	12 KB 5 KB	6ms 6ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/222/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin content-length 5022 date Mon, 19 Apr 2021 14:48:42 GMT expires Tue, 19 Apr 2022 14:48:42 GMT last-modified Wed, 20 Jan 2021 19:23:06 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 45 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	204	current dclk-match.dotomi.com/match/bounce/ Frame EDFB	0 104 B	92ms 63ms	Image text/plain	2a02:fa8:8806:20::2040 VCLK-EU-SE
General Check archive.org Show headers Download Go to Show image Full URL https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOd31iaW_-s0nsXF3CJfEIs&google_cver=1&google_push=AQvitULa2mHmDxIGkuNwlW6vRtBuX3T1iWRdWvKM92S6QRBDsrfSSe5MxQKDVth4IYNug9ymlfJPolr7Vxaki2WCAE51Jt8XiX_H Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:fa8:8806:20::2040 , United States, ASN41041 (VCLK-EU-SE, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT cache-control no-cache, private, max-age=0, no-store server nginx expires 0
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame EDFB Redirect Chain https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJXrGU44AxOgDJJByAYIlKU&google_cver=1&google_push=AQvitUKxj3AiMWoW0EbP7bql9QS-1HtMmiVgPbBm0BLbUccqtO_e8HlxtB8TlhA6kV36AJBoKzV1Ibd_4ZPJzoc5... https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUKxj3AiMWoW0EbP7bql9QS-1HtMmiVgPbBm0BLbUccqtO_e8HlxtB8TlhA6kV36AJBoKzV1Ibd_4ZPJzoc5-sKPkphhWfc	170 B 188 B	17ms 17ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUKxj3AiMWoW0EbP7bql9QS-1HtMmiVgPbBm0BLbUccqtO_e8HlxtB8TlhA6kV36AJBoKzV1Ibd_4ZPJzoc5-sKPkphhWfc Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Date Mon, 19 Apr 2021 14:49:30 GMT Server MT3 3660 495c301 master zrh-pixel-x27 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUKxj3AiMWoW0EbP7bql9QS-1HtMmiVgPbBm0BLbUccqtO_e8HlxtB8TlhA6kV36AJBoKzV1Ibd_4ZPJzoc5-sKPkphhWfc Cache-Control no-cache Connection keep-alive Content-Type image/gif Keep-Alive timeout=360 Content-Length 0 Expires Mon, 19 Apr 2021 14:49:29 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame EDFB Redirect Chain https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE... https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBGyrNRQafOXFrVutq7vdRs&google_push=AQvitUKJ2NDIpNDGB3SJxjDJmkBrmoS6C6xURKycHV7KZnf5r48TuPwd59...	170 B 188 B	17ms 17ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBGyrNRQafOXFrVutq7vdRs&google_push=AQvitUKJ2NDIpNDGB3SJxjDJmkBrmoS6C6xURKycHV7KZnf5r48TuPwd59P2shvs3Y2rvRYtWURtCGgbKkVIy7tptshj5HlcmaA Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT via 1.1 varnish server Jetty(9.4.35.v20201120) x-timer S1618843767.363514,VS0,VE93 x-served-by cache-hhn4029-HHN x-cache MISS p3p CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM" location https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBGyrNRQafOXFrVutq7vdRs&google_push=AQvitUKJ2NDIpNDGB3SJxjDJmkBrmoS6C6xURKycHV7KZnf5r48TuPwd59P2shvs3Y2rvRYtWURtCGgbKkVIy7tptshj5HlcmaA cache-control no-cache accept-ranges bytes access-control-allow-origin * content-length 0 x-cache-hits 0
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame EDFB Redirect Chain https://d5p.de17a.com/cookies/google?google_gid=CAESEK2pWGExMSyRtPy3ZAkiM5c&google_cver=1&google_push=AQvitUJioVtEI8QpKZhwtEkTLy9ei0WCXi3Kl5EQsRKDLTwGQVlchw_lVWx5mpKblKC-CZQhEFydl4akJKZPiii1T_EEvRT... https://d5p.de17a.com/cookies/google;c?google_gid=CAESEK2pWGExMSyRtPy3ZAkiM5c&google_cver=1&google_push=AQvitUJioVtEI8QpKZhwtEkTLy9ei0WCXi3Kl5EQsRKDLTwGQVlchw_lVWx5mpKblKC-CZQhEFydl4akJKZPiii1T_EEv... https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUJioVtEI8QpKZhwtEkTLy9ei0WCXi3Kl5EQsRKDLTwGQVlchw_lVWx5mpKblKC-CZQhEFydl4akJKZPiii1T_EEvRThhqQP	170 B 188 B	17ms 17ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUJioVtEI8QpKZhwtEkTLy9ei0WCXi3Kl5EQsRKDLTwGQVlchw_lVWx5mpKblKC-CZQhEFydl4akJKZPiii1T_EEvRThhqQP Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUJioVtEI8QpKZhwtEkTLy9ei0WCXi3Kl5EQsRKDLTwGQVlchw_lVWx5mpKblKC-CZQhEFydl4akJKZPiii1T_EEvRThhqQP content-length 0 p3p CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame EDFB Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECCnhcKC36J6agUdL8sFOEc&google_cver=1&googl... https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECCnhcKC36J6agUdL8sFOEc&google_cver=1&googl... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH2YdzCjdwZDlAOst6HYagAABIEAAAAB&google_gid=CAESECCnhcKC36J6agUdL8sFOEc&google_cver=1&google_push=AQvitUL8v4VieIMFk-M5uqqexC-27N3LiyTb1...	170 B 188 B	32ms 17ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH2YdzCjdwZDlAOst6HYagAABIEAAAAB&google_gid=CAESECCnhcKC36J6agUdL8sFOEc&google_cver=1&google_push=AQvitUL8v4VieIMFk-M5uqqexC-27N3LiyTb1nDvx2MY1PXRSpeyD7jQBRofhTEhNyTrJHbhXO3F2Mg-ORd8WZ94BrjDodFpq74 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Mon, 19 Apr 2021 14:49:27 GMT Server Apache P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Location https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH2YdzCjdwZDlAOst6HYagAABIEAAAAB&google_gid=CAESECCnhcKC36J6agUdL8sFOEc&google_cver=1&google_push=AQvitUL8v4VieIMFk-M5uqqexC-27N3LiyTb1nDvx2MY1PXRSpeyD7jQBRofhTEhNyTrJHbhXO3F2Mg-ORd8WZ94BrjDodFpq74 Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type text/html; charset=iso-8859-1 Content-Length 459 Expires Mon, 19 Apr 2021 14:49:27 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame EDFB Redirect Chain https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEP... https://sync.targeting.unrulymedia.com/csync/RX-7a803927-1200-4ec0-b76d-dacc610d01d8-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUK1bFLBbwuJEZ9ZWfrhx... https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUK1bFLBbwuJEZ9ZWfrhx2E9749_GGMGm1pn7kQwaXLT50wKXBzWWgkdkf0aJ78SE10GJQbgzonQC7KO0nz-iqChY7fWgodt&google_hm=A3qAOScSAE7At23azGENAdg	170 B 188 B	18ms 18ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUK1bFLBbwuJEZ9ZWfrhx2E9749_GGMGm1pn7kQwaXLT50wKXBzWWgkdkf0aJ78SE10GJQbgzonQC7KO0nz-iqChY7fWgodt&google_hm=A3qAOScSAE7At23azGENAdg Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Date Mon, 19 Apr 2021 14:49:27 GMT Server Tengine ETag RX7a80392712004ec0b76ddacc610d01d8003 Transfer-Encoding chunked P3P CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why" Location https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUK1bFLBbwuJEZ9ZWfrhx2E9749_GGMGm1pn7kQwaXLT50wKXBzWWgkdkf0aJ78SE10GJQbgzonQC7KO0nz-iqChY7fWgodt&google_hm=A3qAOScSAE7At23azGENAdg Connection keep-alive Content-Type text/html
GET H2	204	attr cm.g.doubleclick.net/pixel/ Frame EDFB	0 227 B	43ms 15ms	Image text/html	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K7cztLPRZ-G5qhKSz1ADTlrUyZ0I3jV9fl2D8rTMQz2AzVB1GfoEZ3q0_E84izlA Requested by Host: beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com URL: https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT server HTTP server (unknown) alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame C79E	19 KB 8 KB	16ms 16ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353341 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id QBxinPpIlhshwRaNmFFOHUAyPitMGNeGUqQPHfTKoWKbbRc6siuKdg==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame C79E	2 B 96 B	294ms 293ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144927&aid=2cbfc966-83a4-49c3-9274-4803a674a49f&zid=47dd25ee-f82d-4382-984e-e860109a0124&r=srIt Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H3-29	200	gpt.js Show response www.googletagservices.com/tag/js/ Frame C79E	62 KB 21 KB	16ms 14ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bc8fca8a7e079b133ee4f57e3129fa6ce6a46a1de54f624e81a1d4a650a33d7f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "847 / 911 of 1000 / last-modified: 1618843586" vary Accept-Encoding content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21064 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:27 GMT
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame E4DD	2 B 96 B	283ms 283ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI2IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC0yZTE5ODg1NmIwYjk0OWI4IiwibmV0IjoiQ3JpdGVvX1BNIiwid2d0IjoiMTAwIiwib3JkIjoiMi80IiwiemlkIjoiMzM0YjZmMmEtOGU1OS00YmM0LTk4NjktYTgzNTNjZTc1YWIyIiwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODkuMC40Mzg5LjcyIFNhZmFyaS81MzcuMzYiLCJicm93IjoiQ2hyb21lIiwiZGV2IjoiZGVza3RvcCIsIm9zIjoiV2luZG93cyIsImlwIjoiODkuMjQ5LjY0LjE3MSIsImZsb2MiOiJodHRwcyUzQSUyRiUyRmNvbXBhc3MuYWRvcC5jYyUyRlJEJTJGNzg3MzA4ZWUtN2VhZC00YTdhLTg1YzktZWQ3OTVjY2Q5NzZiJTNGb3Zlci1zaXplJTNEYXV0byUyNm92ZXItc2l6ZS13JTNEbnVsbCUyNm92ZXItc2l6ZS1oJTNEbnVsbCUyNm92ZXItem9uZSUzRCUyNTdCJTI1MjI0Njh4NjAlMjUyMiUyNTNBJTI1MjJiMTgxNTZhZC1jZTBmLTQxN2EtOTg2Yy1jNTM2OWIwMTk0YjMlMjUyMiUyNTJDJTI1MjI3Mjh4OTAlMjUyMiUyNTNBJTI1MjI3ODczMDhlZS03ZWFkLTRhN2EtODVjOS1lZDc5NWNjZDk3NmIlMjUyMiUyNTdEJTI2YWRvcC16b25lJTNEZjI2OWZjYzctNDBlNy00NDdkLWJiZDQtYWRlNmY0ZWUwNzVmJTI2c2l6ZV93aWR0aCUzRDcyOCUyNnNpemVfaGVpZ2h0JTNEOTAlMjZ0eXBlJTNEcnMlMjZsb2MlM0QlMjZ0aXRsZSUzREZ1bGwlMjUyNTIwZXhwbGFuYXRpb24lMjUyNTIwb2YlMjUyNTIwdGhlJTI1MjUyMEdNRSUyNTI1MkMlMjUyNTIwUkglMjUyNTJDJTI1MjUyMGFuZCUyNTI1MjBDaXRhZGVsJTI1MjUyMGRlYmFjbGUlMjUyNTIwLSUyNTI1MjBCbGluZCUyNnJlZiUzRCUyNiIsImNkdCI6IjIxMDQxOTE0NDkyNCIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9 Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H2	200	syncframe Show response gum.criteo.com/ Frame D08B	0 150 B	39ms 14ms	Document text/html	2a02:2638:1::13 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://gum.criteo.com/syncframe?topUrl=www.teamblind.com Requested by Host: static.criteo.net URL: https://static.criteo.net/js/ld/publishertag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers :method GET :authority gum.criteo.com :scheme https :path /syncframe?topUrl=www.teamblind.com pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://compass.adop.cc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://compass.adop.cc/ Response headers cache-control private, max-age=0 content-type text/html; charset=utf-8 strict-transport-security max-age=31536000 server-processing-duration-in-ticks 1651 date Mon, 19 Apr 2021 14:49:27 GMT content-length 0
