urlscan.io logo urlscan.io
SecurityTrails logo

d3tff2yik766yh.cloudfront.net Open in urlscan Pro
52.85.182.76  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://t.cn/RDroRGm
Effective URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Submission: On August 14 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 4 countries across 12 domains to perform 59 HTTP transactions. The main IP is 52.85.182.76, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is d3tff2yik766yh.cloudfront.net.
TLS certificate: Issued by DigiCert Global CA G2 on November 22nd 2017. Valid for: a year.
This is the only time d3tff2yik766yh.cloudfront.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 114.134.80.138 9304 (HUTCHISON...)
1 151.101.13.194 54113 (FASTLY)
2 2400:cb00:204... 13335 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
4 151.101.112.133 54113 (FASTLY)
3 2400:cb00:204... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 5 52.85.182.213 16509 (AMAZON-02)
1 4 52.85.182.76 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
14 111.254.37.159 3462 (HINET Dat...)
6 172.217.22.98 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
59 16
1    114.134.80.138 (Hong Kong)

ASN9304 (HUTCHISON-AS-AP HGC Global Communications Limited, HK)
t.cn
1    151.101.13.194 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
0rr32d.global.ssl.fastly.net
2    2400:cb00:2048:1::6810:5614 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.jsdelivr.net
9    2a00:1450:4001:819::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com
adservice.google.de
4    151.101.112.133 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
raw.githubusercontent.com
3    2400:cb00:2048:1::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com
2    2a00:1450:4001:81a::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.com
3    2a00:1450:4001:81c::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net
4    2a00:1450:4001:814::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
2    2a00:1450:400c:c0c::9c (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
5    52.85.182.213 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-182-213.fra50.r.cloudfront.net
d3tff2yik766yh.cloudfront.net
4    52.85.182.76 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-182-76.fra50.r.cloudfront.net
d3tff2yik766yh.cloudfront.net
1    2a00:1450:4001:818::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagservices.com
14    111.254.37.159 (Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 111-254-37-159.dynamic-ip.hinet.net
111.254.37.159
6    172.217.22.98 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f2.1e100.net
securepubads.g.doubleclick.net
2    2a00:1450:4001:81d::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
tpc.googlesyndication.com
Domain Requested by
9 d3tff2yik766yh.cloudfront.net 2 redirects cdn.jsdelivr.net
0rr32d.global.ssl.fastly.net
d3tff2yik766yh.cloudfront.net
7 pagead2.googlesyndication.com 0rr32d.global.ssl.fastly.net
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
6 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
d3tff2yik766yh.cloudfront.net
4 www.google-analytics.com 2 redirects 0rr32d.global.ssl.fastly.net
d3tff2yik766yh.cloudfront.net
4 raw.githubusercontent.com cdn.jsdelivr.net
pagead2.googlesyndication.com
d3tff2yik766yh.cloudfront.net
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
3 cdnjs.cloudflare.com 0rr32d.global.ssl.fastly.net
2 tpc.googlesyndication.com securepubads.g.doubleclick.net
2 stats.g.doubleclick.net 0rr32d.global.ssl.fastly.net
d3tff2yik766yh.cloudfront.net
2 adservice.google.com pagead2.googlesyndication.com
www.googletagservices.com
2 adservice.google.de pagead2.googlesyndication.com
www.googletagservices.com
2 cdn.jsdelivr.net 0rr32d.global.ssl.fastly.net
d3tff2yik766yh.cloudfront.net
1 www.googletagservices.com d3tff2yik766yh.cloudfront.net
1 0rr32d.global.ssl.fastly.net
1 t.cn 1 redirects
59 15

This site contains links to these domains. Also see Links.

Domain
111.254.37.159
github.com
t.cn
Subject Issuer Validity Valid
*.freetls.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2018-07-27 -
2019-02-01		 6 months crt.sh
ssl363648.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-05-19 -
2018-11-25		 6 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2018-08-07 -
2018-10-16		 2 months crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA		 2017-03-23 -
2020-05-13		 3 years crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-04-14 -
2018-10-21		 6 months crt.sh
*.google.com
Google Internet Authority G3		 2018-08-07 -
2018-10-16		 2 months crt.sh
*.google-analytics.com
Google Internet Authority G3		 2018-08-07 -
2018-10-16		 2 months crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2017-11-22 -
2018-11-21		 a year crt.sh
*.googleusercontent.com
Google Internet Authority G3		 2018-08-07 -
2018-10-16		 2 months crt.sh

This page contains 7 frames:

Primary Page: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Frame ID: 1C0DFB97489CB3124F58B53EA056169B
Requests: 51 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20180808/r20180604/zrt_lookup.html
Frame ID: 3A5B9F17A0A4B7F817D7A0BF8284ACA3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/show_ads_impl.js
Frame ID: 9FFA3DE841E6AC6CAFF18358D5C80BDC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=90&slotname=4887033834&adk=3433465998&adf=943920009&w=1200&fwrn=4&fwrnh=100&lmt=1534278207&rafmt=1&guci=1.2.0.0.2.2.0&format=1200x90&url=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&flash=0&fwr=0&rh=0&rw=1576&resp_fmts=3&wgl=1&adsid=NT&dt=1534278207633&bpp=12&bdt=563&fdt=14&idt=115&shv=r20180808&cbv=r20180604&saldr=aa&abxe=1&correlator=7231004066947&frm=20&pv=2&ga_vid=461664861.1534278208&ga_sid=1534278208&ga_hid=2004401713&ga_fc=0&iag=0&icsg=35488&dssz=15&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=12&ady=32&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062171%2C368226400%2C42631002%2C21061319&oid=3&rx=0&eae=0&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&osw_key=3871415030&ifi=1&fsb=1&xpc=jzCSClWWJo&p=https%3A//0rr32d.global.ssl.fastly.net&dtd=139
Frame ID: 3FB040CEF3DA7DE4278FF4EB4BF3DD46
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/show_ads_impl.js
Frame ID: 8342954FAFF5E4F60EF521FA523BFBE8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=90&slotname=4887033834&adk=3433465998&adf=1414068304&w=1200&fwrn=4&fwrnh=100&lmt=1534278207&rafmt=1&guci=1.2.0.0.2.2.0&format=1200x90&url=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&flash=0&fwr=0&rh=0&rw=1576&resp_fmts=3&wgl=1&adsid=NT&dt=1534278207647&bpp=7&bdt=577&fdt=151&idt=152&shv=r20180808&cbv=r20180604&saldr=aa&abxe=1&prev_fmts=1200x90&correlator=7231004066947&frm=20&pv=1&ga_vid=461664861.1534278208&ga_sid=1534278208&ga_hid=2004401713&ga_fc=0&iag=0&icsg=559776&dssz=16&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=12&ady=172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062171%2C368226400%2C42631002%2C21061319&oid=3&rx=0&eae=0&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&osw_key=3871415030&ifi=2&fsb=1&xpc=MFlQEWOgND&p=https%3A//0rr32d.global.ssl.fastly.net&dtd=156
Frame ID: 870E9EB4F26A96C21E170A62CA13D873
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180808/r20110914/activeview/osd_listener.js
Frame ID: 4EFF46ABFCAC3952262881EAF7F9E19F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://t.cn/RDroRGm HTTP 302
    https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477 Page URL
  2. https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_ooshow&ag=r816728&sign=cf23686d4e1cc9c615ef007f04957317365e... HTTP 302
    https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=htt... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /.*Varnish/i
Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
  • env /^__google_ad_/i
  • env /^Goog_AdSense_/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^googletag$/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