POST H2	204	cdb Show response bidder.criteo.com/ Frame E4DD	0 145 B	29ms 28ms	XHR text/plain	178.250.0.165 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://bidder.criteo.com/cdb?ptv=106&profileId=184&cb=82906461475 Requested by Host: static.criteo.net URL: https://static.criteo.net/js/ld/publishertag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS bidder.par.vip.prod.criteo.com Software Finatra / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers access-control-allow-origin https://compass.adop.cc date Mon, 19 Apr 2021 14:49:26 GMT access-control-allow-credentials true server Finatra timing-allow-origin * vary Origin
GET H3-29	200	aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Show response pagead2.googlesyndication.com/bg/ Frame 2B96	14 KB 6 KB	7ms 6ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 693a39255f808f38ae64d4daf12a78de32d51bca970b01fb398534e81fb641b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 05:34:55 GMT content-encoding br x-content-type-options nosniff last-modified Thu, 08 Apr 2021 09:18:00 GMT server sffe age 33272 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5682 x-xss-protection 0 expires Tue, 19 Apr 2022 05:34:55 GMT
GET H2	200	pixel.gif static.criteo.net/images/ Frame E4DD	43 B 260 B	21ms 21ms	Image image/gif	2a02:2638::3 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Show image Full URL https://static.criteo.net/images/pixel.gif?ch=1 Requested by Host: static.criteo.net URL: https://static.criteo.net/js/ld/publishertag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT last-modified Tue, 09 Dec 2008 16:52:36 GMT server nginx etag "493ea254-2b" content-type image/gif access-control-allow-origin * cache-control max-age=31104000, public accept-ranges bytes timing-allow-origin * content-length 43 expires Thu, 14 Apr 2022 14:49:27 GMT
GET H2	200	pixel.gif static.criteo.net/images/ Frame E4DD	43 B 260 B	21ms 21ms	Image image/gif	2a02:2638::3 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Show image Full URL https://static.criteo.net/images/pixel.gif?ch=2 Requested by Host: static.criteo.net URL: https://static.criteo.net/js/ld/publishertag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT last-modified Tue, 09 Dec 2008 16:52:36 GMT server nginx etag "493ea254-2b" content-type image/gif access-control-allow-origin * cache-control max-age=31104000, public accept-ranges bytes timing-allow-origin * content-length 43 expires Thu, 14 Apr 2022 14:49:27 GMT
GET H2	200	adop.js Show response compass.adop.cc/assets/js/adop/ Frame 1E50	3 KB 2 KB	29ms 29ms	Script application/javascript	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/assets/js/adop/adop.js?v=14 Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash b0bc5e3662f35ed2dc29a0687c30b85ed673275ad4ebcc2e5d6422316db85b50 Request headers Referer https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:43:11 GMT content-encoding gzip last-modified Thu, 18 Jun 2020 04:56:42 GMT age 377 etag W/"5eeaf40a-b3e" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) cache-control max-age=600 x-amz-cf-pop ZRH50-C1 content-length 1564 x-amz-cf-id fJ4vGkjbIDSzflnMmz2eD3zNTwG6y5VBnByl7mVfOMeoDtJlMLw6dQ== expires Mon, 19 Apr 2021 14:53:10 GMT
POST H2	204	events bidder.criteo.com/csm/ Frame E4DD	0 145 B	20ms 20ms	Ping text/plain	178.250.0.165 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://bidder.criteo.com/csm/events Requested by Host: static.criteo.net URL: https://static.criteo.net/js/ld/publishertag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS bidder.par.vip.prod.criteo.com Software Finatra / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers access-control-allow-origin https://compass.adop.cc date Mon, 19 Apr 2021 14:49:26 GMT access-control-allow-credentials true server Finatra timing-allow-origin * vary Origin
GET H2	200	6448a714-96de-4bc1-9cdc-82a5f0b01aaa Show response compass.adop.cc/RD/ Frame 67C9	2 KB 2 KB	265ms 265ms	Document text/html	13.224.102.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://compass.adop.cc/RD/6448a714-96de-4bc1-9cdc-82a5f0b01aaa?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=6448a714-96de-4bc1-9cdc-82a5f0b01aaa&type=js&loc=&size_width=728&size_height=90&title=&ref=& Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.102.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-102-20.zrh50.r.cloudfront.net Software / Resource Hash 795c9ed620bd1ddc4419732cdf0c64989f632d3733fdb6d0134dbcdd8123fc79 Request headers :method GET :authority compass.adop.cc :scheme https :path /RD/6448a714-96de-4bc1-9cdc-82a5f0b01aaa?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=6448a714-96de-4bc1-9cdc-82a5f0b01aaa&type=js&loc=&size_width=728&size_height=90&title=&ref=& pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& accept-encoding gzip, deflate, br accept-language en-US cookie ADOP_CID=GB-210419144924-2e198856b0b949b8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Response headers content-type text/html; charset=UTF-8 content-length 1100 content-encoding gzip date Mon, 19 Apr 2021 14:49:27 GMT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" set-cookie ADOP_CID=GB-210419144924-2e198856b0b949b8; expires=Sun, 18-Jul-2021 14:49:27 GMT; Max-Age=7776000; path=/; samesite=none; domain=.adop.cc; secure; httponly vary Accept-Encoding x-cache Miss from cloudfront via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 x-amz-cf-id pBqNC2yk3NVGe98QW6jcA0QlErp9MFO9fk6gJ5WQhLBdS7Tsua_ykQ==
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame BE65	0 20 B	39ms 39ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041401&jk=3059150141615089&bg=!PzylPHjNAAZUuIlwVLg7ACkAdvg8Wotjj82OuizXFKoUnLlGAz8Rz2-MDeGSHqvO1CAIHMJmS_LlWQIAAABHUgAAAAtoAQeZAl3sM8Mrm2vocw8LnEcbSP5oL_7In9CBs52cATTQG7srQVMqvRLWXJT6jVk_nylCdKHMZXFhTvjGxU1WHGSsHW3J34AUrznEi6CApe91dAOvbaN6y3_w2FIfdNJC6WLQxbWhwAwbFq_ZUr42EOjk9fu6zcAp2OekFMq5610PhFajijQ36cSRIXMqivJuj9EtsVMEmFdqy4oDQPbTj4t2A0JAP-f-xygH8jJbKbNJJynMtJhpjsbcf0BSNoTGH0pLBNmsBYBOUph096C3DpwojNAjHmtxpfDpx7qC4AlCS5EBTeUAlrkMQawKeoZV6YHXhsxkkjw-hVfVLRNtgLB1I-A7KeGrLrO9oXmf173gDtHUvPV7tmSllDZEtWKFyVdyODxK2-pLZhkL78WZs4YI7Z1aauTkMfTtOEZT0T_C-Vx1ZAB3_u173xhKM_aUdRHXNNVpAH0-UKQ7Ko0OVD4-0OKY1h-Z_riJk-dwgZHW5Ons-pGXTjCznv9G7xVt_8Ru3EaMHZzqvD5OWCEAyO9vWpg0yjgclBrAY86_qsxokOCMJauSPBE3KGobWeSEgheQK1xwW5ytP2oueORlldRidzoa2-Q6L1LCNgGYssoEtzqLhFBl0P2iGchMX0ymL2_Bx6xwvWba9F_wB9ODc4j4AdwaVhCnL0-_ycWW99CuZOAVr5pmFnQALdgshIs8b837cGCXzMoqD87Cat9OeziHNGEo_n-aDBhLPdrBRXkmhS442zUrsXK_mHUY85NsBGnnRPHA5SaPrR8pHIF5TX9YClAhZTgorHqjEEpH7sCsTQ Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame C79E	2 B 96 B	294ms 294ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI3IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC0yZTE5ODg1NmIwYjk0OWI4IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIyMjIyLzc3ODIiLCJ6aWQiOiI0N2RkMjVlZS1mODJkLTQzODItOTg0ZS1lODYwMTA5YTAxMjQiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiI4OS4yNDkuNjQuMTcxIiwiZmxvYyI6Imh0dHBzOi8vIiwiY2R0IjoiMjEwNDE5MTQ0OTI0Iiwid2QiOiJZIiwicGIiOiJOIiwicHQiOiJodHRwcyIsImxvZyI6ImJhc2ljIn0%3D Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H3-29	200	pubads_impl_2021041401.js Show response securepubads.g.doubleclick.net/gpt/ Frame C79E	298 KB 105 KB	15ms 15ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash 80d0a278e7a208ae2bd234aafcbdece69e63c9bf11e800d0ab5fa3c82176cf2c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 14 Apr 2021 08:43:31 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control private, immutable, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 107268 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:27 GMT
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/ Frame C79E	107 B 122 B	15ms 14ms	Script application/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=compass.adop.cc Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/ Frame C79E	107 B 122 B	16ms 16ms	Script application/javascript	2a00:1450:4001:828::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=compass.adop.cc Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/ Frame C79E	80 KB 18 KB	439ms 439ms	XHR text/plain	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3976733305422161&correlator=114701120933306&output=ldjh&impl=fifs&eid=31060689&vrg=2021041401&ptt=17&sc=1&sfv=1-0-38&ecs=20210419&iu_parts=5932629%2Cca-pub-1474238860523410-tag%2Cteamblind_us_middle_728x90&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&eri=4&cdm=compass.adop.cc&bc=31&abxe=1&dt=1618843767684&dlt=1618843767337&idt=339&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=3&adxs=0&adys=0&adks=2498704743&ucis=6c8wsxptwzpq&ifi=1&ifk=1838538519&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=4&url=www.teamblind.com&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F47dd25ee-f82d-4382-984e-e860109a0124%3Fover-size%3Dnull%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3Dnull%26adop-zone%3D47dd25ee-f82d-4382-984e-e860109a0124%26type%3Djs%26loc%3D%26size_width%3D728%26size_height%3D90%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=www.teamblind.com&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=728x90&msz=728x90&ga_vid=862713159.1618843768&ga_sid=1618843768&ga_hid=1606906188&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash 860ac235769551ba483d13e1c137b76db715429b704dfff671a6de3ed9dd47c5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18143 x-xss-protection 0 google-lineitem-id -1 pragma no-cache server cafe google-creative-id -1 content-type text/plain; charset=UTF-8 access-control-allow-origin https://compass.adop.cc cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C79E	0 0	40ms 13ms	Other text/html	2a00:1450:4001:828::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3-29	200	container.html tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame C79E	0 0	6ms 6ms	Other text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	adop_sdk_p3.2.1.min.js Show response adopdmp.adop.cc/ Frame 67C9	19 KB 8 KB	13ms 12ms	Script application/javascript	2600:9000:20e8:4800:18:69f:d880:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/6448a714-96de-4bc1-9cdc-82a5f0b01aaa?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=6448a714-96de-4bc1-9cdc-82a5f0b01aaa&type=js&loc=&size_width=728&size_height=90&title=&ref=& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20e8:4800:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 05 Feb 2021 02:00:27 GMT content-encoding gzip last-modified Tue, 28 Jan 2020 07:27:14 GMT server AmazonS3 age 6353341 etag W/"beb7e40d14c2bdc6a039fcdbe887d780" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront) cache-control max-age=31536000, public x-amz-cf-pop TXL52-C1 x-amz-cf-id khbv8TGHJX-hv_XOPEIVgAD4kS7IoV_miaprnK26BEys06anBgHfQw==
GET H/1.1	200 OK	collect.php Show response data.adop.cc/ Frame 67C9	2 B 96 B	278ms 277ms	Script text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://data.adop.cc/collect.php?log=com_imp&dt=20210419144927&aid=56a94a33-96bd-4029-a09c-45273047c285&zid=6448a714-96de-4bc1-9cdc-82a5f0b01aaa&r=4Bwh Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/6448a714-96de-4bc1-9cdc-82a5f0b01aaa?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=6448a714-96de-4bc1-9cdc-82a5f0b01aaa&type=js&loc=&size_width=728&size_height=90&title=&ref=& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H3-29	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/ Frame 67C9	134 KB 48 KB	24ms 24ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/6448a714-96de-4bc1-9cdc-82a5f0b01aaa?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=6448a714-96de-4bc1-9cdc-82a5f0b01aaa&type=js&loc=&size_width=728&size_height=90&title=&ref=& Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash dad2ac3f093b8cdcca3bfce4fb4d0d7c2e72bd3247ea05ec5e383559d4c3a77f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:27 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 48646 x-xss-protection 0 server cafe etag 9885252380620520250 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Mon, 19 Apr 2021 14:49:27 GMT
GET H/1.1	200 OK	collect.php data.adop.cc/ Frame 67C9	2 B 96 B	278ms 277ms	Image text/plain	13.124.92.103 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE5MTQ0OTI3IiwiY3RyeSI6IkdCIiwiYWNpZCI6IkdCLTIxMDQxOTE0NDkyNC0yZTE5ODg1NmIwYjk0OWI4IiwibmV0IjoiR29vZ2xlIEFkU2Vuc2UiLCJ3Z3QiOiI4MCIsIm9yZCI6IjMvNCIsInppZCI6IjY0NDhhNzE0LTk2ZGUtNGJjMS05Y2RjLTgyYTVmMGIwMWFhYSIsInVhIjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg5LjAuNDM4OS43MiBTYWZhcmkvNTM3LjM2IiwiYnJvdyI6IkNocm9tZSIsImRldiI6ImRlc2t0b3AiLCJvcyI6IldpbmRvd3MiLCJpcCI6Ijg5LjI0OS42NC4xNzEiLCJmbG9jIjoiaHR0cHMlM0ElMkYlMkZjb21wYXNzLmFkb3AuY2MlMkZSRCUyRjc4NzMwOGVlLTdlYWQtNGE3YS04NWM5LWVkNzk1Y2NkOTc2YiUzRm92ZXItc2l6ZSUzRGF1dG8lMjZvdmVyLXNpemUtdyUzRG51bGwlMjZvdmVyLXNpemUtaCUzRG51bGwlMjZvdmVyLXpvbmUlM0QlMjU3QiUyNTIyNDY4eDYwJTI1MjIlMjUzQSUyNTIyYjE4MTU2YWQtY2UwZi00MTdhLTk4NmMtYzUzNjliMDE5NGIzJTI1MjIlMjUyQyUyNTIyNzI4eDkwJTI1MjIlMjUzQSUyNTIyNzg3MzA4ZWUtN2VhZC00YTdhLTg1YzktZWQ3OTVjY2Q5NzZiJTI1MjIlMjU3RCUyNmFkb3Atem9uZSUzRGYyNjlmY2M3LTQwZTctNDQ3ZC1iYmQ0LWFkZTZmNGVlMDc1ZiUyNnNpemVfd2lkdGglM0Q3MjglMjZzaXplX2hlaWdodCUzRDkwJTI2dHlwZSUzRHJzJTI2bG9jJTNEJTI2dGl0bGUlM0RGdWxsJTI1MjUyMGV4cGxhbmF0aW9uJTI1MjUyMG9mJTI1MjUyMHRoZSUyNTI1MjBHTUUlMjUyNTJDJTI1MjUyMFJIJTI1MjUyQyUyNTI1MjBhbmQlMjUyNTIwQ2l0YWRlbCUyNTI1MjBkZWJhY2xlJTI1MjUyMC0lMjUyNTIwQmxpbmQlMjZyZWYlM0QlMjYiLCJjZHQiOiIyMTA0MTkxNDQ5MjQiLCJ3ZCI6IlkiLCJwYiI6Ik4iLCJwdCI6Imh0dHBzIiwibG9nIjoiYmFzaWMifQ%3D%3D Requested by Host: compass.adop.cc URL: https://compass.adop.cc/RD/6448a714-96de-4bc1-9cdc-82a5f0b01aaa?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=6448a714-96de-4bc1-9cdc-82a5f0b01aaa&type=js&loc=&size_width=728&size_height=90&title=&ref=& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 2
GET H3-29	200	show_ads_impl_with_ama_fy2019.js Show response pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/ Frame 67C9	222 KB 83 KB	28ms 28ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=compass.adop.cc&amaexp=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 11d5cc5bb3db6c56fb91f9068e7f4741f6212c8e2e5546b17039c1c58720fb83 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 84747 x-xss-protection 0 server cafe etag 7950800710615234990 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Mon, 19 Apr 2021 14:49:28 GMT
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/ Frame 67C9	107 B 122 B	15ms 14ms	Script application/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=compass.adop.cc Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=compass.adop.cc&amaexp=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/ Frame 67C9	107 B 122 B	15ms 15ms	Script application/javascript	2a00:1450:4001:828::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=compass.adop.cc Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=compass.adop.cc&amaexp=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame DD4D	97 KB 27 KB	368ms 367ms	Document text/html	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=compass.adop.cc&amaexp=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f01a7a52aaeecba099da4a8a08ece19dab5f605a07a28afd6342ac9f9158981b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://compass.adop.cc/ accept-encoding gzip, deflate, br accept-language en-US cookie IDE=AHWqTUkhuW4yLSL5U8RCh03DPmU9xy2TQiiYNjcOtD1DBfgYhIyq4EAz5ROlJ3qjflY Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://compass.adop.cc/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Mon, 19 Apr 2021 14:49:28 GMT server cafe content-length 27076 x-xss-protection 0 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	osd.js Show response www.googletagservices.com/activeview/js/current/ Frame 67C9	73 KB 28 KB	16ms 15ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=compass.adop.cc&amaexp=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1618423639646658" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28266 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:28 GMT
GET H3-29	200	container.html Show response c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F303	6 KB 3 KB	7ms 7ms	Document text/html	2a00:1450:4001:828::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html?n=4 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://compass.adop.cc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://compass.adop.cc/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 3108 date Mon, 19 Apr 2021 14:49:27 GMT expires Tue, 19 Apr 2022 14:49:27 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 1 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	osd.js Show response www.googletagservices.com/activeview/js/current/ Frame C79E	73 KB 28 KB	16ms 16ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1618423639646658" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28266 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:28 GMT
GET H3-29	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame C79E	9 KB 7 KB	20ms 19ms	XHR application/json	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041401&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash c4339f9ef7692ed5872f7c4234cec61d6674b18501c2727ee3a0b4501b9ff087 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7009 x-xss-protection 0
GET H3-29	200	load_preloaded_resource_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame F303	1 KB 918 B	9ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/load_preloaded_resource_fy2019.js Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:48:37 GMT content-encoding gzip x-content-type-options nosniff age 51 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 882 x-xss-protection 0 server cafe etag 11243716317595354070 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:48:37 GMT
GET H2	200	view_pixel_1x1.gif Show response secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/ Frame F303 Redirect Chain https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-157687-884638-9&mkcid=4&mkevt=2&mpt=901382182&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=529704 https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif	43 B 505 B	20ms 20ms	Fetch image/gif	104.75.89.51 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-51.deploy.static.akamaitechnologies.com Software envoy / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers suppress-x-frame-options true content-encoding gzip x-content-type-options nosniff x-cache-lookup MISS from include-cache-1:80 x-ebay-pop-id UFES2-SYD-irstatic-1 x-envoy-upstream-service-time 262 content-length 57 x-xss-protection 1; mode=block server envoy date Mon, 19 Apr 2021 14:49:28 GMT vary Accept-Encoding access-control-allow-methods GET content-type image/gif access-control-allow-origin * cache-control public, max-age=31536000, immutable access-control-allow-credentials true rlogid t6q%60uebwh%3D9vjdq%60uebwh*5kkvq%28rbpv6770-17569c27810-0xce access-control-allow-headers * expires Tue, 19 Apr 2022 14:49:28 GMT Redirect headers Date Mon, 19 Apr 2021 14:49:27 GMT Strict-Transport-Security max-age=31536000 Location https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif Cache-Control private,no-cache,no-store RlogId t6baubqsodf%3F%3Ctofgcp%60tqjfc*1mvso%28rbpv6775-178ea9b959d-0x2339 Connection keep-alive Keep-Alive timeout=20 Content-Length 0