59
Requests

75 %
HTTPS

56 %
IPv6

12
Domains

15
Subdomains

16
IPs

4
Countries

1016 kB
Transfer

2534 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://t.cn/RDroRGm HTTP 302
    https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477 Page URL
  2. https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_ooshow&ag=r816728&sign=cf23686d4e1cc9c615ef007f04957317365ef364 HTTP 302
    https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://t.cn/RDroRGm HTTP 302
  • https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Request Chain 14
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=2004401713&t=pageview&_s=1&dl=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1267413333&gjid=906552380&cid=461664861.1534278208&tid=UA-90274311-1&_gid=1800962662.1534278208&_r=1&z=1649058551 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-90274311-1&cid=461664861.1534278208&jid=1267413333&_gid=1800962662.1534278208&gjid=906552380&_v=j68&z=1649058551
Request Chain 23
  • https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_ooshow&ag=r816728&sign=cf23686d4e1cc9c615ef007f04957317365ef364 HTTP 302
  • https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Request Chain 53
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=1093679091&t=pageview&_s=1&dl=https%3A%2F%2Fd3tff2yik766yh.cloudfront.net%2Foo.aspx%3Fname%3Dget_oopipe%26sign%3Dcf23686d4e1cc9c615ef007f04957317365ef364%26ag%3Dhttp%3A%2F%2F220%2F&dr=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&ul=en-us&de=UTF-8&dt=%E5%8A%A8%E6%80%81%E7%BD%91&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IAhAAEAB~&jid=885300535&gjid=1441899996&cid=1235188708.1534278212&tid=UA-90274311-1&_gid=1082167973.1534278212&_r=1&z=1861676172 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-90274311-1&cid=1235188708.1534278212&jid=885300535&_gid=1082167973.1534278212&gjid=1441899996&_v=j68&z=1861676172

59 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set oo.aspx
0rr32d.global.ssl.fastly.net/
Redirect Chain
  • http://t.cn/RDroRGm
  • https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
83 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.194 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
ffdda737e7504231c8c623de4dad94d68349d68fde91cf8d26600e042fed20df

Request headers

Host
0rr32d.global.ssl.fastly.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
1C0DFB97489CB3124F58B53EA056169B

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Set-Cookie
ASP.NET_SessionId=hcuvoiorgt1sk2qrh15jfm2l; path=/; HttpOnly
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST
Accept-Ranges
bytes bytes
Age
0 0
Content-Length
19937
Date
Tue, 14 Aug 2018 20:23:27 GMT
Via
1.1 varnish
Connection
keep-alive
X-Served-By
cache-fra19124-FRA
X-Cache
MISS
X-Cache-Hits
0
X-Timer
S1534278206.486840,VS0,VE553
Vary
Accept-Encoding

Redirect headers

Location
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Content-Type
text/html;charset=UTF-8
Server
weibo
Content-Length
280
Date
Tue, 14 Aug 2018 20:23:26 GMT
X-Varnish
3089104447
Age
0
Via
1.1 varnish
Connection
close
SINA-LB
aGEuMTY4LmcxLmh5ZHMubGIuc2luYW5vZGUuY29t
SINA-TS
OTgwOWMzNjggMCAzOCAzOCAxMSA4Mwo=
jquery.min.js
cdn.jsdelivr.net/jquery/1.12.4/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js
Requested by
Host: 0rr32d.global.ssl.fastly.net
URL: https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:5614 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-cache
HIT, HIT
status
200
content-length
33793
x-served-by
cache-ams4136-AMS, cache-fra19140-FRA
timing-allow-origin
*
server
cloudflare
etag
"17b8b-Wp3PvvZVomaOeLrr6qjcb0HY2rs"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
cf-ray
44a623aa5f64bebc-FRA
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		74 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: 0rr32d.global.ssl.fastly.net
URL: https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
3d242555ad0eb3726236017fdb2978a544459f6cd7c54d96a9c75c094f70e5b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
27627
x-xss-protection
1; mode=block
server
cafe
etag
4265662018802586401
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 14 Aug 2018 20:23:27 GMT
oShowz.txt
raw.githubusercontent.com/onorm/Up/master/ 		800 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://raw.githubusercontent.com/onorm/Up/master/oShowz.txt?44158694
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
58e841418ee3e14b71f67ec5b522419b3c54793e0e926e85b562232eaba20f1d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Origin
https://0rr32d.global.ssl.fastly.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Fastly-Request-ID
3062e132a2fcf843c971e2e387582e71ffa37726
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Via
1.1 varnish
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
207
ETag
"7a233f74574a63eacbd2fa35263bcb14fae3e022"
X-Served-By
cache-hhn1537-HHN
X-Geo-Block-List
X-GitHub-Request-Id
4088:7CA8:94E8E:9E90C:5B733A3F
X-Timer
S1534278208.618193,VS0,VE131
X-Frame-Options
deny
Date
Tue, 14 Aug 2018 20:23:27 GMT
Source-Age
0
Vary
Authorization,Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Cache-Control
max-age=300
Accept-Ranges
bytes
Expires
Tue, 14 Aug 2018 20:28:27 GMT
video-js.min.css
cdnjs.cloudflare.com/ajax/libs/video.js/7.2.0/ 		35 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/video.js/7.2.0/video-js.min.css
Requested by
Host: 0rr32d.global.ssl.fastly.net
URL: https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
af7c27b219ef1c4b8e672bf3ce1f4f192235bf83b8d81c44c55a0a06f3f9c736
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
status
200
served-in-seconds
0.001
last-modified
Thu, 26 Jul 2018 20:45:50 GMT
server
cloudflare
etag
W/"5b5a32fe-8aa0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
44a623ad7901bec1-FRA
expires
Sun, 04 Aug 2019 20:23:27 GMT
video.min.js
cdnjs.cloudflare.com/ajax/libs/video.js/7.2.0/ 		471 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/video.js/7.2.0/video.min.js
Requested by
Host: 0rr32d.global.ssl.fastly.net
URL: https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a19405088f969aecf491b8b729f0d9dbc87dac4f6092a9e8a0d883075ff2979
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
status
200
served-in-seconds
0.004
last-modified
Thu, 26 Jul 2018 20:45:50 GMT
server
cloudflare
etag
W/"5b5a32fe-75c9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
44a623ad7902bec1-FRA
expires
Sun, 04 Aug 2019 20:23:27 GMT
videojs-contrib-hls.min.js
cdnjs.cloudflare.com/ajax/libs/videojs-contrib-hls/5.14.1/ 		227 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-hls/5.14.1/videojs-contrib-hls.min.js
Requested by
Host: 0rr32d.global.ssl.fastly.net
URL: https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e01d2473096e9ebafb493d80dce879d677d52f4bb5715df39c46de4ab7466b0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
status
200
served-in-seconds
0.009
last-modified
Thu, 17 May 2018 09:26:37 GMT
server
cloudflare
etag
W/"5afd4acd-38b13"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
44a623ad7903bec1-FRA
expires
Sun, 04 Aug 2019 20:23:27 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=0rr32d.global.ssl.fastly.net
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=0rr32d.global.ssl.fastly.net
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
ca-pub-9887006928691465.js
pagead2.googlesyndication.com/pub-config/r20160913/ 		471 B
361 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-9887006928691465.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
1e4b7400d51a2a26dd20ffb73cc36eaed39c5cf28d3228b5f82cb0b2dcf1924f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 15:35:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 Aug 2018 01:33:58 GMT
server
sffe
age
17278
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=43200
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
242
x-xss-protection
1; mode=block
expires
Wed, 15 Aug 2018 03:35:29 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20180808/r20180604/ Frame 3A5B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20180808/r20180604/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20180808/r20180604/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
1C0DFB97489CB3124F58B53EA056169B
Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Thu, 09 Aug 2018 06:15:32 GMT
expires
Thu, 23 Aug 2018 06:15:32 GMT
content-type
text/html; charset=UTF-8
etag
15840095812326030575
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
6941
x-xss-protection
1; mode=block
cache-control
public, max-age=1209600
age
482875
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/ Frame 9FFA 		188 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
6f9e5cea796793a5a55e6bf5f9cbb41fbc93021f0ae3c09115ba24be6bdd0495
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
71310
x-xss-protection
1; mode=block
server
cafe
etag
7604789041244845322
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 14 Aug 2018 20:23:27 GMT
895c1c40-d490-4a8a-8c6b-f2c304b65f93
https://0rr32d.global.ssl.fastly.net/ 		31 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://0rr32d.global.ssl.fastly.net/895c1c40-d490-4a8a-8c6b-f2c304b65f93
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.2.0/video.min.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Length
31
Content-Type
application/javascript
analytics.js
www.google-analytics.com/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: 0rr32d.global.ssl.fastly.net
URL: https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
5078
date
Tue, 14 Aug 2018 18:58:49 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
14386
expires
Tue, 14 Aug 2018 20:58:49 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=2004401713&t=pageview&_s=1&dl=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-90274311-1&cid=461664861.1534278208&jid=1267413333&_gid=1800962662.1534278208&gjid=906552380&_v=j68&z=1649058551
35 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-90274311-1&cid=461664861.1534278208&jid=1267413333&_gid=1800962662.1534278208&gjid=906552380&_v=j68&z=1649058551
Requested by
Host: 0rr32d.global.ssl.fastly.net
URL: https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:400c:c0c::9c , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 14 Aug 2018 20:23:27 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 14 Aug 2018 20:23:27 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-90274311-1&cid=461664861.1534278208&jid=1267413333&_gid=1800962662.1534278208&gjid=906552380&_v=j68&z=1649058551
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
418
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 3FB0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=90&slotname=4887033834&adk=3433465998&adf=943920009&w=1200&fwrn=4&fwrnh=100&lmt=1534278207&rafmt=1&guci=1.2.0.0.2.2.0&format=1200x90&url=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&flash=0&fwr=0&rh=0&rw=1576&resp_fmts=3&wgl=1&adsid=NT&dt=1534278207633&bpp=12&bdt=563&fdt=14&idt=115&shv=r20180808&cbv=r20180604&saldr=aa&abxe=1&correlator=7231004066947&frm=20&pv=2&ga_vid=461664861.1534278208&ga_sid=1534278208&ga_hid=2004401713&ga_fc=0&iag=0&icsg=35488&dssz=15&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=12&ady=32&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062171%2C368226400%2C42631002%2C21061319&oid=3&rx=0&eae=0&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&osw_key=3871415030&ifi=1&fsb=1&xpc=jzCSClWWJo&p=https%3A//0rr32d.global.ssl.fastly.net&dtd=139
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/show_ads_impl.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9887006928691465&output=html&h=90&slotname=4887033834&adk=3433465998&adf=943920009&w=1200&fwrn=4&fwrnh=100&lmt=1534278207&rafmt=1&guci=1.2.0.0.2.2.0&format=1200x90&url=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&flash=0&fwr=0&rh=0&rw=1576&resp_fmts=3&wgl=1&adsid=NT&dt=1534278207633&bpp=12&bdt=563&fdt=14&idt=115&shv=r20180808&cbv=r20180604&saldr=aa&abxe=1&correlator=7231004066947&frm=20&pv=2&ga_vid=461664861.1534278208&ga_sid=1534278208&ga_hid=2004401713&ga_fc=0&iag=0&icsg=35488&dssz=15&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=12&ady=32&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062171%2C368226400%2C42631002%2C21061319&oid=3&rx=0&eae=0&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&osw_key=3871415030&ifi=1&fsb=1&xpc=jzCSClWWJo&p=https%3A//0rr32d.global.ssl.fastly.net&dtd=139
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
1C0DFB97489CB3124F58B53EA056169B
Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Tue, 14 Aug 2018 20:23:27 GMT
server
cafe
cache-control
private
content-length
386
x-xss-protection
1; mode=block
set-cookie
test_cookie=CheckForPermission; expires=Tue, 14-Aug-2018 20:38:27 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
expires
Tue, 14 Aug 2018 20:23:27 GMT
osd.js
pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/ 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/show_ads_impl.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
f58398c8f74de364c484b7f01db10b3c3e608699d5d209c02db32e7f066e07a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 09 Aug 2018 06:06:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
483433
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26275
x-xss-protection
1; mode=block
server
cafe
etag
15787436124949168696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 23 Aug 2018 06:06:14 GMT
oo.aspx
d3tff2yik766yh.cloudfront.net/ 		19 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_ooshow&ag=okHead&sign=cf23686d4e1cc9c615ef007f04957317365ef364
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.182.213 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-182-213.fra50.r.cloudfront.net
Software
/
Resource Hash
d604dca2f646114714adaa1b386ada9958eddd695a232a4f64d9ce800032a1e3

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Origin
https://0rr32d.global.ssl.fastly.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
status
200
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private
x-cache
Miss from cloudfront
x-amz-cf-id
UrFCO6BXDK0XeQPI7QBZmMBsL-jvYp1bpUDk5fynImGdLQBfeh4Mjg==
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/ Frame 8342 		188 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
6f9e5cea796793a5a55e6bf5f9cbb41fbc93021f0ae3c09115ba24be6bdd0495
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Response headers