GET H3-29	200	adview securepubads.g.doubleclick.net/pagead/ Frame F303	0 0	43ms 42ms	Fetch text/html	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=C5u4kd5h9YMyfLNnB-gaDvLugDo25zZFizMfQ__0L84K2oKwYEAEg9d-KJGCV-vCBjAegAe2DzcEDyAEJqQLJPmLf6zK0PuACAKgDAcgDmwSqBNkBT9B9RetNjJ1BQqMTgFdlcGuEBD1hfKIQ67wchyl0A2GVgR7Ix7tYUd13Aw1eSyA7drmuUro31tunD244QTAAEhye_Ful8WlM5WgBbaMBWGlbV7vjJb0hj52ayCHfVFrYO0wFvjSGxmkQpDSwRPcAQwip8gSqc_eOnAV5oOyn5bQSihGgT20L5zmNAYVkHjZuh4TLbKG1Dbn_eD_PWDb3fv3eOahc-gzTkxtz35ldkZyRkTjex__w2gtoqd2FC0hDQ6ZVIs4IO_2XDE-RGjQzhBJcdNNZeL8cjcAE9oe3-8EC4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_v7sj6oB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcDEPAu0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0yMTU3NDY2ODg2Njk4OTA3gAoDyAsB2BMLiBQF0BUBmBYBgBcBshcaChgIABIUcHViLTE0NzQyMzg4NjA1MjM0MTA&sigh=u2vigynVHjw&template_id=494 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software / Resource Hash Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3-29	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/ Frame F303	17 KB 7 KB	9ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/abg_lite_fy2019.js Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 76d293cad87de584b5105472b9672fb1460dcf35f82079e274e44a47860bf700 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:12 GMT content-encoding gzip x-content-type-options nosniff age 16 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7113 x-xss-protection 0 server cafe etag 11066897925667386271 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:49:12 GMT
GET H3-29	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame F303	2 KB 1 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/window_focus_fy2019.js Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:49 GMT content-encoding gzip x-content-type-options nosniff age 99 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1303 x-xss-protection 0 server cafe etag 14729628269804859526 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:47:49 GMT
GET H3-29	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame F303	118 KB 36 KB	15ms 14ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1618423651533291" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36717 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:28 GMT
GET H3-29	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame F303	13 KB 6 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/qs_click_protection_fy2019.js Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:29 GMT content-encoding gzip x-content-type-options nosniff age 119 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5602 x-xss-protection 0 server cafe etag 7525161794280374107 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:47:29 GMT
GET H2	204	l www.google.com/ads/measurement/ Frame F303	0 0	14ms 13ms	Image text/html	2a00:1450:4001:809::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaSEo_6pbzV0CgxOSYUcbPxXTXfyh3hMb5sq-AdnAnwTps5myG_pv4Ykg5snSN6XlK3Mlz9n_YQH7otpzuIdfGP5ubgBKg Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3-29	200	a0b5068ca1fc7f6ff765c7833258ec42.js Show response www.gstatic.com/mysidia/ Frame F303	25 KB 10 KB	16ms 14ms	Script text/javascript	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/a0b5068ca1fc7f6ff765c7833258ec42.js?tag=mysidia_one_click_handler_one_afma_2019 Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 789a93f4315357995e96053e32ee793d6b12f592fad617bb04f795c750f0c3bf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 10:26:44 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 13 Apr 2021 02:07:20 GMT server sffe age 15764 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7776000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 10491 x-xss-protection 0 expires Sun, 18 Jul 2021 10:26:44 GMT
GET H3-29	200	shopping encrypted-tbn3.gstatic.com/ Frame F303	31 KB 31 KB	25ms 10ms	Image image/jpeg	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRI7nLfSXIzUynzE7b27zYiDgm5gMaiF4aYbdhP1nYFjbme12Q53oJrklehKjo&usqp=CAI Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ec35c70eccb0443b1a12d3ca2c066ddc945a4d1d6cca01c826cedc74592c7e28 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 11:02:47 GMT x-content-type-options nosniff last-modified Wed, 30 Dec 2020 20:49:16 GMT server sffe age 359201 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31406 x-xss-protection 0 expires Fri, 15 Apr 2022 11:02:47 GMT
GET H3-29	200	shopping encrypted-tbn3.gstatic.com/ Frame F303	37 KB 37 KB	21ms 7ms	Image image/jpeg	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQbKyq8c1vfphS7NwMgghqjvlpviMrAseoFgZwaq-MVbvC42_9Q1DnT4dsDH2o&usqp=CAI Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e2bc21ae8a507917372991892dec98aaed553518fe406591bcd6669ed1dba3e5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 10:44:20 GMT x-content-type-options nosniff last-modified Wed, 26 Feb 2020 15:13:58 GMT server sffe age 360308 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 38059 x-xss-protection 0 expires Fri, 15 Apr 2022 10:44:20 GMT
GET H3-29	200	shopping encrypted-tbn0.gstatic.com/ Frame F303	20 KB 20 KB	30ms 10ms	Image image/jpeg	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQF-jdY6sBW98qwnealBKLI5fGOM0XpisHnWDBt_2Gk1B_oeDcD3srie58AAw&usqp=CAI Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4daaa557ca68c1cb52fdac13a33618b071d8cbbd6f2fe3c95fb4bdffde28fbae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:04:01 GMT x-content-type-options nosniff last-modified Thu, 23 Jul 2020 17:25:44 GMT server sffe age 103527 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20679 x-xss-protection 0 expires Mon, 18 Apr 2022 10:04:01 GMT
GET H3-29	200	shopping encrypted-tbn2.gstatic.com/ Frame F303	22 KB 22 KB	26ms 7ms	Image image/jpeg	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRVUXyWNlnzJF-eFhWtnU4HUtXVCrcIQyQ5yVz9eETlax8uOuGzuvg5elpYgpc&usqp=CAI Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c5cede7185dbdb2a96b248d88b1bb024ea71155404ec8d884172d8fe7cac239e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:43 GMT x-content-type-options nosniff last-modified Sat, 01 Aug 2020 10:52:52 GMT server sffe age 103545 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 22506 x-xss-protection 0 expires Mon, 18 Apr 2022 10:03:43 GMT
GET H2	200	shopping encrypted-tbn1.gstatic.com/ Frame F303	33 KB 33 KB	12ms 6ms	Image image/jpeg	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTiUr9BNuvpb6Ukw4beiHdcwxye9spn3ulgYBWWAaUhQdsJ4T0y&usqp=CAI Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0111cd4bd26d4b80a5079dbc7e982c361d16709bd00573c38f2c7d0708dd8f28 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 02:03:12 GMT x-content-type-options nosniff last-modified Tue, 02 Feb 2021 15:25:00 GMT server sffe age 391576 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 33502 x-xss-protection 0 expires Fri, 15 Apr 2022 02:03:12 GMT
GET H3-29	200	shopping encrypted-tbn2.gstatic.com/ Frame F303	33 KB 33 KB	26ms 9ms	Image image/jpeg	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQm15bcKvJQLcwVTqtXlCyHK1ifR5FbP7iwninE7d_j4Cwte-CSvdQlsAgqO9c&usqp=CAI Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 881c4674332895e983677c8f65445306ccebd1f3b0d4c2c28cb0bcecf3d8fbe3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:38 GMT x-content-type-options nosniff last-modified Wed, 13 Jan 2021 21:45:06 GMT server sffe age 103550 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 33430 x-xss-protection 0 expires Mon, 18 Apr 2022 10:03:38 GMT
GET H3-29	200	shopping encrypted-tbn0.gstatic.com/ Frame F303	26 KB 26 KB	24ms 7ms	Image image/jpeg	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSfer_wPLooPUJ-HerL7ao-5lEpCw9OkgO6VL3d3LnDLpTOmmWNV6XisWoRmA&usqp=CAI Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e9d2aab9984a7518beab5f3913f373275d6f870b1f64503c346615afb4221ca1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:38 GMT x-content-type-options nosniff last-modified Mon, 08 Apr 2019 14:06:48 GMT server sffe age 103550 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 26795 x-xss-protection 0 expires Mon, 18 Apr 2022 10:03:38 GMT
GET H3-29	200	12925602498586286455 tpc.googlesyndication.com/simgad/ Frame F303 Redirect Chain https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCnw6mFRxCwCRiwCTIIwAwarVHbLMA https://tpc.googlesyndication.com/simgad/12925602498586286455	93 KB 93 KB	8ms 7ms	Image image/jpeg	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/12925602498586286455 Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2780027c5d6e248dacc3b2b78e52f91f2ebbe919c329aa80035ae5430e0573a1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:38 GMT x-content-type-options nosniff age 103550 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 95649 x-xss-protection 0 last-modified Tue, 07 Jan 2020 21:29:41 GMT server sffe content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 18 Apr 2022 10:03:38 GMT Redirect headers timing-allow-origin * date Mon, 19 Apr 2021 14:36:55 GMT x-content-type-options nosniff server cafe age 753 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" location https://tpc.googlesyndication.com/simgad/12925602498586286455 cache-control public, max-age=2592000 cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Wed, 19 May 2021 14:36:55 GMT