date
Tue, 14 Aug 2018 20:23:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
71310
x-xss-protection
1; mode=block
server
cafe
etag
7604789041244845322
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 14 Aug 2018 20:23:27 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 870E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9887006928691465&output=html&h=90&slotname=4887033834&adk=3433465998&adf=1414068304&w=1200&fwrn=4&fwrnh=100&lmt=1534278207&rafmt=1&guci=1.2.0.0.2.2.0&format=1200x90&url=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&flash=0&fwr=0&rh=0&rw=1576&resp_fmts=3&wgl=1&adsid=NT&dt=1534278207647&bpp=7&bdt=577&fdt=151&idt=152&shv=r20180808&cbv=r20180604&saldr=aa&abxe=1&prev_fmts=1200x90&correlator=7231004066947&frm=20&pv=1&ga_vid=461664861.1534278208&ga_sid=1534278208&ga_hid=2004401713&ga_fc=0&iag=0&icsg=559776&dssz=16&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=12&ady=172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062171%2C368226400%2C42631002%2C21061319&oid=3&rx=0&eae=0&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&osw_key=3871415030&ifi=2&fsb=1&xpc=MFlQEWOgND&p=https%3A//0rr32d.global.ssl.fastly.net&dtd=156
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/show_ads_impl.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9887006928691465&output=html&h=90&slotname=4887033834&adk=3433465998&adf=1414068304&w=1200&fwrn=4&fwrnh=100&lmt=1534278207&rafmt=1&guci=1.2.0.0.2.2.0&format=1200x90&url=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&flash=0&fwr=0&rh=0&rw=1576&resp_fmts=3&wgl=1&adsid=NT&dt=1534278207647&bpp=7&bdt=577&fdt=151&idt=152&shv=r20180808&cbv=r20180604&saldr=aa&abxe=1&prev_fmts=1200x90&correlator=7231004066947&frm=20&pv=1&ga_vid=461664861.1534278208&ga_sid=1534278208&ga_hid=2004401713&ga_fc=0&iag=0&icsg=559776&dssz=16&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=12&ady=172&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062171%2C368226400%2C42631002%2C21061319&oid=3&rx=0&eae=0&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&ppjl=u&pfx=0&fu=144&bc=7&osw_key=3871415030&ifi=2&fsb=1&xpc=MFlQEWOgND&p=https%3A//0rr32d.global.ssl.fastly.net&dtd=156
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
1C0DFB97489CB3124F58B53EA056169B
Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Tue, 14 Aug 2018 20:23:27 GMT
server
cafe
cache-control
private
content-length
385
x-xss-protection
1; mode=block
set-cookie
test_cookie=CheckForPermission; expires=Tue, 14-Aug-2018 20:38:27 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
expires
Tue, 14 Aug 2018 20:23:27 GMT
oo.aspx
d3tff2yik766yh.cloudfront.net/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_ooshow&ag=ogFoot&from=Email-web&tag=82677477&sign=cf23686d4e1cc9c615ef007f04957317365ef364
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.182.213 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-182-213.fra50.r.cloudfront.net
Software
/
Resource Hash
3763a45b9820f5087049fe954daa2673fcfc87b4eb0bd909cc0d15422bd1a5b5

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Origin
https://0rr32d.global.ssl.fastly.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:28 GMT
content-encoding
gzip
status
200
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private
x-cache
Miss from cloudfront
x-amz-cf-id
Z-8fx_knT0XqxpYhUs2lppbOnV3eWLFbFEM1O3HFUxBTSCrEMQaXWA==
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
oGate.2.png
raw.githubusercontent.com/opipe/Up/master/A/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/opipe/Up/master/A/oGate.2.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e3369c645ecb1e8bb9e356997d057a73faab1dfb22ca1a55102f1df109fcaa71
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Fastly-Request-ID
aa869272bd57aab0a9b12e4f8ac61f8359c9aecd
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
Via
1.1 varnish
X-Content-Type-Options
nosniff
X-Geo-Block-List
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
8519
ETag
"efe5ebaaee56eee3767a07f92a9021a7e279b863"
X-Served-By
cache-hhn1548-HHN
X-GitHub-Request-Id
D5B2:0770:B332F:BE14E:5B733A40
X-Timer
S1534278209.687111,VS0,VE127
X-Frame-Options
deny
Date
Tue, 14 Aug 2018 20:23:28 GMT
Source-Age
0
Vary
Authorization,Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Cache-Control
max-age=300
Accept-Ranges
bytes
Expires
Tue, 14 Aug 2018 20:28:28 GMT
ogHead.jpg
raw.githubusercontent.com/opipe/Up/master/A/ 		142 KB
142 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/opipe/Up/master/A/ogHead.jpg
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180808/r20180604/osd.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
9a6af060cc89302f579f527a01b5efa3ea9cc20f783e7833ff1cb00db7530dcb
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Fastly-Request-ID
0b145e62c570b571b06a4ee5615b83412f9dc8ee
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
Via
1.1 varnish
X-Content-Type-Options
nosniff
X-Geo-Block-List
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
145092
ETag
"f7f243ce8ab4be77f959e727f4b5a9c01ec9ca0a"
X-Served-By
cache-hhn1536-HHN
X-GitHub-Request-Id
6FCE:7777:194A20:1A2C6C:5B733A40
X-Timer
S1534278209.746579,VS0,VE120
X-Frame-Options
deny
Date
Tue, 14 Aug 2018 20:23:28 GMT
Source-Age
0
Vary
Authorization,Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Cache-Control
max-age=300
Accept-Ranges
bytes
Expires
Tue, 14 Aug 2018 20:28:28 GMT
oo.aspx
d3tff2yik766yh.cloudfront.net/
Redirect Chain
  • https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_ooshow&ag=r816728&sign=cf23686d4e1cc9c615ef007f04957317365ef364
  • https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.182.213 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-182-213.fra50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:28 GMT
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
status
302
location
oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
access-control-allow-methods
GET,POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private
x-cache
Miss from cloudfront
content-length
221
x-amz-cf-id
aq9VpKAJEj5rH4OmE3rblS2lWiBeUyNeyp0zkYObmmNKJr6MIoTtbQ==

Redirect headers

date
Tue, 14 Aug 2018 20:23:28 GMT
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
status
302
location
oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
access-control-allow-methods
GET,POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private
x-cache
Miss from cloudfront
content-length
221
x-amz-cf-id
aq9VpKAJEj5rH4OmE3rblS2lWiBeUyNeyp0zkYObmmNKJr6MIoTtbQ==
oo.aspx
d3tff2yik766yh.cloudfront.net/ 		61 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.182.213 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-182-213.fra50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
text/plain, */*; q=0.01
X-DevTools-Emulate-Network-Conditions-Client-Id
1C0DFB97489CB3124F58B53EA056169B
Origin
https://0rr32d.global.ssl.fastly.net
Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:28 GMT
content-encoding
gzip
status
200
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private
x-cache
Miss from cloudfront
x-amz-cf-id
b-H7emadbySwIaQ3L0p8qkTGk37lHrs7__UdWR4vwyjKALLW6c3kUg==
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
Primary Request oo.aspx
d3tff2yik766yh.cloudfront.net/
Redirect Chain
  • https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_ooshow&ag=r816728&sign=cf23686d4e1cc9c615ef007f04957317365ef364
  • https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
61 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Requested by
Host: 0rr32d.global.ssl.fastly.net
URL: https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.182.76 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-182-76.fra50.r.cloudfront.net
Software
/
Resource Hash
c71a42371a96286c85489def19d25035c5080454e6dcd77654d92bcf0ddcd11b

Request headers

:method
GET
:authority
d3tff2yik766yh.cloudfront.net
:scheme
https
:path
/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477
accept-encoding
gzip, deflate
cookie
ASP.NET_SessionId=3mab50nv0p4vfcf0esne2z05
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
1C0DFB97489CB3124F58B53EA056169B
Referer
https://0rr32d.global.ssl.fastly.net/oo.aspx?name=r816728&key=kihgcsa2&from=Email-web&tag=82677477

Response headers

status
200
content-type
text/html; charset=utf-8
vary
Accept-Encoding
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
private
date
Tue, 14 Aug 2018 20:23:29 GMT
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
x-amz-cf-id
KkZ7EjC0qX_VbVSYryOQzlyRzDIFWVezWcaCqNH--hTBUh_oCseLWQ==