GET H3-29	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame C79E	17 KB 6 KB	16ms 14ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041401.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1616005470650935" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6437 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:28 GMT
GET H3-29	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame 5325	1 KB 749 B	6ms 5ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority pagead2.googlesyndication.com :scheme https :path /pagead/s/cookie_push_onload.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 19 Apr 2021 03:14:09 GMT expires Tue, 20 Apr 2021 03:14:09 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 cache-control public, max-age=86400 age 41719 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame F303	211 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b26c6e24475b1253466b41fecea133a203f17d40c4eec5c8ac85d416aa07a614 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H3-29	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/222/ Frame 9964	12 KB 5 KB	6ms 6ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/222/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://compass.adop.cc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://compass.adop.cc/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin content-length 5022 date Mon, 19 Apr 2021 14:48:42 GMT expires Tue, 19 Apr 2022 14:48:42 GMT last-modified Wed, 20 Jan 2021 19:23:06 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 46 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	/ r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 5325 Redirect Chain https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGZGQ_3WFvMZzpWnc6kF4Ho&google_cver=1&google_push=AQvitUJ2mOy4OOJ9e1ORPEY-9NjwyOk2rR3pCYFpk6vVouSEIm4Pehem2cGwbwBXMeWpuzrMT2Kz3jYUyibycNn5NFd3nWOjmxia https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDExOTY0ODc3Njk4ODQwNDI4MA== https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEGZGQ_3WFvMZzpWnc6kF4Ho&google_cver=1	43 B 407 B	63ms 21ms	Image image/gif	46.228.164.11 TURN
General Check archive.org Show headers Download Go to Show image Full URL https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEGZGQ_3WFvMZzpWnc6kF4Ho&google_cver=1 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.228.164.11 , United Kingdom, ASN56396 (TURN, GB), Reverse DNS Software / Resource Hash 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:27 GMT cache-control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 content-type image/gif content-length 43 p3p policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV" Redirect headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEGZGQ_3WFvMZzpWnc6kF4Ho&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 301 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	i.match s.tribalfusion.com/z/ Frame 5325 Redirect Chain https://a.tribalfusion.com/i.match?p=b6&u=CAESEAFdzXeW6AyKsiXZXbkQnzA&google_cver=1&google_push=AQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR&... https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAFdzXeW6AyKsiXZXbkQnzA&google_cver=1&google_push=AQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0f...	43 B 442 B	176ms 175ms	Image image/gif	2606:4700::6812:c05 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAFdzXeW6AyKsiXZXbkQnzA&google_cver=1&google_push=AQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT cf-cache-status DYNAMIC x-function 302 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 6426f0906a64d6bd-FRA p3p CP="NOI DEVo TAIa OUR BUS" cache-control no-cache, private content-type image/gif; charset=utf-8 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43 cf-request-id 098c34ae430000d6bd7a8de000000001 expires Thu, 01 Jan 1970 00:00:00 GMT Redirect headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT cf-cache-status DYNAMIC x-function 206 server cloudflare x-reuse-index 267 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 6426f08f588bd6bd-FRA p3p CP="NOI DEVo TAIa OUR BUS" location https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAFdzXeW6AyKsiXZXbkQnzA&google_cver=1&google_push=AQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUJxB4zeZu95NEupeeRjEXaiGvn4Z2_DqNoRuazjJ1cRx8CeZDDLo6QD9n_pnqCfwBECL062kWEdDS2GrhEijjKJPHnVE0fR%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 cache-control no-cache, private content-type text/html alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 098c34ad9c0000d6bdffa72000000001 expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	204	AdxPixel tr.blismedia.com/v1/api/sync/ Frame 5325	0 135 B	33ms 16ms	Image text/plain	34.96.105.8 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEMZabL_A9AjF1No8OdrfzXg&google_cver=1&google_push=AQvitUKEBuGf1EJNVGlITZuvN9ZCLlJz47YRUfrh8VuI9SCKd24n_ekvpBrKuld8Onot_ezaeqbxwCSZR_d-0K3tClQ9xrTTaRSm Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 8.105.96.34.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT via 1.1 google alt-svc clear
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 5325 Redirect Chain https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELTP8cr9fiZrLxvCY3K-L3k&google_cver=1&google_push=AQvitUINeObgYr9zqL43tA4SRFvNOwttMWCYQ5EE1WfF_u5b-tb9APe1ejEnI05Y8aKBCDl4pctEMwky... https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELTP8cr9fiZrLxvCY3K-L3k&google_cver=1&google_push=AQvitUINeObgYr9zqL43tA4SRFvNOwttMWCYQ5EE1WfF_u5b-tb9APe1ejEnI05Y8aKBCDl4pct... https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQwODEwMTkxMzYzNDUxMzEyNw&google_push=AQvitUINeObgYr9zqL43tA4SRFvNOwttMWCYQ5EE1WfF_u5b-tb9APe1ejEnI05Y8aKBCDl4pctEMw...	170 B 188 B	18ms 18ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQwODEwMTkxMzYzNDUxMzEyNw&google_push=AQvitUINeObgYr9zqL43tA4SRFvNOwttMWCYQ5EE1WfF_u5b-tb9APe1ejEnI05Y8aKBCDl4pctEMwkyGiHfaCi0vjE8BFExmKtsZw Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT server nginx location https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQwODEwMTkxMzYzNDUxMzEyNw&google_push=AQvitUINeObgYr9zqL43tA4SRFvNOwttMWCYQ5EE1WfF_u5b-tb9APe1ejEnI05Y8aKBCDl4pctEMwkyGiHfaCi0vjE8BFExmKtsZw access-control-max-age 86400 access-control-allow-methods GET access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, no-transform access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains access-control-allow-headers Content-Type,Cache-Control,Accept-Encoding,X-Requested-With content-length 0 expires -1
GET H3-29	204	attr cm.g.doubleclick.net/pixel/ Frame 5325	0 12 B	15ms 15ms	Image text/html	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LUKCOW7dVetZpgOKJxO9Iod3vF-s_UiORAkvttCg0vQ_j9v9zl Requested by Host: c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com URL: https://c5f4e719a9aa357ae72c764365cea9eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4 Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT server HTTP server (unknown) alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H3-29	200	aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Show response pagead2.googlesyndication.com/bg/ Frame 9964	14 KB 6 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 693a39255f808f38ae64d4daf12a78de32d51bca970b01fb398534e81fb641b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 05:34:55 GMT content-encoding br x-content-type-options nosniff last-modified Thu, 08 Apr 2021 09:18:00 GMT server sffe age 33273 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5682 x-xss-protection 0 expires Tue, 19 Apr 2022 05:34:55 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame C79E	0 20 B	41ms 41ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041401&jk=3976733305422161&bg=!HB-lH1vNAAZUuIlwVLg7ACkAdvg8WohnaOzUfNoU-vNE3VfnkVbDUtXcV7QqzK3QPmQe1Xcmp44zIgIAAABBUgAAAAxoAQcKAQqPJ1gG--FhoHnUgh3wE_Vi-en9tu-88Upe_ME46UFkDh8ouR4n0UfapFcgok3GT-HZulJBYV7rD4ZH-cLMEwOlfvSKCYu1Hibe80kW0tWJelUtpJXUATiaqWP3zQ0w2SIzdPOjF14NBveZlTu5se8LgVWVnd2SdQ5aSKsJVPPpJfY9QZWNYKap9bfSz3C8f0yI5TmWvuqyH7Ey_Rn3wclV2-fpA7xO7RREGtgmK7nbXiUzPEu-R0TSW6PVeyoU1FAL1USftfRacqycElHcB1RkXDu7ktVzEiUJSakOuyN6ey-cBpi9xwpMMFsGh5gCd_b0cXQoTKg6p3zepgjXAYNtAu35hPAxywNqppkCfLxG3hEDcGbFHjc-Vic9sh8zOfl1sKhSuCs_VlKOyNsemhs32rrHXuDZH5eah2G2tC9gyBt_2M5tn7wbmyr5QhgjedlFjBSseEAvRg1TZ6ufGNBLwPYn5FimkjmXHT0ifQ_0zc2Zh6AkTb-e9ZcDx87Vi7SwpqqKAm83TtTTgraGmn_7aaGj-PRAQuaLWNWacVfKkDpWWPDvOjn1DIbkdvfC4Sw50jC6-qPf84QctK1xGafSwCXZFFySR3wJMhpBvVCWE-WHzWxjyWCquBlyuLo_QA8B_MwOC1aC09DRrV7izxWOhp6H7Bk2s3yTeidcuZ329o9_DIAF06ZnFcOZWt8Ipd-CeY5UJyfEnDI66bWkXTCoWESKr7cKv2qqVWzQJ0KUsCYsHk-IqMWJeqhQFW1qnHpvjBoWxzjOTNckLOYxYKmb1D0sEAy3kFyKoD7DmFP_sapiTdTf_CcfQCwSG9SjckyDa0sKv9W-2Vtx4JJI9cLPR_lYRD2viKzbiQ76V94kFx20gdhcMy7jOggak8V35yw2c3mzh91hfKmEKxsjmFEYwfA5oK4Cs-Y5grPOLwPwuSDkaG87NO_azDkjXdvyIhnTHvrx-h7Dyk0hvmdYANbNq29mZHYqSCSaR3ttkLLw8kG-KlpKpHtnHYx7yE5KiH2McciqoustwZiKuMG73kUx2XItvwaDrjmTQ11fnoXg40QJirkuaY3I0FlB2xXHoscYgQ-FUinyXs0PTkL2fkVVPCVLZZ2k12lsGxtKqBVzhs1944OSit01JqDszFcpKKqPxdIGZZwSHOaljk3HjegVDBukg8f77Nq3QQ0OXu9pmvBUsMMZIQRRbw Requested by Host: www.teamblind.com URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame 9513	42 B 64 B	44ms 44ms	Fetch image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssEWObWgFIXnURLzrA9RxeU8QL1xTz1407tPcOABAZSbW022zBZZHY9hHyiHMCy3C8vkk-lq1q81_YrgK9hvpAq81ZabHGdVi_JbS8ksFje1OzaQaBhHdQ77smhXKRKjarXINOYh2vOcQATX4kQald3&sai=AMfl-YQzge_d5BvLbFgvgTwkEY4YOBw-bt-akVJ9rAMaxEqwxH6B1WjwrikjC69yRRfne9ac3v41UdEWF6Hztpy1vSvkngfrFB7aBG5kUTL42BjoBRGGflErmKzMW9c&sig=Cg0ArKJSzKlc70qON9zDEAE&cid=CAASF-Romj0ipiMd-VGXE0D_zAqvzFtpWROj&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20210414&bin=7&avms=nio&bs=0,0&mc=0.7&if=1&app=0&itpl=22&adk=681645340&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1618843767216&dlt=9&rpt=85&isd=0&msd=0&r=v&uup=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://beee21e40dd9c2b498909ec9c782af71.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	load_preloaded_resource_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame DD4D	1 KB 918 B	13ms 10ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/load_preloaded_resource_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:48:37 GMT content-encoding gzip x-content-type-options nosniff age 51 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 882 x-xss-protection 0 server cafe etag 11243716317595354070 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:48:37 GMT