Redirect headers

status
302
content-type
text/html; charset=utf-8
content-length
221
location
oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
private
date
Tue, 14 Aug 2018 20:23:29 GMT
set-cookie
ASP.NET_SessionId=3mab50nv0p4vfcf0esne2z05; path=/; HttpOnly
x-cache
Miss from cloudfront
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
x-amz-cf-id
rQIXbRfU0tvs_k7nhWSEKxKZINpt728ER81nSG43iEzmQKlaT9KdOA==
oo.aspx
d3tff2yik766yh.cloudfront.net/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http%3A%2F%2F220%2Floc%2Fimages%2Fglobal5.css
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.182.76 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-182-76.fra50.r.cloudfront.net
Software
/
Resource Hash
8fa932bacf55f6fced19622547d5385de1af68c850f8e30c5335e4e5f536430e

Request headers

:path
/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http%3A%2F%2F220%2Floc%2Fimages%2Fglobal5.css
pragma
no-cache
cookie
ASP.NET_SessionId=3mab50nv0p4vfcf0esne2z05
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
d3tff2yik766yh.cloudfront.net
referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
:scheme
https
:method
GET
Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:30 GMT
content-encoding
gzip
status
200
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private
x-cache
Miss from cloudfront
x-amz-cf-id
DPgG1UPlCQ_xbEyQ1uMlmAbvgmpfrDT5seaw6RvC4J4xBRKYnQCk3w==
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
jquery.min.js
cdn.jsdelivr.net/jquery/1.12.4/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/jquery/1.12.4/jquery.min.js
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:5614 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-cache
HIT, HIT
status
200
content-length
33793
x-served-by
cache-ams4136-AMS, cache-fra19140-FRA
timing-allow-origin
*
server
cloudflare
etag
"17b8b-Wp3PvvZVomaOeLrr6qjcb0HY2rs"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
cf-ray
44a623c27fc8bebc-FRA
oo.aspx
d3tff2yik766yh.cloudfront.net/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http%3A%2F%2F140%2Fjs%2FDjy%2FDongtaiwangHomepage.js
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.182.76 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-182-76.fra50.r.cloudfront.net
Software
/
Resource Hash
7f48bd7d3180794477f6ea8531e279f667981422b2d8c15290f14bc683abdb6a

Request headers

:path
/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http%3A%2F%2F140%2Fjs%2FDjy%2FDongtaiwangHomepage.js
pragma
no-cache
cookie
ASP.NET_SessionId=3mab50nv0p4vfcf0esne2z05
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
d3tff2yik766yh.cloudfront.net
referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
:scheme
https
:method
GET
Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:30 GMT
content-encoding
gzip
status
200
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private
x-cache
Miss from cloudfront
x-amz-cf-id
E1e8k2bNYNLChyHi5eBrybOYxVGELVtwftYOudEvV8ww_tJq_PpYYA==
via
1.1 2b7e0587e76bdc8afc2d63bea659b942.cloudfront.net (CloudFront)
gpt.js
www.googletagservices.com/tag/js/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http%3A%2F%2F140%2Fjs%2FDjy%2FDongtaiwangHomepage.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:818::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
06bfd5988dc8214780ac020e533a24f00772fcb794007cb3fa160c889fb4651e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"6 / 980 of 1000 / last-modified: 1534271065"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
7787
x-xss-protection
1; mode=block
expires
Tue, 14 Aug 2018 20:23:31 GMT
N3UttA3_hB_43U1BA.jpg
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976WNNN.Q41B6UwNU1B.e4L/Z4e/wLUBAY/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976WNNN.Q41B6UwNU1B.e4L/Z4e/wLUBAY/N3UttA3_hB_43U1BA.jpg
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
50d450a0b9020ae027ebd16cc43357d44edfcea5b9e4f7f0a0d5b4185303ec5e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:26:56 GMT
Last-Modified
Tue, 22 Mar 2011 01:15:54 GMT
Server
Apache
Age
21397
ETag
"a7ba3a-46c2-fc572680"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18114
Expires
Tue, 28 Aug 2018 14:26:56 GMT
jLG.gif
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976Avvv.jLexGDKvDex.HLR/ULH/KRDxJi/ 		45 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976Avvv.jLexGDKvDex.HLR/ULH/KRDxJi/jLG.gif
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
393be6a9918a4d36d4a7074444e02eaa4ceb2fc3b2390dd761c491e24c33b321

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:26:57 GMT
Last-Modified
Tue, 01 Jul 2008 19:18:19 GMT
Server
Apache
Age
21395
ETag
"a7ba01-2d-3d1a74c0"
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
45
Expires
Tue, 28 Aug 2018 14:26:57 GMT
rd4_ozpiz0_d0p9fz.png
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976Reee.id9frpcep9f.Sd2/TdS/c2pfzB/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976Reee.id9frpcep9f.Sd2/TdS/c2pfzB/rd4_ozpiz0_d0p9fz.png
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
052939f0169df7aa01ecb1edfccd179af337a33de6859072506a4d66f115e652

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:26:56 GMT
Last-Modified
Tue, 22 Mar 2011 01:07:10 GMT
Server
Apache
Age
21397
ETag
"a7ba33-79bd-dd1b8b80"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31165
Expires
Tue, 28 Aug 2018 14:26:56 GMT
viYYgl_vciUN.gif
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976Zkkk.fglmYqWkqlm.ag0/cga/W0qmUV/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976Zkkk.fglmYqWkqlm.ag0/cga/W0qmUV/viYYgl_vciUN.gif
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
094b67d2a2aeafee95e78f19b6cfb06546d7a80850b91c3c4ae04ade9ac2b99e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:26:56 GMT
Last-Modified
Wed, 20 Aug 2008 15:07:16 GMT
Server
Apache
Age
21397
ETag
"a7b9f2-d52-8f581100"
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3410
Expires
Tue, 28 Aug 2018 14:26:56 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=d3tff2yik766yh.cloudfront.net
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 14 Aug 2018 20:23:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=d3tff2yik766yh.cloudfront.net
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 14 Aug 2018 20:23:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
pubads_impl_239.js
securepubads.g.doubleclick.net/gpt/ 		181 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_239.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
sffe /
Resource Hash
9cce1684b725dd214b8305f2b3355d7d9d788fe2d552acc0bbecfc48630cfcfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 10 Aug 2018 12:31:48 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
63811
x-xss-protection
1; mode=block
expires
Tue, 14 Aug 2018 20:23:31 GMT
cXf2d_rY7R.png
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba539767BBB.OXDzK2gB2Dz.fXt/dXf/gt2zMA/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba539767BBB.OXDzK2gB2Dz.fXt/dXf/gt2zMA/cXf2d_rY7R.png
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
bec1335031e588df78ce1bc5f0361ec161327d5590fc27b2d49ace451288953a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 12:35:09 GMT
Last-Modified
Tue, 17 Jul 2018 13:47:06 GMT
Server
Apache
Age
28103
ETag
"a79488-2e12-2e800a80"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11794
Expires
Tue, 28 Aug 2018 12:35:09 GMT
5t_gOa.png
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976IQQQ.ohYOUWdQWYO.ihF/uhi/dFWOwq/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976IQQQ.ohYOUWdQWYO.ihF/uhi/dFWOwq/5t_gOa.png
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
93e8935c30b890b403db343d6567541cd9c737748097a49bd4e11cb814a4f7bc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:06:30 GMT
Last-Modified
Wed, 01 Mar 2017 08:54:42 GMT
Server
Apache
Age
22622
ETag
"a7ba23-e5c-769e3880"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3676
Expires
Tue, 28 Aug 2018 14:06:30 GMT
es_7E4Z.png
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976ufff.JvVEqZIfZVE.1v4/3v1/I4ZEWz/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976ufff.JvVEqZIfZVE.1v4/3v1/I4ZEWz/es_7E4Z.png
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
73e3d2fd0a887baa7233b659c59ee421c2a24a06d4f5c31ee89e1e4740de2c0b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:06:30 GMT
Last-Modified
Wed, 01 Mar 2017 08:54:42 GMT
Server
Apache
Age
22621
ETag
"a7c1be-e67-769e3880"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3687
Expires
Tue, 28 Aug 2018 14:06:30 GMT
l8ggYrupg.jpg
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba539763GGG.D8rozcuGcro.l8g/n8l/ugcoZp/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba539763GGG.D8rozcuGcro.l8g/n8l/ugcoZp/l8ggYrupg.jpg
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
da7371ef02e19463b6993c8ca45b4416c4cfc160f38d4edd5faa57302258d5d1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:06:30 GMT
Last-Modified
Mon, 27 Nov 2017 19:42:34 GMT
Server
Apache
Age
22621
ETag
"a79202-58ad-1a907e80"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22701
Expires
Tue, 28 Aug 2018 14:06:30 GMT
JV63RBiV.jpg
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976niii.6CBJpR3iRBJ.xC7/LCx/37RJcO/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976niii.6CBJpR3iRBJ.xC7/LCx/37RJcO/JV63RBiV.jpg
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
9f0eb95d005f028fcf89c6e873d564032324966ece6b962217577cd1df8c1924