GET H3-29	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/ Frame DD4D	17 KB 7 KB	9ms 6ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/abg_lite_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 76d293cad87de584b5105472b9672fb1460dcf35f82079e274e44a47860bf700 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:12 GMT content-encoding gzip x-content-type-options nosniff age 16 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7113 x-xss-protection 0 server cafe etag 11066897925667386271 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:49:12 GMT
GET H3-29	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame DD4D	2 KB 1 KB	13ms 10ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:49 GMT content-encoding gzip x-content-type-options nosniff age 99 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1303 x-xss-protection 0 server cafe etag 14729628269804859526 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:47:49 GMT
GET H3-29	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame DD4D	118 KB 36 KB	18ms 16ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1618423651533291" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36717 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:28 GMT
GET H3-29	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/ Frame DD4D	13 KB 6 KB	12ms 10ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210414/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:47:29 GMT content-encoding gzip x-content-type-options nosniff age 119 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5602 x-xss-protection 0 server cafe etag 7525161794280374107 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 03 May 2021 14:47:29 GMT
GET H3-29	200	a0b5068ca1fc7f6ff765c7833258ec42.js Show response www.gstatic.com/mysidia/ Frame DD4D	25 KB 10 KB	13ms 10ms	Script text/javascript	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/a0b5068ca1fc7f6ff765c7833258ec42.js?tag=mysidia_one_click_handler_one_afma_2019 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 789a93f4315357995e96053e32ee793d6b12f592fad617bb04f795c750f0c3bf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 10:26:44 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 13 Apr 2021 02:07:20 GMT server sffe age 15764 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7776000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 10491 x-xss-protection 0 expires Sun, 18 Jul 2021 10:26:44 GMT
GET H3-29	200	shopping encrypted-tbn3.gstatic.com/ Frame DD4D	31 KB 31 KB	13ms 10ms	Image image/jpeg	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRI7nLfSXIzUynzE7b27zYiDgm5gMaiF4aYbdhP1nYFjbme12Q53oJrklehKjo&usqp=CAI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ec35c70eccb0443b1a12d3ca2c066ddc945a4d1d6cca01c826cedc74592c7e28 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 11:02:47 GMT x-content-type-options nosniff last-modified Wed, 30 Dec 2020 20:49:16 GMT server sffe age 359201 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31406 x-xss-protection 0 expires Fri, 15 Apr 2022 11:02:47 GMT
GET H3-29	200	shopping encrypted-tbn0.gstatic.com/ Frame DD4D	20 KB 20 KB	14ms 11ms	Image image/jpeg	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQF-jdY6sBW98qwnealBKLI5fGOM0XpisHnWDBt_2Gk1B_oeDcD3srie58AAw&usqp=CAI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4daaa557ca68c1cb52fdac13a33618b071d8cbbd6f2fe3c95fb4bdffde28fbae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:04:01 GMT x-content-type-options nosniff last-modified Thu, 23 Jul 2020 17:25:44 GMT server sffe age 103527 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20679 x-xss-protection 0 expires Mon, 18 Apr 2022 10:04:01 GMT
GET H3-29	200	shopping encrypted-tbn3.gstatic.com/ Frame DD4D	37 KB 37 KB	13ms 10ms	Image image/jpeg	2a00:1450:4001:802::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQbKyq8c1vfphS7NwMgghqjvlpviMrAseoFgZwaq-MVbvC42_9Q1DnT4dsDH2o&usqp=CAI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e2bc21ae8a507917372991892dec98aaed553518fe406591bcd6669ed1dba3e5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 10:44:20 GMT x-content-type-options nosniff last-modified Wed, 26 Feb 2020 15:13:58 GMT server sffe age 360308 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 38059 x-xss-protection 0 expires Fri, 15 Apr 2022 10:44:20 GMT
GET H3-29	200	shopping encrypted-tbn0.gstatic.com/ Frame DD4D	26 KB 26 KB	14ms 11ms	Image image/jpeg	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSfer_wPLooPUJ-HerL7ao-5lEpCw9OkgO6VL3d3LnDLpTOmmWNV6XisWoRmA&usqp=CAI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e9d2aab9984a7518beab5f3913f373275d6f870b1f64503c346615afb4221ca1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:38 GMT x-content-type-options nosniff last-modified Mon, 08 Apr 2019 14:06:48 GMT server sffe age 103550 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 26795 x-xss-protection 0 expires Mon, 18 Apr 2022 10:03:38 GMT
GET H3-29	200	shopping encrypted-tbn1.gstatic.com/ Frame DD4D	33 KB 33 KB	26ms 7ms	Image image/jpeg	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTiUr9BNuvpb6Ukw4beiHdcwxye9spn3ulgYBWWAaUhQdsJ4T0y&usqp=CAI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0111cd4bd26d4b80a5079dbc7e982c361d16709bd00573c38f2c7d0708dd8f28 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 15 Apr 2021 02:03:12 GMT x-content-type-options nosniff last-modified Tue, 02 Feb 2021 15:25:00 GMT server sffe age 391576 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 33502 x-xss-protection 0 expires Fri, 15 Apr 2022 02:03:12 GMT
GET H3-29	200	shopping encrypted-tbn0.gstatic.com/ Frame DD4D	23 KB 23 KB	16ms 13ms	Image image/jpeg	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRKS_9pdNVROHFQqqBdQbHwGnp83a277cQY1HomFsiQnNlZoKp02c4O7-1I6w&usqp=CAI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d46ea721f34db1cc5eb45e8c4920c0812447b49d9a2b14ee096682302aa2795b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:38 GMT x-content-type-options nosniff last-modified Fri, 29 Mar 2019 03:10:32 GMT server sffe age 103550 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 23504 x-xss-protection 0 expires Mon, 18 Apr 2022 10:03:38 GMT
GET H3-29	200	shopping encrypted-tbn2.gstatic.com/ Frame DD4D	33 KB 33 KB	14ms 11ms	Image image/jpeg	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQm15bcKvJQLcwVTqtXlCyHK1ifR5FbP7iwninE7d_j4Cwte-CSvdQlsAgqO9c&usqp=CAI Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 881c4674332895e983677c8f65445306ccebd1f3b0d4c2c28cb0bcecf3d8fbe3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:38 GMT x-content-type-options nosniff last-modified Wed, 13 Jan 2021 21:45:06 GMT server sffe age 103550 content-type image/jpeg cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 33430 x-xss-protection 0 expires Mon, 18 Apr 2022 10:03:38 GMT
GET H3-29	200	12925602498586286455 tpc.googlesyndication.com/simgad/ Frame DD4D Redirect Chain https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCnw6mFRxCwCRiwCTIIwAwarVHbLMA https://tpc.googlesyndication.com/simgad/12925602498586286455	93 KB 93 KB	9ms 7ms	Image image/jpeg	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/12925602498586286455 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2780027c5d6e248dacc3b2b78e52f91f2ebbe919c329aa80035ae5430e0573a1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 10:03:38 GMT x-content-type-options nosniff age 103550 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 95649 x-xss-protection 0 last-modified Tue, 07 Jan 2020 21:29:41 GMT server sffe content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 18 Apr 2022 10:03:38 GMT Redirect headers timing-allow-origin * date Mon, 19 Apr 2021 14:36:55 GMT x-content-type-options nosniff server cafe age 753 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" location https://tpc.googlesyndication.com/simgad/12925602498586286455 cache-control public, max-age=2592000 cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Wed, 19 May 2021 14:36:55 GMT