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:06:30 GMT
Last-Modified
Fri, 13 Oct 2017 03:54:15 GMT
Server
Apache
Age
22621
ETag
"a79142-6842-9c42c7c0"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
26690
Expires
Tue, 28 Aug 2018 14:06:30 GMT
9KTdvnHm-LsLMUL.jpg
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976L111.YHmDOTn1TmD.9Hd/0H9/ndTDRE/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976L111.YHmDOTn1TmD.9Hd/0H9/ndTDRE/9KTdvnHm-LsLMUL.jpg
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
3bea924920206fd67b045b5b64ac4c151bb13cc0b9fd3ee6fc1bb06af8002ec3

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:06:30 GMT
Last-Modified
Fri, 13 Oct 2017 03:54:15 GMT
Server
Apache
Age
22621
ETag
"a7912f-8a91-9c42c7c0"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
35473
Expires
Tue, 28 Aug 2018 14:06:30 GMT
VyQjT.jpg
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba539760lll.VPQ6EyLlyQ6.jPI/MPj/LIy6To/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba539760lll.VPQ6EyLlyQ6.jPI/MPj/LIy6To/VyQjT.jpg
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
75ae726a7aae89cb7fd13ba84aa43d63c0c50c6b10c1b413fdb3d519dc7d0af0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:06:30 GMT
Last-Modified
Wed, 23 Nov 2016 03:26:25 GMT
Server
Apache
Age
22621
ETag
"a7c1b9-a088-74231a40"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
41096
Expires
Tue, 28 Aug 2018 14:06:30 GMT
om0rbfY.png
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976Mxxx.rtfYob0xbfY.Ntu/2tN/0ubYyJ/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976Mxxx.rtfYob0xbfY.Ntu/2tN/0ubYyJ/om0rbfY.png
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
544c8004499639b47998504ea6fb988ab864773b2fbe80e3de423a5ae5ee9e17

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:52:50 GMT
Last-Modified
Sun, 20 Jul 2014 16:38:49 GMT
Server
Apache
Age
19841
ETag
"a7ba5d-126f-9ffa9840"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4719
Expires
Tue, 28 Aug 2018 14:52:50 GMT
ZHMGV.png
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba539762999.BsGVJKM9KGV.ks3/wsk/M3KVbD/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba539762999.BsGVJKM9KGV.ks3/wsk/M3KVbD/ZHMGV.png
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
b234534878a2d9e11052313e2ce55372a0752e7d3165e9b6cccfc784da59dca5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:52:50 GMT
Last-Modified
Fri, 04 Jul 2008 15:27:34 GMT
Server
Apache
Age
19841
ETag
"a7b9e5-43ec-5d66a580"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17388
Expires
Tue, 28 Aug 2018 14:52:50 GMT
D2AiD2SFFy6.png
111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976wjjj.mFirDA2jAir.5Fn/WF5/2nArK6/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://111.254.37.159/hp22544d72d85658ce16b21660381b8b644ba53976wjjj.mFirDA2jAir.5Fn/WF5/2nArK6/D2AiD2SFFy6.png
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Server
111.254.37.159 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
111-254-37-159.dynamic-ip.hinet.net
Software
Apache /
Resource Hash
1de9272d0960719fb1fc8b2d8c3ff205de41636d412db53226df6e0fa1c62c2f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 14 Aug 2018 14:52:51 GMT
Last-Modified
Wed, 28 May 2014 21:30:59 GMT
Server
Apache
Age
19841
ETag
"a7ba2e-3c2e-87424ac0"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15406
Expires
Tue, 28 Aug 2018 14:52:51 GMT
oGate.jpg
raw.githubusercontent.com/opipe/Up/master/Tools/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/opipe/Up/master/Tools/oGate.jpg
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
fd3ca4b2771dc70f499e6f0469096250e9ca4f439d6c8feaa3e9d0a66afa4dfe
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Fastly-Request-ID
ac8dc4a6072ee91864c07bc8f6d919a7d79ae878
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
Via
1.1 varnish
X-Content-Type-Options
nosniff
X-Geo-Block-List
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
7877
ETag
"60305ebdf358846aaf2aad46a4ad4df20e75f63e"
X-Served-By
cache-hhn1536-HHN
X-GitHub-Request-Id
2632:3BFB:11793B:12AE0E:5B733A43
X-Timer
S1534278211.496899,VS0,VE167
X-Frame-Options
deny
Date
Tue, 14 Aug 2018 20:23:31 GMT
Source-Age
0
Vary
Authorization,Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Cache-Control
max-age=300
Accept-Ranges
bytes
Expires
Tue, 14 Aug 2018 20:28:31 GMT
analytics.js
www.google-analytics.com/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
5082
date
Tue, 14 Aug 2018 18:58:49 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
14386
expires
Tue, 14 Aug 2018 20:58:49 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		489 B
874 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1129733197883326&correlator=2375546146935272&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21062287&vrg=239&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu_parts=37445998%2CDongtaiwang_frontpage_native_text_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x25%7C300x25&cookie_enabled=1&bc=7&abxe=1&lmt=1534278211&dt=1534278211528&dlt=1534278210949&idt=477&frm=20&biw=1585&bih=1200&oid=3&adxs=0&adys=0&adks=2057630717&gut=v2&ifi=1&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fd3tff2yik766yh.cloudfront.net%2Foo.aspx%3Fname%3Dget_oopipe%26sign%3Dcf23686d4e1cc9c615ef007f04957317365ef364%26ag%3Dhttp%3A%2F%2F220%2F&ref=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&dssz=13&icsg=2282&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=340x-1&msz=250x-1&ga_vid=1235188708.1534278212&ga_sid=1534278212&ga_hid=1093679091&fws=4
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_239.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
343f26c6a195633aa54c12791bf46cf5deb6698a9d04c6ff85c775281e346bba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Origin
https://d3tff2yik766yh.cloudfront.net