GET H2	200	view_pixel_1x1.gif Show response secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/ Frame DD4D Redirect Chain https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-157687-884638-9&mkcid=4&mkevt=2&mpt=2118222445&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=529704 https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif	43 B 505 B	23ms 22ms	Fetch image/gif	104.75.89.51 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-51.deploy.static.akamaitechnologies.com Software envoy / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers suppress-x-frame-options true content-encoding gzip x-content-type-options nosniff x-cache-lookup MISS from include-cache-1:80 x-ebay-pop-id UFES2-SYD-irstatic-1 x-envoy-upstream-service-time 262 content-length 57 x-xss-protection 1; mode=block server envoy date Mon, 19 Apr 2021 14:49:28 GMT vary Accept-Encoding access-control-allow-methods GET content-type image/gif access-control-allow-origin * cache-control public, max-age=31536000, immutable access-control-allow-credentials true rlogid t6q%60uebwh%3D9vjdq%60uebwh*5kkvq%28rbpv6770-17569c27810-0xce access-control-allow-headers * expires Tue, 19 Apr 2022 14:49:28 GMT Redirect headers Date Mon, 19 Apr 2021 14:49:28 GMT Strict-Transport-Security max-age=31536000 Location https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif Cache-Control private,no-cache,no-store RlogId t6baubqsodf%3F%3Ctofgcp%60tqjfc*ea1lw%28rbpv6775-178ea9b96d6-0x2349 Connection keep-alive Keep-Alive timeout=20 Content-Length 0
GET H3-29	200	adview googleads.g.doubleclick.net/pagead/ Frame DD4D	0 0	44ms 44ms	Fetch text/html	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/adview?ai=CN_45eJh9YI7RBY-NgQeV14_oAY25zZFizMfQ__0L3f6fpoAYEAEguLDhe2CVAqAB7YPNwQPIAQmpAsk-Yt_rMrQ-qAMByAPLBKoE3AFP0I1Zfaho9LAIK4ZPvE0YxIC2fGr5lMvsa6UACTTRl0j_RhpCEpaD3avAzOzKwBQDetAfPYnfDva8n6s0zMuRr1vMHIto1JpJrfzPGDTst7gR7gFgE1Ot6XarnsQLeXksDNsds35s4R4GJdTkWcKvdwtAZJTqLUS-8LnU6lozGqyVXU_OjpggrYFINubVHv2kh7FZneBMk6VFOhGvjE1kh18rQEAKs8TfXyCuIYXpPKD88esEjOrXy9wrMegfZtNPF-C9sMFRi-3qxOgB6mcTIFUADnkUX9Gxx9eawAT2h7f7wQKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH-_uyPqgH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQh8QD0ggJCIDhgBAQARgfgAoByAsB2BMLiBQF0BUBmBYBgBcBshcaChgIABIUcHViLTQxNDYxMTY3MzExMjg2Mzg&sigh=3aX-6K6tC7E&template_id=494 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe date Mon, 19 Apr 2021 14:49:28 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H3-29	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame A0CF	1 KB 749 B	7ms 7ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority pagead2.googlesyndication.com :scheme https :path /pagead/s/cookie_push_onload.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://googleads.g.doubleclick.net/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 19 Apr 2021 03:14:09 GMT expires Tue, 20 Apr 2021 03:14:09 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 cache-control public, max-age=86400 age 41719 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame DD4D	210 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3dc260c26acb73bb14388dfc0d59bf480cc61d26e2ebbb39ee07ac1696ce87cd Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	dpixel cms.quantserve.com/ Frame A0CF	35 B 465 B	27ms 8ms	Image image/gif	2620:116:800d:21:36a9:ecb:e518:b308 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEWMTniOx1b5zcyGqCpOLw0&google_cver=1&google_push=AQvitUIipHtHHKlh6s8A2ufj2Osr1U9BKuryKTtRsAGTaNzzSlCIdRoW5fm5VU0WbIhqZCxpuIW6_KxCr-dysgRCRI5_8buVd_xRMg Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT strict-transport-security max-age=86400 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" cache-control private, no-cache, no-store, proxy-revalidate content-type image/gif content-length 35 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame A0CF Redirect Chain https://d.agkn.com/pixel/2175/?google_gid=CAESEJauls5BwHg3hlGZbcgc_jI&google_cver=1&google_push=AQvitUJTI5LGSF1f5xhOPNB-t4cd6kY4dmTpCW7d37hGu662kKJ4I-rifnjfpArj0s7t-zoRbaA959Iu4noP3vS0qH0wMX1DNSqn https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJTI5LGSF1f5xhOPNB-t4cd6kY4dmTpCW7d37hGu662kKJ4I-rifnjfpArj0s7t-zoRbaA959Iu4noP3vS0qH0wMX1DNSqn&google_hm=Q0FFU0VKYXVsczVCd0hnM...	170 B 188 B	16ms 16ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJTI5LGSF1f5xhOPNB-t4cd6kY4dmTpCW7d37hGu662kKJ4I-rifnjfpArj0s7t-zoRbaA959Iu4noP3vS0qH0wMX1DNSqn&google_hm=Q0FFU0VKYXVsczVCd0hnM2hsR1piY2djX2pJ Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Mon, 19 Apr 2021 14:49:28 GMT Server Apache-Coyote/1.1 P3P CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJTI5LGSF1f5xhOPNB-t4cd6kY4dmTpCW7d37hGu662kKJ4I-rifnjfpArj0s7t-zoRbaA959Iu4noP3vS0qH0wMX1DNSqn&google_hm=Q0FFU0VKYXVsczVCd0hnM2hsR1piY2djX2pJ Cache-Control no-cache, must-revalidate Connection keep-alive Content-Length 0 Expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	sync odr.mookie1.com/t/v2/ Frame A0CF	43 B 324 B	41ms 15ms	Image image/gif	34.98.67.61 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESECujHMa26Kx0y7e1vaeJctY&google_push=AQvitUJM0Y7_bUi68DW_Q25Fn_ew8oCqlmkijo-bLYq-EAxuPqceW8IPeJD22euREiiWUrggDnPS64v0mQNp3aecySaLgE0Tuu6Q&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 61.67.98.34.bc.googleusercontent.com Software Apache / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT via 1.1 google server Apache p3p CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml" cache-control no-cache, no-store, must-revalidate content-type image/gif;charset=UTF-8 alt-svc clear content-length 43 x-application-context application expires Thu, 01 Jan 1970 00:00:00 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame A0CF Redirect Chain https://rtb.openx.net/sync/dds?google_gid=CAESEMdFHTTBnbAdANYBkAFHASg&google_cver=1&google_push=AQvitULxCmCZi8n8MKpDneCMtYml8rcfWtVhv9DnDMyffBzyYg_2Rxp0cg0H2fiQ-HRoNyuwSjQ0eaoZFunCDwna6mruseJlz_cUNQ https://rtb.openx.net/sync/dds?google_gid=CAESEMdFHTTBnbAdANYBkAFHASg&google_cver=1&google_push=AQvitULxCmCZi8n8MKpDneCMtYml8rcfWtVhv9DnDMyffBzyYg_2Rxp0cg0H2fiQ-HRoNyuwSjQ0eaoZFunCDwna6mruseJlz_cUN... https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULxCmCZi8n8MKpDneCMtYml8rcfWtVhv9DnDMyffBzyYg_2Rxp0cg0H2fiQ-HRoNyuwSjQ0eaoZFunCDwna6mruseJlz_cUNQ&google_hm=9OL4d3pEyFMK2CO4eOQwWQ==	170 B 188 B	18ms 18ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULxCmCZi8n8MKpDneCMtYml8rcfWtVhv9DnDMyffBzyYg_2Rxp0cg0H2fiQ-HRoNyuwSjQ0eaoZFunCDwna6mruseJlz_cUNQ&google_hm=9OL4d3pEyFMK2CO4eOQwWQ== Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT via 1.1 google server Cowboy access-control-allow-origin null vary Origin p3p CP="CUR ADM OUR NOR STA NID" location https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULxCmCZi8n8MKpDneCMtYml8rcfWtVhv9DnDMyffBzyYg_2Rxp0cg0H2fiQ-HRoNyuwSjQ0eaoZFunCDwna6mruseJlz_cUNQ&google_hm=9OL4d3pEyFMK2CO4eOQwWQ== access-control-expose-headers cache-control private, max-age=0, no-cache, must-revalidate access-control-allow-credentials true alt-svc clear content-length 0 x-request-id t6cto9v6vnfnoqtjtj326f1li3v2nbs5
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame A0CF Redirect Chain https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIynzaJw232-ZrzKI4uVWiw&google_cver=1&google_push=AQvitUK60QnLThQMLeIYoQEdXkFqiYXexNT96l0qN1ejVleapT2wqTUNplo6MlXiL4WJ5lwaGgH... https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05PUFM2NFAtMVEtQlBaTQ==&google_push=AQvitUK60QnLThQMLeIYoQEdXkFqiYXexNT96l0qN1ejVleapT2wqTUNplo6MlXiL4WJ5lwaGgHmQ0fw3r8pT0jevXrDsPP-rpyYEA	170 B 188 B	18ms 17ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05PUFM2NFAtMVEtQlBaTQ==&google_push=AQvitUK60QnLThQMLeIYoQEdXkFqiYXexNT96l0qN1ejVleapT2wqTUNplo6MlXiL4WJ5lwaGgHmQ0fw3r8pT0jevXrDsPP-rpyYEA Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05PUFM2NFAtMVEtQlBaTQ==&google_push=AQvitUK60QnLThQMLeIYoQEdXkFqiYXexNT96l0qN1ejVleapT2wqTUNplo6MlXiL4WJ5lwaGgHmQ0fw3r8pT0jevXrDsPP-rpyYEA Cache-Control no-cache,no-store,must-revalidate Content-Type text/html content-length 0 X-RPHost 8f052d4f888ae4e0626c5f819879cacd Expires 0
GET H2	200	trk ag.innovid.com/ Frame A0CF	43 B 296 B	72ms 20ms	Image image/gif	2a05:d01c:1d8:8102:5642:8a73:6264:9a1f AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ag.innovid.com/trk?tid=11711&google_gid=CAESEHjs2UP6ozqQGmFJKkoz_-0&google_cver=1&google_push=AQvitUJTv72-ufjtsE1ONsybFe6MuksaXcILTA_cU_LvNXhMoZ3kXJvssQqNu_Igr4N8LEgzRgAGYUUKsP8yB8JYI5AjdLTeuRbeNQ Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a05:d01c:1d8:8102:5642:8a73:6264:9a1f London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT cache-control no-cache content-type image/gif content-length 43 request-time 0 expires -1
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame A0CF Redirect Chain https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEMisld6jHZ6DoBerzbSuo68&google_cver=1&google_push=AQvitUIDGll_HfAw2b3ynSUl... https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIDGll_HfAw2b3ynSUlWBFbWU6_oOsWW5akbSXV18vHsgAXQFr79eH5at0D3NlU4J-2wsr8hnVN4pNFDugrPgKxOj4ljJzZNTA&google_hm=	170 B 188 B	16ms 16ms	Image image/png	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIDGll_HfAw2b3ynSUlWBFbWU6_oOsWW5akbSXV18vHsgAXQFr79eH5at0D3NlU4J-2wsr8hnVN4pNFDugrPgKxOj4ljJzZNTA&google_hm= Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT server GHC p3p CP="NOI DSP COR NID PSAo OUR IND" location https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIDGll_HfAw2b3ynSUlWBFbWU6_oOsWW5akbSXV18vHsgAXQFr79eH5at0D3NlU4J-2wsr8hnVN4pNFDugrPgKxOj4ljJzZNTA&google_hm= cache-control no-store, no-cache, must-revalidate, max-age=0 accept-ranges none content-length 0 expires Sun, 18 Apr 2021 14:49:28 GMT