Response headers

date
Tue, 14 Aug 2018 20:23:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
347
x-xss-protection
1; mode=block
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://d3tff2yik766yh.cloudfront.net
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_239.js
securepubads.g.doubleclick.net/gpt/ 		43 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_239.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_239.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
sffe /
Resource Hash
361855a771b05b569b3306a96db9d5872601e3c099c7150ccaa8331be4ab9b3a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:23:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 10 Aug 2018 12:31:48 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
16544
x-xss-protection
1; mode=block
expires
Tue, 14 Aug 2018 20:23:31 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_239.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81d::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Purpose
prefetch
Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

expires
Wed, 07 Aug 2019 06:32:48 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
content-type
text/html
ads
securepubads.g.doubleclick.net/gampad/ 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1129733197883326&correlator=2375546146935272&output=json_html&callback=googletag.impl.pubads.callbackProxy2&impl=fifs&adsid=NT&json_a=1&eid=21062287&vrg=239&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu_parts=37445998%2CDongtaiwang_frontpage_native_text_2%2CDongtaiwang_frontpage_native_text_3%2CDongtaiwang_frontpage_native_text_4&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x25%2C300x25%2C300x25&cookie_enabled=1&bc=7&abxe=1&lmt=1534278211&dt=1534278211544&dlt=1534278210949&idt=477&frm=20&biw=1585&bih=1200&oid=3&adxs=0%2C-9%2C-9&adys=0%2C-9%2C-9&adks=769640528%2C3546408455%2C2299917106&gut=v2&ifi=3&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fd3tff2yik766yh.cloudfront.net%2Foo.aspx%3Fname%3Dget_oopipe%26sign%3Dcf23686d4e1cc9c615ef007f04957317365ef364%26ag%3Dhttp%3A%2F%2F220%2F&ref=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&dssz=16&icsg=35050&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=340x-1%7C0x0%7C0x0&msz=300x-1%7C0x0%7C0x0&ga_vid=1235188708.1534278212&ga_sid=1534278212&ga_hid=1093679091&fws=4%2C2%2C2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_239.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
15cfa175ffd40060c7d1254c483fdf7d266a2df54330d531db13b78debd04045
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Origin
https://d3tff2yik766yh.cloudfront.net

Response headers

date
Tue, 14 Aug 2018 20:23:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
2573
x-xss-protection
1; mode=block
google-lineitem-id
4572498669,-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138224736366,-2,-2
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://d3tff2yik766yh.cloudfront.net
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		476 B
507 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1129733197883326&correlator=2375546146935272&output=json_html&callback=googletag.impl.pubads.callbackProxy3&impl=fifs&adsid=NT&json_a=1&eid=21062287&vrg=239&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu_parts=37445998%2CDongtaiwang_frontpage_native_text_5&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x25&cookie_enabled=1&bc=7&abxe=1&lmt=1534278211&dt=1534278211560&dlt=1534278210949&idt=477&frm=20&biw=1585&bih=1200&oid=3&adxs=0&adys=0&adks=1488856244&gut=v2&ifi=7&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fd3tff2yik766yh.cloudfront.net%2Foo.aspx%3Fname%3Dget_oopipe%26sign%3Dcf23686d4e1cc9c615ef007f04957317365ef364%26ag%3Dhttp%3A%2F%2F220%2F&ref=https%3A%2F%2F0rr32d.global.ssl.fastly.net%2Foo.aspx%3Fname%3Dr816728%26key%3Dkihgcsa2%26from%3DEmail-web%26tag%3D82677477&dssz=20&icsg=35050&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=340x-1&msz=300x-1&ga_vid=1235188708.1534278212&ga_sid=1534278212&ga_hid=1093679091&fws=4
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_239.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
a8a715989bc5e78a13ffbf0a2fa9fb40c5eff1c6dd38f4bab1e1969d60dfc840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Origin
https://d3tff2yik766yh.cloudfront.net

Response headers

date
Tue, 14 Aug 2018 20:23:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
344
x-xss-protection
1; mode=block
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://d3tff2yik766yh.cloudfront.net
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=1093679091&t=pageview&_s=1&dl=https%3A%2F%2Fd3tff2yik766yh.cloudfront.net%2Foo.aspx%3Fname%3Dget_oopipe%26sign%3Dcf23686d4e1cc9c615ef007f0495...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-90274311-1&cid=1235188708.1534278212&jid=885300535&_gid=1082167973.1534278212&gjid=1441899996&_v=j68&z=1861676172
35 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-90274311-1&cid=1235188708.1534278212&jid=885300535&_gid=1082167973.1534278212&gjid=1441899996&_v=j68&z=1861676172
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:400c:c0c::9c , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 14 Aug 2018 20:23:31 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 14 Aug 2018 20:23:31 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-90274311-1&cid=1235188708.1534278212&jid=885300535&_gid=1082167973.1534278212&gjid=1441899996&_v=j68&z=1861676172
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
419
expires
Fri, 01 Jan 1990 00:00:00 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20180808/r20110914/activeview/ Frame 4EFF 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180808/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_239.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81d::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
6f86a75cc878483a3e699b21fa0e318e062b895608d2eb9915650ce0a2debf9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 08 Aug 2018 21:53:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
513016
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26377
x-xss-protection
1; mode=block
server
cafe
etag
7511437756112027181
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 22 Aug 2018 21:53:15 GMT
osd.js
pagead2.googlesyndication.com/pagead/ 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_239.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
f58398c8f74de364c484b7f01db10b3c3e608699d5d209c02db32e7f066e07a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 14 Aug 2018 20:15:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
452
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26275
x-xss-protection
1; mode=block
server
cafe
etag
15787436124949168696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Tue, 14 Aug 2018 21:15:59 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 4EFF 		0
271 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvx8xksWNfLAVZTCoD9svwjyFJSZgp2UFfQUUcyvBA55HL4IxZhYVcR9KHP43M5zGFDfeIlRtmwlb-u7E5rL1wWbe_8ZTbr0M5wNWKUi-CMWP-8g6AAK7bybD_zwSmt9S6WlvL-ShZn7BpUYpD6krOdno0JDdjOX9V-f35NeJHFjPo7Eq4Ztb4Zz5Vbm2bDoUKnFYNoFq4lO-07KyeGM3Wg56LBx51s3ExoLrm474VV_ariH_1w2WrpYvTHdO44CDBFO7eYy0FE1ADLrBYyi5bBU53X9tTX3wk8kwRwjnq-baCr1eKPpUzWorxEbgaLG7TWon7zgSPbZtCmTL7rnw&sai=AMfl-YRlRdPl38JMIMOW3_j_lsL2debRtjKNl81QtWDyuMBSjhK3aBHIL88CEL-BH3XX2iUsGPW0SrpvG9Qc6pBBMpzuf6GvnBkwWv7_1H-o&sig=Cg0ArKJSzFMHjydrPNsBEAE&urlfix=1&adurl=
Requested by
Host: d3tff2yik766yh.cloudfront.net
URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
cache-control
private
expires
Tue, 14 Aug 2018 20:23:31 GMT
truncated
/ Frame 4EFF 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c50435f5e112cd6ebe7104b29a1295f7356b74601cde55172b3a1efc9501c94b

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
activeview
pagead2.googlesyndication.com/pcs/ Frame 4EFF 		42 B
178 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstLsIKCiDkLNcHS3GO0DdDwqWBMppqSjHgvy14Y_0avFx-H60yrpHoKDcEvLI89qepJlUXVwgyIwpjpWtaCL28ecT_o9FEqxDw&sig=Cg0ArKJSzD2fktePxsYgEAE&adk=769640528&tt=1020&bs=1585,1200&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&p=889,313,914,613&mcvt=1006&rs=3&ht=0&tfs=14&tls=1020&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1534278211625&rpt=51&bos=1600,1200&ps=1585,1534&ss=1600,1200&pt=1018&deb=1-1-1-2-5--1-21-3&tvt=1006&op=1&r=v&srmi=1&id=osdim&ti=1&uc=21&tgt=BODY&cl=1&cec=6&clc=0&cac=0&cd=300x25&v=r20180808
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 14 Aug 2018 20:23:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| googletag function| chkplayer object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| GPT_jstiming object| closure_memoize_cache_ undefined| google_measure_js_timing boolean| google_noFetch boolean| google_DisableInitialLoad number| __google_ad_urls_id object| qr_fgp object| qr_fgma function| reset_qr string| GoogleAnalyticsObject function| ga number| google_unique_id object| gaGlobal object| gaplugins object| gaData function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb

4 Cookies

Domain/Path Name / Value
.d3tff2yik766yh.cloudfront.net/ Name: _ga
Value: GA1.3.1235188708.1534278212
.d3tff2yik766yh.cloudfront.net/ Name: _gat
Value: 1
.d3tff2yik766yh.cloudfront.net/ Name: _gid
Value: GA1.3.1082167973.1534278212
d3tff2yik766yh.cloudfront.net/ Name: ASP.NET_SessionId
Value: 3mab50nv0p4vfcf0esne2z05

2 Console Messages

Source Level URL
Text
console-api warning URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.2.0/video.min.js(Line 12)
Message:
VIDEOJS:
console-api log URL: https://d3tff2yik766yh.cloudfront.net/oo.aspx?name=get_oopipe&sign=cf23686d4e1cc9c615ef007f04957317365ef364&ag=http://220/(Line 315)
Message:
removing player

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0rr32d.global.ssl.fastly.net
adservice.google.com
adservice.google.de
cdn.jsdelivr.net
cdnjs.cloudflare.com
d3tff2yik766yh.cloudfront.net
googleads.g.doubleclick.net
pagead2.googlesyndication.com
raw.githubusercontent.com
securepubads.g.doubleclick.net
stats.g.doubleclick.net
t.cn
tpc.googlesyndication.com
www.google-analytics.com
www.googletagservices.com
111.254.37.159
114.134.80.138
151.101.112.133
151.101.13.194
172.217.22.98
2400:cb00:2048:1::6810:5614
2400:cb00:2048:1::6813:c597
2a00:1450:4001:814::200e
2a00:1450:4001:818::2002
2a00:1450:4001:819::2002
2a00:1450:4001:81a::2002
2a00:1450:4001:81c::2002
2a00:1450:4001:81d::2001
2a00:1450:400c:c0c::9c
52.85.182.213
52.85.182.76
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
052939f0169df7aa01ecb1edfccd179af337a33de6859072506a4d66f115e652
06bfd5988dc8214780ac020e533a24f00772fcb794007cb3fa160c889fb4651e
094b67d2a2aeafee95e78f19b6cfb06546d7a80850b91c3c4ae04ade9ac2b99e
15cfa175ffd40060c7d1254c483fdf7d266a2df54330d531db13b78debd04045
1de9272d0960719fb1fc8b2d8c3ff205de41636d412db53226df6e0fa1c62c2f
1e4b7400d51a2a26dd20ffb73cc36eaed39c5cf28d3228b5f82cb0b2dcf1924f
343f26c6a195633aa54c12791bf46cf5deb6698a9d04c6ff85c775281e346bba
361855a771b05b569b3306a96db9d5872601e3c099c7150ccaa8331be4ab9b3a
3763a45b9820f5087049fe954daa2673fcfc87b4eb0bd909cc0d15422bd1a5b5
393be6a9918a4d36d4a7074444e02eaa4ceb2fc3b2390dd761c491e24c33b321
3bea924920206fd67b045b5b64ac4c151bb13cc0b9fd3ee6fc1bb06af8002ec3
3d242555ad0eb3726236017fdb2978a544459f6cd7c54d96a9c75c094f70e5b8
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
50d450a0b9020ae027ebd16cc43357d44edfcea5b9e4f7f0a0d5b4185303ec5e
544c8004499639b47998504ea6fb988ab864773b2fbe80e3de423a5ae5ee9e17
58e841418ee3e14b71f67ec5b522419b3c54793e0e926e85b562232eaba20f1d
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6f86a75cc878483a3e699b21fa0e318e062b895608d2eb9915650ce0a2debf9c
6f9e5cea796793a5a55e6bf5f9cbb41fbc93021f0ae3c09115ba24be6bdd0495
73e3d2fd0a887baa7233b659c59ee421c2a24a06d4f5c31ee89e1e4740de2c0b
75ae726a7aae89cb7fd13ba84aa43d63c0c50c6b10c1b413fdb3d519dc7d0af0
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
7a19405088f969aecf491b8b729f0d9dbc87dac4f6092a9e8a0d883075ff2979
7f48bd7d3180794477f6ea8531e279f667981422b2d8c15290f14bc683abdb6a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8fa932bacf55f6fced19622547d5385de1af68c850f8e30c5335e4e5f536430e
93e8935c30b890b403db343d6567541cd9c737748097a49bd4e11cb814a4f7bc
9a6af060cc89302f579f527a01b5efa3ea9cc20f783e7833ff1cb00db7530dcb
9cce1684b725dd214b8305f2b3355d7d9d788fe2d552acc0bbecfc48630cfcfa
9e01d2473096e9ebafb493d80dce879d677d52f4bb5715df39c46de4ab7466b0
9f0eb95d005f028fcf89c6e873d564032324966ece6b962217577cd1df8c1924
a8a715989bc5e78a13ffbf0a2fa9fb40c5eff1c6dd38f4bab1e1969d60dfc840
af7c27b219ef1c4b8e672bf3ce1f4f192235bf83b8d81c44c55a0a06f3f9c736
b234534878a2d9e11052313e2ce55372a0752e7d3165e9b6cccfc784da59dca5
bec1335031e588df78ce1bc5f0361ec161327d5590fc27b2d49ace451288953a
c50435f5e112cd6ebe7104b29a1295f7356b74601cde55172b3a1efc9501c94b
c71a42371a96286c85489def19d25035c5080454e6dcd77654d92bcf0ddcd11b
d604dca2f646114714adaa1b386ada9958eddd695a232a4f64d9ce800032a1e3
da7371ef02e19463b6993c8ca45b4416c4cfc160f38d4edd5faa57302258d5d1
e3369c645ecb1e8bb9e356997d057a73faab1dfb22ca1a55102f1df109fcaa71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f58398c8f74de364c484b7f01db10b3c3e608699d5d209c02db32e7f066e07a1
fd3ca4b2771dc70f499e6f0469096250e9ca4f439d6c8feaa3e9d0a66afa4dfe
ffdda737e7504231c8c623de4dad94d68349d68fde91cf8d26600e042fed20df