GET H3-29	204	attr cm.g.doubleclick.net/pixel/ Frame A0CF	0 12 B	16ms 15ms	Image text/html	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IdhWBaIPAds83B2-Xqmi2tUT9vySuQ0qSw5EWAX6QXRsDCLsekd2cog_57B1KfNG6QN35V-Q Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT server HTTP server (unknown) alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H3-29	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame 67C9	9 KB 7 KB	18ms 18ms	XHR application/json	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210414&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=compass.adop.cc&amaexp=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ee46b463b18ede2aca76cd54ff16a26ece70709a40794139b53be1e588c969fe Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7064 x-xss-protection 0
GET H3-29	200	sodar Show response pagead2.googlesyndication.com/getconfig/	9 KB 7 KB	17ms 17ms	XHR application/json	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210414&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 65cf753ca613500464309f1994f787713ac72792e20cccb9f419c30ba68f2f48 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7106 x-xss-protection 0
GET H2	200	syncframe Show response gum.criteo.com/ Frame 1BE0	0 150 B	14ms 13ms	Document text/html	2a02:2638:1::13 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://gum.criteo.com/syncframe?topUrl=www.teamblind.com Requested by Host: static.criteo.net URL: https://static.criteo.net/js/ld/publishertag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers :method GET :authority gum.criteo.com :scheme https :path /syncframe?topUrl=www.teamblind.com pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers cache-control private, max-age=0 content-type text/html; charset=utf-8 strict-transport-security max-age=31536000 server-processing-duration-in-ticks 1522 date Mon, 19 Apr 2021 14:49:27 GMT content-length 0
GET H3-29	200	aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Show response pagead2.googlesyndication.com/bg/ Frame BEF5	14 KB 6 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&h=90&slotname=4838435815&adk=1382465441&adf=3138087039&pi=t.ma~as.4838435815&w=728&psa=0&format=728x90&url=https%3A%2F%2Fwww.teamblind.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618843768004&bpp=4&bdt=288&idt=54&shv=r20210414&cbv=r20190131&ptt=9&saldr=aa&correlator=3397441366713&frm=8&ife=1&pv=2&ga_vid=148494184.1618843768&ga_sid=1618843768&ga_hid=931914206&ga_fc=0&nhd=5&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=4201585577&scr_x=-12245933&scr_y=-12245933&eid=44740079&oid=3&pvsid=3177115538562619&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=https%3A%2F%2Fwww.teamblind.com&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l8meg66m88v7&fsb=1&dtd=71 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 693a39255f808f38ae64d4daf12a78de32d51bca970b01fb398534e81fb641b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 05:34:55 GMT content-encoding br x-content-type-options nosniff last-modified Thu, 08 Apr 2021 09:18:00 GMT server sffe age 33273 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5682 x-xss-protection 0 expires Tue, 19 Apr 2022 05:34:55 GMT
GET H3-29	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 6 KB	15ms 14ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1616005470650935" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6437 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:28 GMT
GET H3-29	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame 67C9	17 KB 6 KB	14ms 14ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=compass.adop.cc&amaexp=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 14:49:28 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1616005470650935" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6437 x-xss-protection 0 expires Mon, 19 Apr 2021 14:49:28 GMT
GET H3-29	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/222/ Frame 1095	12 KB 5 KB	6ms 6ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/222/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin content-length 5022 date Mon, 19 Apr 2021 14:48:42 GMT expires Tue, 19 Apr 2022 14:48:42 GMT last-modified Wed, 20 Jan 2021 19:23:06 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 46 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	aframe Show response www.google.com/recaptcha/api2/ Frame 4B7D	783 B 534 B	25ms 23ms	Document text/html	2a00:1450:4001:827::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 84eb42555293a5810d7c4fc859d582faf5dae59431b177b59c7781581f827ce7 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-L9jA9K8gt6uf5EBwVv6BjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/aframe pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers expires Mon, 19 Apr 2021 14:49:28 GMT date Mon, 19 Apr 2021 14:49:28 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-L9jA9K8gt6uf5EBwVv6BjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 515 server GSE alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/222/ Frame B85A	12 KB 5 KB	6ms 6ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/222/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://compass.adop.cc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://compass.adop.cc/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin content-length 5022 date Mon, 19 Apr 2021 14:48:42 GMT expires Tue, 19 Apr 2022 14:48:42 GMT last-modified Wed, 20 Jan 2021 19:23:06 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 46 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Show response pagead2.googlesyndication.com/bg/ Frame 1095	14 KB 6 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 693a39255f808f38ae64d4daf12a78de32d51bca970b01fb398534e81fb641b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 05:34:55 GMT content-encoding br x-content-type-options nosniff last-modified Thu, 08 Apr 2021 09:18:00 GMT server sffe age 33273 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5682 x-xss-protection 0 expires Tue, 19 Apr 2022 05:34:55 GMT
GET H3-29	200	aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Show response pagead2.googlesyndication.com/bg/ Frame B85A	14 KB 6 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/aTo5JV-AjziuZNTa8Sp43jLVG8qXCwH7OYU06B-2QbM.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 693a39255f808f38ae64d4daf12a78de32d51bca970b01fb398534e81fb641b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Apr 2021 05:34:55 GMT content-encoding br x-content-type-options nosniff last-modified Thu, 08 Apr 2021 09:18:00 GMT server sffe age 33273 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5682 x-xss-protection 0 expires Tue, 19 Apr 2022 05:34:55 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	41ms 40ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210414&jk=743476523407528&bg=!MTKlMnbNAAZUuIlwVLg7ACkAdvg8WjzgBlUjtsbC51ztPCkFzlrwkzu3lHYN_v5FfmkTHjgquDqmHQIAAABtUgAAAA5oAQcKAPMBQrLjmd-Zq3Axjb4WamYneTa6Dc3NMcbJ0cNi5zCVmxFOE4a5xlqCt4t3DAZQcWrl3GQJI09W8VzFf-gfbOkA1grJYn5GBq8nFZsXxbqWEPO5eg-E_B9UAGXRMPL9x28XvDwCbqTaEceQPz6eeKz1fcQOl6P7LO_I5fu52HEoxbxpqf6iV8Marj2mpopsoPF9zRXLrFp-_XeWVP4yP23rtqzWERE0LTa062zFbgjbbt5A2vkG0DpAOdkiw1dSP2y9TSr0CV3pU85A0fUMvnU-OkvODa3aSo_TxlpjLTcsS57q3wAYJ4bVYxke9J-LPq0i0CaZAi7gx5Qxzsx_BCcKtSoQSRwmujZY_RhJrxRLVW9zVRr8LgaXBTu8RiQF9azJIFQxjIVECca4aUU2CT_xGpMDzaWeiXjvSPOK8rTLvc4fKiwzB2m-0DidRIcKrdwGnUTJhMn2qtNAUl4nmvgpzOLmgyKtmMpRgy9TRjsbmmVbuSI_qkFkVnhiXWfYz0bfs-4d9Qqvzbbsicbs_ne8hEGUdMTwrNWP8vrXRTGfWiZwRF8VOJQWfl0R-DOZ4J_PezoSvhvTvsyiHKg6oh9cRC2bHSFM5UA4PQqjcSuLhTdvG30bb8thhXyx0svKUK8qGUTEv4xHA0-HACqlVpciLxQG5RVaepwrB_H5lj_PejAv3GhVTr2PKOsyrczEzwTDGzKvVdEwivtOk80fGN3A6m_luIiHYFzzDNwDqfCooESMTlUJlkSvhZv1I7bRQe5dfq6WWLWYYbC4cKQAeq9IElcbVpOFxfseN4rB2W4tkuHcTSyT7TCFyYrtTtaXKgAa-cTlwUBQz-VCtJsCAJuvqL_IK4AsAJh5_8rPqwA54AVZIKVoDgmJtDEEFqDWNaVH10ub_ZLOz0oumBLPNIW62KFhXvPpYXbatSGkRbJV_7dV7yvDng97Y1ViUCIt0o6FY2EL9OKLFZCWMMoCDO4T-u-O5bBy0zUR0Goh2EmOtwVfJJt4-IQ3bcDqso0BC8UhH8vyZG1pkod4hjIP2PWq19uq_ZaLLVgOe59Vv3qTp3DUGJE Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 67C9	0 20 B	41ms 40ms	Image image/gif	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210414&jk=3177115538562619&bg=!5Oel56PNAAZUuIlwVLg7ACkAdvg8WtV_JC5ec-G7xSwp-vRjjVcbPjKrNQ5VJZ68bhy8g1s2NTlPRwIAAABnUgAAABBoAQcKALJN23F6_jnMloqtR8xUYrTd8IKCabtSlh3P6kl6eXE5LUq4z8ctqXSYf2Z5GPOE3qKn4ASOvwgnPJKPhTq39XWNWPXm-VzLxT52JerqaGKmFa_1dQYV1VFx_Q7YWg9vsoCSSWEUNl2OZcVPUcIFRHS6ocBiPqkA4Myt8BLjq5sMpNZJdlTkfNm2fDBftcbHLpyUn1GFoJJ92t62N9VePqIil2BCULjCliVepm3aV9cw-LynmQKi3bbxZ_2318BcE2jvKCw5A-BdwOFZg01rZKguM6hiatsBtHs_HV9G-jaf2t3vKlcL3rUpcrOGS6vu7qVMsWg8hpiFV1remQwjPG4jIEaEBclWyDA4hl6i61t_tAmewZKTtJ6YLQQe2-4N9OApCkV4psG-j4JlaapMEw007QeB3a1uZsgj16__i8sstDikb92gQu_k8FgVgB4_Q_44nJC2RMMyZgjKvXGq6vH598-lB2yHtVmNCT1Kd22j_7FV9tboZK2fdbF_315nb6Mhxbj548ffAlDgc0W1U8rPNc75EHXjsE3NUj-27BHcJP6Kkt4hhx1sjYOwje7niL-WPm1jUwK_mYJfA79DFxtMaNtuyk755JI7ByLe9b_q3uFEJub3iS8WAKxkFyFZ_pWMMl9VNJog12qj1d32vphh5WnjTgvgDeSDzGjEo2JW2ASRw8_dzxeH4BHLklp4IU6xDpSx2curxyWSx2cy5NxICdH_45TCzIwgXHaeje3SlVq6iBKfN3pSgBexRSMujvwSyrcCBQ71sVPbkhjVfweIdYmXoyLb2-uaVOg3gvY5YVDGxwhiSvpvjY5ZepNf90SxFLZ68qBPyWpsV7ItDG6k0PE5Od2JOmsNtvEoJu5xcfTKCE4gFOpwwXWkWD05fzNaeCsm2ka97MdTrir8yPNaNHK7vRh9jOLalNZMCSgJsu3uTGO6zaUDM-yDHEOAURj5h6_QRw7ayyiaR2OnJQh8n9hmEqHRmtYVOT7zZIVvdA5IpWzpnD8TUxRaVTlsNhHovI9oo9AEEGddA-Kt-vmR586wI6inMHEIviQhtHD1Paq4-j7fezDqUXiMXD0vUqJNlUO8L8qt-JtJ9ECa9cqG_9mn6rGCHyJuZ3AkOdHrQnYW6578IfQ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://compass.adop.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 19 Apr 2021 14:49:28 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT