ar.buddysecret.com Open in urlscan Pro
2606:4700:20::ac43:47b7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ar.buddysecret.com/s/sync-quiz/bYV7
Submission: On November 30 via manual (November 30th 2021, 6:27:36 pm UTC) from EG — Scanned from DE

Summary HTTP 103 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 26 IPs in 6 countries across 25 domains to perform 103 HTTP transactions. The main IP is 2606:4700:20::ac43:47b7, located in United States and belongs to CLOUDFLARENET, US. The main domain is ar.buddysecret.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 3rd 2021. Valid for: a year.

This is the only time ar.buddysecret.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
28	2606:4700:20:... 2606:4700:20::ac43:47b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:474a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3 10	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
1 2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
1	88.99.65.215 88.99.65.215	24940 (HETZNER-AS) (HETZNER-AS)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	2a05:d018:24:... 2a05:d018:24:b002:dccc:4b37:dddb:cf1e	16509 (AMAZON-02) (AMAZON-02)
2 2	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	18.158.154.136 18.158.154.136	16509 (AMAZON-02) (AMAZON-02)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
103	26

28 2606:4700:20::ac43:47b7 (United States)

ASN13335 (CLOUDFLARENET, US)

ar.buddysecret.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.buddysecret.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:474a (United States)

ASN13335 (CLOUDFLARENET, US)

img.holaquiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.184.226 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.90 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.130.102.164 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.63.157 (Hockenheim, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.65.215 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.215.65.99.88.clients.your-server.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:24:b002:dccc:4b37:dddb:cf1e (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.13 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.154.136 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-154-136.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	buddysecret.com ar.buddysecret.com img.buddysecret.com	1 MB
22	doubleclick.net 4 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net 5994599.fls.doubleclick.net	238 KB
20	googlesyndication.com pagead2.googlesyndication.com 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com tpc.googlesyndication.com	243 KB
6	redintelligence.net 1 redirects hal9000.redintelligence.net hal90007.redintelligence.net	10 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
5	gstatic.com fonts.gstatic.com	98 KB
5	google.com adservice.google.com www.google.com	2 KB
4	adnxs.com 3 redirects ib.adnxs.com	4 KB
4	google-analytics.com www.google-analytics.com	20 KB
4	googletagmanager.com www.googletagmanager.com	163 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	938 B
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	tidaltv.com 2 redirects sync.tidaltv.com	832 B
2	google.de adservice.google.de	914 B
2	facebook.net connect.facebook.net	113 KB
1	2mdn.net s0.2mdn.net	586 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	513 B
1	mathtag.com 1 redirects sync.mathtag.com	862 B
1	contentspread.net cdn.contentspread.net	19 KB
1	googletagservices.com www.googletagservices.com	37 KB
1	googleadservices.com partner.googleadservices.com	409 B
1	holaquiz.com img.holaquiz.com	424 KB
1	googleapis.com fonts.googleapis.com	2 KB
0	impdesk.com Failed pix.impdesk.com Failed
103	25

	Domain	Requested by
27	ar.buddysecret.com	ar.buddysecret.com
12	pagead2.googlesyndication.com	ar.buddysecret.com pagead2.googlesyndication.com tpc.googlesyndication.com 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
10	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
6	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com googleads.g.doubleclick.net
5	hal90007.redintelligence.net	1 redirects 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com hal90007.redintelligence.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com ar.buddysecret.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	www.googletagmanager.com	ar.buddysecret.com www.googletagmanager.com
4	securepubads.g.doubleclick.net	ar.buddysecret.com securepubads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
2	ups.analytics.yahoo.com	2 redirects
2	pixel.advertising.com	2 redirects
2	ap.lijit.com	2 redirects
2	sync.tidaltv.com	2 redirects
2	5994599.fls.doubleclick.net	1 redirects ar.buddysecret.com
2	www.google.com	tpc.googlesyndication.com 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
2	156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	stats.g.doubleclick.net	www.google-analytics.com
2	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
2	connect.facebook.net	ar.buddysecret.com connect.facebook.net
1	s0.2mdn.net	156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
1	gcm.ctnsnet.com	1 redirects
1	sync.mathtag.com	1 redirects
1	cdn.contentspread.net	hal90007.redintelligence.net
1	hal9000.redintelligence.net	156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
1	www.googletagservices.com	156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
1	img.buddysecret.com	ar.buddysecret.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	img.holaquiz.com	ar.buddysecret.com
1	fonts.googleapis.com	ar.buddysecret.com
0	pix.impdesk.com Failed	156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
103	34

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
www.facebook.com
twitter.com
ar.friendsforever.world

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-03` - `2022-03-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-09` - `2021-12-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
redintelligence.net R3	`2021-10-21` - `2022-01-19`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
contentspread.net R3	`2021-10-04` - `2022-01-02`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://ar.buddysecret.com/s/sync-quiz/bYV7
Frame ID: 08E5BA0F9FF5DA1879DC19782CC4C37E
Requests: 61 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html
Frame ID: 2B057EF928C5CF86CA4C6FBD5A1A7182
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7003191985075097&output=html&adk=1812271804&adf=3025194257&lmt=1638296851&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32&format=0x0&url=https%3A%2F%2Far.buddysecret.com%2Fs%2Fsync-quiz%2FbYV7&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638296851316&bpp=2&bdt=172&idt=90&shv=r20211111&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5032859781382&frm=20&pv=2&ga_vid=2141826429.1638296851&ga_sid=1638296851&ga_hid=1255180167&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063792%2C31063835&oid=2&pvsid=2971943970888554&pem=13&tmod=1807876480&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=113
Frame ID: 66D1AD34DE18C21F33BB932A9254E7AA
Requests: 1 HTTP requests in this frame

Frame: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5EF50E4CC34056F6BA0BF3ECC62E2539
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 0E83B56DB1E33CE5F888632541F39263
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 51082A038023D2A0081AB0BF2700AAE7
Requests: 2 HTTP requests in this frame

Frame: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 11D2BCF786BDF66F75E14AAB856E02DB
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNX0wxeEidOtToWPor9zhGuaTewQEYES40Ler3Tcccdyw4S4gPqR6UNNNLcZ9B7qyDrgXJtziZqb0467tzaPZdfQsrzfcmmE16XfUvv5s6tE1OTQgOyBUpHYg9Q0xN-kaDBqQmisOgnZMmCXhks6r5PpcWtvSFgTVsNgqi7rJiXL21jEtKI
Frame ID: 015584A771CDE29F7984CA4F46F77F61
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E6E49DC83B689CB42F03B42BEA3E14B2
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674
Frame ID: 9C28D14CFDB0416766797CDA73735F0F
Requests: 2 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=77556500164123400757617011794007&a=2506e051
Frame ID: 40F3BD8042E83DEBBCEADFAE4D090A42
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 27E70421AC28EF648C445382BF72FEF8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

يوميات الصداقة 2021. ادع الأصدقاء لكتابة يومياتك السرية الآن.

Page Statistics

103
Requests

89 %
HTTPS

58 %
IPv6

25
Domains

34
Subdomains

26
IPs

6
Countries

2728 kB
Transfer

4814 kB
Size

26
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.instagram.com/buddysecret2

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Buddysecret1

Search URL Search Domain Scan URL

URL: https://twitter.com/BuddySecret1

Search URL Search Domain Scan URL

URL: https://ar.friendsforever.world/%D8%AC%D8%A7%D8%A6%D8%B2%D8%A9-%D8%A3%D9%81%D8%B6%D9%84-%D8%B5%D8%AF%D9%8A%D9%82/play/873?utm_site_source=custom&utm_site_medium=ad&utm_site_campaign=user

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1&C=1

Request Chain 77

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaZtFGsV3yXtMq8dZuGxEwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1

Request Chain 78

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEA2LGfwGWQa9ZXecbijgTXA&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEA2LGfwGWQa9ZXecbijgTXA%26google_cver%3D1

Request Chain 79

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzYwNzMzNTU0NTAxMTcyNzQyMQ%3D%3D

Request Chain 84

https://hal90007.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=2c09712867&subid=&uid=49850c06687ad951&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUmtrE22mYdmhJIysgQfT05eAB92t6Khgz-rP5J8K8C4QASCUq4FoYJXaooKwB8gBCakCokL3i4Hfsj6oAwGqBOMBT9Ch1TrYmRDXKEW53OvjdOcdrzxQlti9CVkwI5PotEgNjSJLO2HFZEQmCJ5_6yj1_jb1qx-6KplpJhuYZwXqxGNguuDDdv-6eJUe9Xc7YO5QbBNW0YYXsAOJLpbp3xmT94DMBTAz7e1_UZbUlq-ZUhpaLfNjCPy5FcRY6BofJgqQOvNGEbyAmZzF4ckR81vOMoHLbKx0n33LlgXgN0XftdzoER0nYrnV5je_i8-TcCIw_59QmCQUtR8-MSpushoSRQIJszHMF7Nh8AtPpDLLH3Kk1hPE509aa5CMm-3yNU9Rz-XABM6Ou7GWAuAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjg4Mjg5NDI5Njk1MzMxN4AKA5gLAcgLAYAMAbATnuXsDNATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoU-nC4rvncEFlwEfB-2Y1pA%26sig%3DAOD64_147tb0AQpzTG415R5Xyn3PqcOMkg%26client%3Dca-pub-3775738955018489%26dbm_c%3DAKAmf-AmvgkM-9MFGsGQd7FRvixqYTORBbgoatLZYPim-OVXKpPO_Bcap6ISjA9ebV08PVJgx8ba8xUzUJWCFiW19N8HLaZmryeKp8Toaz7qHSDKOgd4-QoxFYGKT4bxSv7AGZkB-O2zEv9UFjuMVz-SCdK5_dwDsA%26cry%3D1%26dbm_d%3DAKAmf-DHwsNbVVoGSDLSDdGMgJCM6CduhjO20lZti61wKSJF2ZZ3WUP34C42aJ7wvtpW6m6UgU0PtO-wVPdAGObD9TDosnRFnA1DANNXpIRwFz7ROdaja4WcWCkYfSLb7P3PCHhV3K6ecdYJmPWewfrz7XFDA6pxnGJaCMyEoyvRISywCWlwueMinFY51pd_bFZzrekDMs04LrZdrly1mzDYpF-nerMxjuvdy6gLBkQBJo_I2N6Nw2xpTfPmawHXo_PO0dhazKqPy5VeUluQ6VzgOZKs2qW5vEqdizlNUj6lRoTGck6zZAPYkMbLGDJL2R473sdiN2JTroCFxkxUs4fNKsg6dHCWmB3fK4VJk7JUYK-8-vkXM4tyjv1STxvcjlFXeEXoQGALpW_to5PLJBy9Bh9jWEisFXrYe4tOe-rIwxS2-iPw9dEBSHpL5mt2Byt80oc1fEuKOgj-4uCneeLhxCldCCYEiw%26adurl%3D&documentReferer=https%3A%2F%2Far.buddysecret.com%2F&ancestorOrigins=https%3A%2F%2Far.buddysecret.com&random=1319110856295&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90007.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=2c09712867&subid=&uid=49850c06687ad951&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUmtrE22mYdmhJIysgQfT05eAB92t6Khgz-rP5J8K8C4QASCUq4FoYJXaooKwB8gBCakCokL3i4Hfsj6oAwGqBOMBT9Ch1TrYmRDXKEW53OvjdOcdrzxQlti9CVkwI5PotEgNjSJLO2HFZEQmCJ5_6yj1_jb1qx-6KplpJhuYZwXqxGNguuDDdv-6eJUe9Xc7YO5QbBNW0YYXsAOJLpbp3xmT94DMBTAz7e1_UZbUlq-ZUhpaLfNjCPy5FcRY6BofJgqQOvNGEbyAmZzF4ckR81vOMoHLbKx0n33LlgXgN0XftdzoER0nYrnV5je_i8-TcCIw_59QmCQUtR8-MSpushoSRQIJszHMF7Nh8AtPpDLLH3Kk1hPE509aa5CMm-3yNU9Rz-XABM6Ou7GWAuAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjg4Mjg5NDI5Njk1MzMxN4AKA5gLAcgLAYAMAbATnuXsDNATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoU-nC4rvncEFlwEfB-2Y1pA%26sig%3DAOD64_147tb0AQpzTG415R5Xyn3PqcOMkg%26client%3Dca-pub-3775738955018489%26dbm_c%3DAKAmf-AmvgkM-9MFGsGQd7FRvixqYTORBbgoatLZYPim-OVXKpPO_Bcap6ISjA9ebV08PVJgx8ba8xUzUJWCFiW19N8HLaZmryeKp8Toaz7qHSDKOgd4-QoxFYGKT4bxSv7AGZkB-O2zEv9UFjuMVz-SCdK5_dwDsA%26cry%3D1%26dbm_d%3DAKAmf-DHwsNbVVoGSDLSDdGMgJCM6CduhjO20lZti61wKSJF2ZZ3WUP34C42aJ7wvtpW6m6UgU0PtO-wVPdAGObD9TDosnRFnA1DANNXpIRwFz7ROdaja4WcWCkYfSLb7P3PCHhV3K6ecdYJmPWewfrz7XFDA6pxnGJaCMyEoyvRISywCWlwueMinFY51pd_bFZzrekDMs04LrZdrly1mzDYpF-nerMxjuvdy6gLBkQBJo_I2N6Nw2xpTfPmawHXo_PO0dhazKqPy5VeUluQ6VzgOZKs2qW5vEqdizlNUj6lRoTGck6zZAPYkMbLGDJL2R473sdiN2JTroCFxkxUs4fNKsg6dHCWmB3fK4VJk7JUYK-8-vkXM4tyjv1STxvcjlFXeEXoQGALpW_to5PLJBy9Bh9jWEisFXrYe4tOe-rIwxS2-iPw9dEBSHpL5mt2Byt80oc1fEuKOgj-4uCneeLhxCldCCYEiw%26adurl%3D&documentReferer=https%3A%2F%2Far.buddysecret.com%2F&ancestorOrigins=https%3A%2F%2Far.buddysecret.com&random=1319110856295&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 85

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674

Request Chain 93

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHmUMl7WebjpeDTB5-EdSIE&google_cver=1&google_push=AYg5qPLCi6qEKgrVQlS8kXlGV_ECg7-Vv6QGh1ntUjq8Bfqi3wqGkOhuDyVACYhBYHPjZjMD3_B04cnmlrJGWjkZzcpyBS76Efpv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLCi6qEKgrVQlS8kXlGV_ECg7-Vv6QGh1ntUjq8Bfqi3wqGkOhuDyVACYhBYHPjZjMD3_B04cnmlrJGWjkZzcpyBS76Efpv

Request Chain 94

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEEaGkAUXDZwAZ7ZwNt6PRxc&google_cver=1&google_push=AYg5qPKz3irO3z9fpsb9b2_SxDAdq0sUUlS25rSOGl3_YHSMdcGE_hb_-abm6GEF7qX8T8y0jG6LzyFqSp5T2K5VwOxCNeDWkF0HUA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKz3irO3z9fpsb9b2_SxDAdq0sUUlS25rSOGl3_YHSMdcGE_hb_-abm6GEF7qX8T8y0jG6LzyFqSp5T2K5VwOxCNeDWkF0HUA&google_hm=OLCegjSrReeBkXME62P9oxg

Request Chain 95

https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEPOvQDN1CDPuMX6gJ9Dja_Y&google_cver=1&google_push=AYg5qPLJdx-bk_LhN9QXJMYH0P1SPjE_ifOhjEWBz8okZHMzYhccLzSlJcRW9fJpPAoSETiydvz78jeECGMOCMWV7knqdW52t-QHjg HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEPOvQDN1CDPuMX6gJ9Dja_Y&google_cver=1&google_push=AYg5qPLJdx-bk_LhN9QXJMYH0P1SPjE_ifOhjEWBz8okZHMzYhccLzSlJcRW9fJpPAoSETiydvz78jeECGMOCMWV7knqdW52t-QHjg&s_h=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=tZsgSftEQhKgjxUGvvGqIA&gdpr=1&gdpr_consent=

Request Chain 97

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEF5B6M8o9PoqRGT_cfvfvdw&google_cver=1&google_push=AYg5qPKpP3sEpmurQ5l-GfAIfmrp2F2_MXI-NddWNzCShkuRn9g_VQLX0ngVZGbJqIxKgQ8oW909jUCFf-LpVMuOM8P-fXNxulLX8Q HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEF5B6M8o9PoqRGT_cfvfvdw&google_cver=1&google_push=AYg5qPKpP3sEpmurQ5l-GfAIfmrp2F2_MXI-NddWNzCShkuRn9g_VQLX0ngVZGbJqIxKgQ8oW909jUCFf-LpVMuOM8P-fXNxulLX8Q&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKpP3sEpmurQ5l-GfAIfmrp2F2_MXI-NddWNzCShkuRn9g_VQLX0ngVZGbJqIxKgQ8oW909jUCFf-LpVMuOM8P-fXNxulLX8Q&google_hm=eec61d92bf1f03f21274c3da

Request Chain 98

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEB1ltPrlRcf7u5TjCwT7a5A&google_cver=1&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riBwOkhX3GxbQij18wVCChrwHIsWYFHSz7jbMgOpIgDaeRgffc HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEB1ltPrlRcf7u5TjCwT7a5A&google_cver=1&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riBwOkhX3GxbQij18wVCChrwHIsWYFHSz7jbMgOpIgDaeRgffc&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEB1ltPrlRcf7u5TjCwT7a5A&google_cver=1&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riBwOkhX3GxbQij18wVCChrwHIsWYFHSz7jbMgOpIgDaeRgffc&apid=UP2ec1235b-520b-11ec-a359-06db969b4c24 HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEB1ltPrlRcf7u5TjCwT7a5A&google_cver=1&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riBwOkhX3GxbQij18wVCChrwHIsWYFHSz7jbMgOpIgDaeRgffc&apid=UP2ec1235b-520b-11ec-a359-06db969b4c24&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAyZWMxMjM1Yi01MjBiLTExZWMtYTM1OS0wNmRiOTY5YjRjMjQ%3D&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riBwOkhX3GxbQij18wVCChrwHIsWYFHSz7jbMgOpIgDaeRgffc

103 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request bYV7 Show response
ar.buddysecret.com/s/sync-quiz/ 27 KB
7 KB 666ms
640ms Document
text/html 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25675789a795caac5b8f160dae95ebdc63f2489f88895bb1428754509c4c9edb

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-type: text/html; charset=UTF-8
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
server-host: as-hi-229-web
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqwaWK28AOncE9%2BBAI8ilMBN2DRWJFk9slJOII7yVy5BV6g2m0obFWsLS4kNrqEg3OI%2F63lTWsLVyI5am5JhetmhsZBsk%2BgaRSaJsDx80IkhrH9R0allamMqCWRwrycpBMYzsyuXFhWOw%2FyUG2dLFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b662153aecd1786-FRA
content-encoding: br

GET
H2 200 font-awesome.css
ar.buddysecret.com/public/css/ 36 KB
8 KB 30ms
29ms Stylesheet
text/css 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/css/font-awesome.css?v=20211021

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a4086f6b01ea01e73f42b352500e1ee3fc4a3dba5a50ecd41485f70d661dc30

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-15-web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Mar 2021 08:53:07 GMT
server: cloudflare
age: 7132
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6da2-91f5-5bcb218a1a2c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L9a2HxlAmqsqOYMP6pfMaumj%2BkXlUdog1zIp9ori6o5Qjy7LHgQvo9fxwjCUcJikRB1J5IDaPnTWDk1lRhdGZBh0PpdDvFuiMB3DZj58%2B91FraIZwcxALjbG4ncLGULjnUZzj3JOxFc9FV4WHRLDhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b662157ce681786-FRA

GET
H2 200 bootstrap.css
ar.buddysecret.com/public/css/ 146 KB
22 KB 33ms
33ms Stylesheet
text/css 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/css/bootstrap.css?v=20211021

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a37ddc4e7e30ec2675c6d2e628b57efee02b9f3ed430e7172946bf04c1744648

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-15-web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Mar 2021 08:53:07 GMT
server: cloudflare
age: 7131
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6da1-24960-5bcb218a1a2c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wPm4RmuZuG7KRdRr%2FTvGrI1KRBeD1lkcPdGIaww60HubhrEXnhQ3vb9SjLuIm4UhCebTNRhFcTups%2FSbyvAovSDq43p47j%2B0l3IJh2YUbb7NBi4lxfRcdsndOtpOzQVmFdWfHJ%2BOYUX7eGJIU3%2FZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b662157ce691786-FRA

GET
H2 200 style.css
ar.buddysecret.com/public/css/surpriseforu/ 63 KB
11 KB 30ms
30ms Stylesheet
text/css 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63995e4b40ac12c30e1f77b63427b60cc3f613a1c441ee31d706b77e19c7d10d

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi--web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 21 Oct 2021 12:32:40 GMT
server: cloudflare
age: 7131
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b8dfc-fb9b-5cedc17254a00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GySOQtcSs%2BH99qiMxUaJcWVdGzXOhAEba4ybkhjpnovwhlUk7H82n6EUsveUtuLCmrvOsQ2rPq046IWw1FI25%2F%2FyjlOEHMC0V7u0Vnm4GkI5wEPsNLCNMzkS%2BpghKrs7gsEVuW%2F13iaVZCLdhRHzqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b662157ce6f1786-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
27 KB 45ms
21ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

545c4f635d9b7adc66a5d435227d5982d2cf1722cd19be7652d7d35da7f9298b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1059 / 182 of 1000 / last-modified: 1638289429"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26853
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
35 KB 54ms
24ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-192512597-3

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

61c3fd2c64523bd96f296343d66705a0f7310da8838d04a8203eebded15a2c12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36141
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 45ms
16ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-126527512-14

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5c65cb87e28c4ce2f1a9c66b6086c4607f24e7e90b5978b20668e45930a5794d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36221
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
51 KB 57ms
29ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06c7180ddf0e87166652edd905f3b793105243452b007373848beeced42d8ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51244
x-xss-protection: 0
server: cafe
etag: 14857694982754112191
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H2 200 css2
fonts.googleapis.com/ 31 KB
2 KB 40ms
15ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e9c2df2904ee0ac9a0dcc01dbb90666d1c1fd659891fcecba4aa7f64ee0406c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 16:33:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Nov 2021 18:27:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H2 200 Friendship_Diary_logo.gif
img.holaquiz.com/public/site_content/quiz/ck_editor/images/meta/Surprise4u_2/ 423 KB
424 KB 128ms
44ms Image
image/gif 2606:4700:20::ac43:474a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.holaquiz.com/public/site_content/quiz/ck_editor/images/meta/Surprise4u_2/Friendship_Diary_logo.gif

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:474a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a0182d790fb030792d5172ed46e0c8f17cedea697937210c6401f2ebafbe54e

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-205-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2916
content-length: 432956
last-modified: Tue, 08 Sep 2020 09:41:45 GMT
server: cloudflare
etag: "3730a7-69b3c-5aeca24a56840"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dPtN%2BOnrCboVbasKacN8txSTDzd7B8JIS5hYZouZEkOUJMRUC4ArzUVeoN3aPKpN0SeUyww2dKJm1llGF3WWPH8zJm6K6IYBhxte7SdZfOidK4iqMO%2BIl96PbUrw1yESvThlrWy6s6QwrrQSWIo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
accept-ranges: bytes
cf-ray: 6b6621589d8fd60c-MXP

GET
H2 200 language-globe.png
ar.buddysecret.com/public/images/surpriseforu/ 2 KB
2 KB 23ms
22ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/language-globe.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2dbe2f39143df839ba93ee3e1efb66efef7a5643533418cba03ea930dba3994

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-15-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7051
content-length: 2024
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d33-7e8-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLfTYOkeJ44Lzt1pG%2FnwZaWfoqqo6HTizQCOzyRV5jiDwG9ZXwU3gUv5bft4joH7bwkml5TNXN8EEuaA%2FkuvXT%2F6honmbREwziPDjRaDMxhLdEDMQgOlWF1gT8jqysRVERe6vbd5%2Fij9SOq0pfayBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b6621580ed11786-FRA

GET
H2 200 org_insta.png
ar.buddysecret.com/public/images/surpriseforu/ 3 KB
4 KB 34ms
33ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/org_insta.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

867a3dfd0f24bdafb2d1ddc6ba4378a3f9a86a237ca1f87d09431e897b689b5e

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-105-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7051
content-length: 3275
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d3a-ccb-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LeqgZLm6UPyVxOzLzFsQVUeMKpiIWG5Ez1BJMWOIPgT1%2FjsV%2Fp3qE4Ja%2Ftoj8YJ3f1KmkD9fghhR2bA9j8Z%2B3FNTdiC9koa%2F3ni6fuqNbu9g2tM5izCevQYIB7yWjAyfvPYJ8ie8IwYvHCBKAAYMIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b6621580ed21786-FRA

GET
H2 200 org_fb.png
ar.buddysecret.com/public/images/surpriseforu/ 3 KB
3 KB 22ms
22ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/org_fb.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2704ff90667427020bf5fbeceb2e833cd788f48f264fafda22f849720fd5d96d

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-99-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7047
content-length: 2665
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d39-a69-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ShRGbasgGwgzj3tAz6FBl0Uqbso%2BCLWTSnuZUPd0cQbV0ZESvwRGi4VNPn6S88ApwxUIhBtxxvTVl0q8Uoo%2FKpOe3e9SFup4NGzqerI5kWR%2BvnimKWsrQMORpvmXEIRjnXPhxeXZ3g6HMwLB%2Fl2Clw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b6621580ed51786-FRA

GET
H2 200 org_twit.png
ar.buddysecret.com/public/images/surpriseforu/ 3 KB
3 KB 25ms
25ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/org_twit.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

057b7168c0101329e2eb13ed62e1e0aeea75b85bb79869639f39cff092b52474

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-241-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7051
content-length: 2981
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d3b-ba5-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XtS0fy1WP4gUGS1tljLWi4hc%2BiuZbqiw8UDaqNBiMMK2hCJPIOoIEl0ZyAFv7ZOD6KcQ5uvh4FD%2BFWP48p0V2OmlQCBfAjffKzy%2FkkWyYbWEy47cNlCuuekQaDiS8iFDZk1BS7SrxSsBa5R3mxHGMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b6621580ed71786-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 165 KB
56 KB 61ms
34ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MBZ4PJR

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c478e1a238f508f9be64174da98bfd96c82ed2883e5fad80c3161e4b2adea1ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57551
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H2 200 pubads_impl_2021111701.js Show response
securepubads.g.doubleclick.net/gpt/ 345 KB
116 KB 17ms
17ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118578
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 09:34:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 37 B
77 B 37ms
17ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ar.buddysecret.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

817c8ade77fb6fbef328182d26d157ab3143d161586ec8beeab61ac3c95947a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53
x-xss-protection: 0
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
35 KB 34ms
19ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-192512597-3&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-126527512-14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ca4163da428c2b23783996707b6ec9ee047c4ebf7c74678309b6eb6a31714662

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36145
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-192512597-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5184
date: Tue, 30 Nov 2021 17:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 30 Nov 2021 19:01:07 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111170101/ 272 KB
98 KB 37ms
37ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7003191985075097&plah=ar.buddysecret.com&bust=31063835

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

fd69f716504125b2b566e9289774f0201621076b7b8666152a39e5f6f4f61421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100173
x-xss-protection: 0
server: cafe
etag: 8330183269024893456
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/ Frame 2B05 11 KB
5 KB 39ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 30 Nov 2021 06:55:30 GMT
expires: Tue, 14 Dec 2021 06:55:30 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 41521
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 40ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: urNMDw5gC/YItTZRG1qFg4bgyGK5m5GRFB+7lvgFFDF1p47fffKOk2MJ2RP0Qrr5Asf2c0OCDRt4tGAzFF/EnQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 30 Nov 2021 18:27:31 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 30ms
15ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1255180167&t=pageview&_s=1&dl=https%3A%2F%2Far.buddysecret.com%2Fs%2Fsync-quiz%2FbYV7&ul=en-us&de=UTF-8&dt=%D9%8A%D9%88%D9%85%D9%8A%D8%A7%D8%AA%20%D8%A7%D9%84%D8%B5%D8%AF%D8%A7%D9%82%D8%A9%202021.%20%D8%A7%D8%AF%D8%B9%20%D8%A7%D9%84%D8%A3%D8%B5%D8%AF%D9%82%D8%A7%D8%A1%20%D9%84%D9%83%D8%AA%D8%A7%D8%A8%D8%A9%20%D9%8A%D9%88%D9%85%D9%8A%D8%A7%D8%AA%D9%83%20%D8%A7%D9%84%D8%B3%D8%B1%D9%8A%D8%A9%20%D8%A7%D9%84%D8%A2%D9%86.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1891965577&gjid=1059085578&cid=2141826429.1638296851&tid=UA-192512597-3&_gid=1988784163.1638296851&_r=1&gtm=2ouba1&z=123871316

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ar.buddysecret.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ar.buddysecret.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
15ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1255180167&t=pageview&_s=1&dl=https%3A%2F%2Far.buddysecret.com%2Fs%2Fsync-quiz%2FbYV7&ul=en-us&de=UTF-8&dt=%D9%8A%D9%88%D9%85%D9%8A%D8%A7%D8%AA%20%D8%A7%D9%84%D8%B5%D8%AF%D8%A7%D9%82%D8%A9%202021.%20%D8%A7%D8%AF%D8%B9%20%D8%A7%D9%84%D8%A3%D8%B5%D8%AF%D9%82%D8%A7%D8%A1%20%D9%84%D9%83%D8%AA%D8%A7%D8%A8%D8%A9%20%D9%8A%D9%88%D9%85%D9%8A%D8%A7%D8%AA%D9%83%20%D8%A7%D9%84%D8%B3%D8%B1%D9%8A%D8%A9%20%D8%A7%D9%84%D8%A2%D9%86.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=605998356&gjid=270352109&cid=2141826429.1638296851&tid=UA-126527512-14&_gid=1988784163.1638296851&_r=1&gtm=2ouba1&z=915219754

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ar.buddysecret.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ar.buddysecret.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 205 B
409 B 18ms
17ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ar.buddysecret.com&callback=_gfp_s_&client=ca-pub-7003191985075097

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7003191985075097&plah=ar.buddysecret.com&bust=31063835

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

41d86f1b17cef4e47ca9fd5b4820fe692bf76857dcadcbf6fc801537de9dc699

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 193
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 43ms
18ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ar.buddysecret.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 43ms
19ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ar.buddysecret.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 66D1 603 B
67 B 55ms
41ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7003191985075097&output=html&adk=1812271804&adf=3025194257&lmt=1638296851&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32&format=0x0&url=https%3A%2F%2Far.buddysecret.com%2Fs%2Fsync-quiz%2FbYV7&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638296851316&bpp=2&bdt=172&idt=90&shv=r20211111&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5032859781382&frm=20&pv=2&ga_vid=2141826429.1638296851&ga_sid=1638296851&ga_hid=1255180167&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063792%2C31063835&oid=2&pvsid=2971943970888554&pem=13&tmod=1807876480&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=113

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 30 Nov 2021 18:27:31 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
441 B 72ms
18ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-126527512-14&cid=2141826429.1638296851&jid=605998356&gjid=270352109&_gid=1988784163.1638296851&_u=YEDAAUABAAAAAC~&z=1140270319

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ar.buddysecret.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 30 Nov 2021 18:27:31 GMT
content-type: text/plain
access-control-allow-origin: https://ar.buddysecret.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 eye.png
ar.buddysecret.com/public/images/surpriseforu/ 1 KB
2 KB 22ms
20ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/eye.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a174ccf426d2ec1fff5142f3c80d81af9374161d70a37c2f1b4f1d1ba56484dc

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-105-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4995
content-length: 1252
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d26-4e4-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ag285B9PB3scWMkIqRGBroUK3gVG9sE4xXUO7hdexgKWoB%2BzUh47k3Obpld1wFAtizpmlQ7QaT2cumFx4UkxTbQu1Ttbj9r%2B7I5XvY6y2fNpzl%2B3bw%2FMFyn5SpriSLYuR8pttW3%2BTBHSB9AgZDmJVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b66215989651786-FRA

GET
H2 200 quiz_save_loading.gif
ar.buddysecret.com/public/images/ 43 KB
43 KB 27ms
24ms Image
image/gif 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/quiz_save_loading.gif

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef46993c81da652e3c2581d2adab6051e1bd0570d7ce80f5e3ac2c6221a37a97

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-241-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4995
content-length: 43599
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b6e0d-aa4f-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcOK3H6RXLxYSO2lRwYN7%2FtHi%2Fg74ZwU5MIyyJQT6CaTk3S4zBvH5mKwAwhY5FvRjBykHE4so8F%2BtB5IrEElHo9a0Np4zwNvXy72%2FYoSGn4dCnPQbaEPBCrkyKgp0N61MBNDIk9f%2BwGjosg%2F7QiAcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
accept-ranges: bytes
cf-ray: 6b662159896b1786-FRA

GET
H2 200 BFA_Arabic.jpg
img.buddysecret.com/public/site_content/quiz/ck_editor/images/Ads/New_Ads/ 17 KB
17 KB 36ms
27ms Image
image/jpeg 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.buddysecret.com/public/site_content/quiz/ck_editor/images/Ads/New_Ads/BFA_Arabic.jpg

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03f404aa4c570a01e0b56ce048442dbdf0197f867a9be770ad11e744f2ca1494

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-205-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6520
content-length: 17450
last-modified: Fri, 24 Sep 2021 11:11:15 GMT
server: cloudflare
etag: "d160f-442a-5ccbbce42fac0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LkSkBIjBH1kfzU5eCq5BasPkMNSULroqUmi%2FrwVk6rOGAy13hD8imXxtHMu6O4ZHIOestsBSYIm2raBJMzi65vwP%2BUhc%2B%2B0XvwREe%2FLR4jRRcalp7s1pGEQfn4phhrO5wDQsq%2BG0KUZpJU9sO3Tk%2FU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 6b662159998f1786-FRA
cf-bgj: h2pri

GET
H2 200 footer_fb.png
ar.buddysecret.com/public/images/surpriseforu/ 2 KB
2 KB 36ms
32ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/footer_fb.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e6a925c14514938af5f2a7ac3aa70c29303ee4fc774297f041b0d6c54aa4f96

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-15-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5212
content-length: 2202
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d2a-89a-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1UsFRedrpyBrPdMv2NJNlsyaptwzi9YwIQAPkkTZ9Hb4kdG9uVoasJ9XWVBKh8qpii4dJ%2B8PFQGxngUmZ%2Bmdwt9glArMOqt3UPxoG2DSginfqJInzKa0fTtJite12jalxFBHRlio%2BCmRDSdHUcLHdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b66215989781786-FRA

GET
H2 200 insta_blue.png
ar.buddysecret.com/public/images/surpriseforu/ 4 KB
4 KB 36ms
33ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/insta_blue.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6331c5900664a5587812ca27b9e8c52f122e8a8653578c8911e2994d822d7b6f

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-85-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5212
content-length: 3787
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d31-ecb-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B5BTsOtsGCgdC1p%2FvXOMepMdQEx6%2B9mc%2FFKrsZC0MvVhfwbXGpyWqA24JfKrouBI99qAOOjNNvp4WlINAv44dyEmdE85yic0%2Fz8dROvnHp0qIDjMZipovzfpMS7E6HoHvAWMHoxZMpm1BgwUSoxXQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b662159897a1786-FRA

GET
H2 200 footer_twitter.png
ar.buddysecret.com/public/images/surpriseforu/ 4 KB
4 KB 23ms
20ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/footer_twitter.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d99a9d19d0eb3e8981ded12b6101f63860b1514ac1f2f34a1ba33933127afd83

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-15-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5212
content-length: 4050
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d2d-fd2-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=92vOfDaN4cFXOmwdzIVLzGUN8c39LJiiBJpyfP3suxxBGSi%2F%2F7tzNLp4qL2Cgg%2FHmySBQF%2FqQ%2BjXqTA1%2F0LKnf0M6NS2PGtq%2FwP1eajZBUefjIS8IuMtUHCDbXU6p3nIQOTwCdcKDV74HbMXsy4fzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b662159897d1786-FRA

GET
H2 200 email-decode.min.js Show response
ar.buddysecret.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 15ms
12ms Script
application/javascript 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Nov 2021 17:32:49 GMT
server: cloudflare
etag: W/"619bd441-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QQUyz2NGGxH8KjY5GL8DyNRn1nAXRXe9Ht01ue4qtipbuOm1G%2F3xZ2a2ge4c%2FOwbrzQhaiM1n0%2FA%2FjV1GpWyArN9EUKe%2BiwNrEfAqW1hNjWzjAYyGjoTmncrpIb2lUeHl7TELLZTCMUIVq6ID6IXQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b66215989741786-FRA
vary: Accept-Encoding
expires: Thu, 02 Dec 2021 18:27:31 GMT

GET
H2 200 jquery.min.js Show response
ar.buddysecret.com/public/js/ 94 KB
34 KB 35ms
33ms Script
text/javascript 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/js/jquery.min.js?v=20211014_1

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-15-web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
age: 7130
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6e36-176f8-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2IPoO9XJL940V%2BnJWtDYWY5Cuo63ID8Pvnj%2BkNlA6q72Ej%2FbOr2DFS2tazlE0DygxKjLq3p9%2BVSkBM5cJFV3fjX1usE1L3ufqGbZpyDLO6qoY0k8r7ggJB502%2FhzE1t92i6nNSDImAF7KqFbosYnQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b66215989751786-FRA

GET
H2 200 bootstrap.js Show response
ar.buddysecret.com/public/js/ 65 KB
15 KB 24ms
22ms Script
text/javascript 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/js/bootstrap.js?v=20211014_1

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47bf6b2e0bb21849f205a4f2d90c8e40b2773f3fdf4c764471cd050ef0a87378

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi--web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
age: 7130
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6e2e-104ac-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jhf%2FV6GcJfVnfcw9jE4BvaA6OZICn1Th9M7veY5bsjiN1DfJNHooL%2F5Tk8QZ2DsdLSWJ4qWTCyAozmDFsMsFAIcrfCXXHRcJ0zonOwZyHHEJpt%2FZmmwGNjai4ILToayTYspz0V2cy2%2BR%2FV0cFbugAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b662159897f1786-FRA

GET
H2 200 angular.js Show response
ar.buddysecret.com/public/js/ 114 KB
41 KB 42ms
40ms Script
text/javascript 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/js/angular.js?v=20211014_1

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c72c5cdb8ee97ed1e23f49f9cc0884c795f9c70e85a566453d9701f12cebfe9f

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-105-web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
age: 7121
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6e2d-1c61c-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ep35xzZ1verKYlsAQxxyCd4XIYhLd5r3Ac1s%2FHyUzDA1yOwbIR7hHYnunyU0Vdbw7O6bkdlWIqpz%2B5X2rVBefWZMowQlUfwP2IJZfyDwqx4eyq%2BksydYmOGLPe9Z5hXa%2BPaUBufoUOtuydYIod28Ug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b66215989811786-FRA

GET
H2 200 angular-sanitize.js Show response
ar.buddysecret.com/public/js/ 21 KB
7 KB 22ms
21ms Script
text/javascript 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/js/angular-sanitize.js?v=20211014_1

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db668b70fd0021a224a50338fc80f62881fc5e678e84987ff62785d86ab3f320

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-15-web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
age: 7130
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6e2c-5536-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gQTKXrp0sZZzdcn%2F9l6MbD6ZFeioOywChqJmuBQyRoAfAYlgwEjnVY1muK1oncJT3LgKf4OR4lI401ADK3eHupESyG%2Brkx7xZZykxL4ZCzxQMbjzDpY%2BQK6%2FfvUXPLdQDxpxvj3aTq4TAUdDnXKKWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b66215989821786-FRA

GET
H2 200 s_a_cont.js Show response
ar.buddysecret.com/public/js/ 75 KB
14 KB 30ms
28ms Script
text/javascript 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/js/s_a_cont.js?v=20211014_1

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

617c5e5c66e961c0c071829a62b53de51201104b5fa8cf40e65e4a2f770be30d

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi--web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 21 Oct 2021 10:50:21 GMT
server: cloudflare
age: 7130
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6997-12af0-5cedaa93b9540"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wp9ucgcmFPdpL2BAgJOnDCyVevZGIPgDq95mC%2BLGcgku2jcvVvBYNVQ8EvdpJdZjlljBlhbgk8ibklxNrsDbUWFvjZ3YI9Rvf94X5DkboGjG3xgzoktni183wb6HNWk6svtJEHdga3BCoPvUs2z7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b66215989881786-FRA

GET
H2 200 s_a_ser.js Show response
ar.buddysecret.com/public/js/ 5 KB
1 KB 37ms
36ms Script
text/javascript 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/js/s_a_ser.js?v=20211014_1

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59b93c82b31f94350aed274ec1f3f7bf3b0f561950cd72fe503e8b205de8fec8

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi--web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Mar 2021 08:53:32 GMT
server: cloudflare
age: 7130
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6e39-13eb-5bcb21a1f1b00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hB6tZRUYCAsrQjHMjep8Uz0s6YR5spOfUSeJxpyO6dhHx%2Fey0wkE2ms2TaBa6y6F5JQziuhvccdgJxiwfumPaEITNBkaT3GUb5r8cocl%2BcMnpK1Hw%2Bo8T%2Bcn768y1Hk7%2FixMVfV%2BfbfeX0BBQKqWSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b66215989891786-FRA

GET
H2 200 site.js Show response
ar.buddysecret.com/public/js/ 23 KB
6 KB 41ms
39ms Script
text/javascript 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/public/js/site.js?v=20211014_1

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e3b1ad125d4c3daef55da2885c835d550290f32d836aa736585726964f11551

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-244-web
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 12:35:00 GMT
server: cloudflare
age: 7101
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
etag: W/"b6dac-5cdb-5ce4f4e99e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mQdYLsKE%2BD8k3G3H3N8DIhuBUaOFkMmJEtLgmnqPaC1E77Np4eDN9Sv5UfB7UassAUUi82f%2BI4oWlXhukcHwaSgYtNxLNy%2BYXzBxiXda%2BxtlOdNX9t7LSFeQECCOHAX6%2BMFL9vHb3NitT%2BIV8qMLGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b662159898b1786-FRA

GET
H3 200 945539802949696 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 20ms
10ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/945539802949696?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

83f9ce2e0b4d93d550ba7e04ab39028d6c34ddb98ec6f0d80aa1095a5b1f5902

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 88887
x-xss-protection: 0
pragma: public
x-fb-debug: WPVfx7d/uWxMr29bzh4TF2JukEiIrDdl7z2Xyux0UlFNmJOCIY3r0XugvL2L3R7PUfXGhP0YRF5eUJ2qKxoVJw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 30 Nov 2021 18:27:31 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ar.buddysecret.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ar.buddysecret.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 261 KB
72 KB 371ms
370ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2971943970888554&correlator=1134699520318498&output=ldjh&impl=fifs&vrg=2021111701&ptt=17&sc=1&sfv=1-0-38&ecs=20211130&iu_parts=38924784%2CBuddysecret_ATF_300x250%2CBuddysecret_BTF_300x250%2CBuddysecret_320x50_footer&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=300x250%2C300x250%2C300x250%2C320x50&cust_params=page%3Dsync_quiz&cookie=ID%3D65d087dcc9da94dc-22702d0817cc0052%3AT%3D1638296851%3ART%3D1638296851%3AS%3DALNI_MYmF8sOmabPnu61rTpgE7xe_cFFtA&bc=31&abxe=1&lmt=1638296851&dt=1638296851535&dlt=1638296851144&idt=203&frm=20&biw=1600&bih=1200&oid=2&adxs=-9%2C-9%2C-9%2C-12245933&adys=-9%2C-9%2C-9%2C-12245933&adks=966353224%2C1485853034%2C2986976129%2C4166104311&ucis=1%7C2%7C3%7C4&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Far.buddysecret.com%2Fs%2Fsync-quiz%2FbYV7&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C0x-1%7C0x-1%7C0x-1&msz=0x-1%7C0x-1%7C0x-1%7C0x-1&ga_vid=2141826429.1638296851&ga_sid=1638296851&ga_hid=1255180167&ga_fc=true&fws=2%2C2%2C2%2C640&ohw=0%2C0%2C0%2C0&btvi=-1%7C-1%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

0aa797faa0078de54dd4e36f71084a713aa078d9c703ea68ef8251f64c1042c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73592
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ar.buddysecret.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5EF5 6 KB
4 KB 91ms
15ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 30 Nov 2021 18:27:31 GMT
expires: Wed, 30 Nov 2022 18:27:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bYV7 Show response
ar.buddysecret.com/s/other-user-stats/ 238 B
474 B 637ms
637ms XHR
text/html 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar.buddysecret.com/s/other-user-stats/bYV7

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/public/js/angular.js?v=20211014_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b6abb0dadb9863be72d7a9deed67bc2094ca99135c5896d8150596b695b5b17

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept: application/json, text/plain, */*
Referer: https://ar.buddysecret.com/s/sync-quiz/bYV7
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-213-web
date: Tue, 30 Nov 2021 18:27:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTNMAGCphklPFmf9spYO9Ob87SONOji1EeFpIEp58FIsu7aW%2BvM3c1NkdYZB%2FrRHS0AvpC%2BN9ojOOxEYcRzHF%2FHZwHh9u0qIvVZ0HzLhaqs%2B16N7%2Bnlln61arkRKot2aAXo6l7woYUx1uEW9mWEdRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 6b66215a4ad91786-FRA

GET
H2 200 paper_background.png
ar.buddysecret.com/public/images/surpriseforu/ 1 MB
1 MB 22ms
21ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/paper_background.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf5694b365ccfafd151d2195c9aa52e16a58f65fb5121f5aeabcb1863002a740

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-105-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7050
content-length: 1098608
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d3c-10c370-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IrftEwGEDVQncMaWaH%2Br77spOL8ryx1ypm76DAZH19MgtplCAvCe4ErHoPmnvCTgw9vEVo28O8D35dlhbEfpe6QtDZhVkt6EiYrZDzToflcpekvAHWnvEvUpLDNDGxHi38Qi%2FsREMQ8pbRcq9sVEjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b66215a4ada1786-FRA

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
20 KB 59ms
9ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ar.buddysecret.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 07:59:11 GMT
x-content-type-options: nosniff
age: 37700
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 07:59:11 GMT

GET
H2 200 hearts.png
ar.buddysecret.com/public/images/surpriseforu/ 4 KB
5 KB 25ms
25ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/hearts.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78ca0005131ba25ff6cd2b6c2f9c877550411b65ce8d3ea2dfd5853f97ed70ad

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-155-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6681
content-length: 4607
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d2e-11ff-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2B1QUjhWG%2FDuhixiyIRY7bTS3LPEoRpGuZer7d743kSEA%2FBvE9t73Qd%2B74KoAkMOJOBBkpCCWshr45EvQQMcMdiQCoWBFE3uMbNkuLc%2BjsBVuaqrEzKS6T1qdq%2FaaXakKxZi1twM2pnK6Q5oPmWuKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b66215a6b001786-FRA

GET
H2 200 tape.png
ar.buddysecret.com/public/images/surpriseforu/ 14 KB
14 KB 40ms
38ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/tape.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d76195d14edb2e4ff1482ec8fc09b9a0c7478cb78a6eefe681679a81e2a13489

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-253-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5205
content-length: 13892
last-modified: Fri, 30 Jul 2021 13:38:56 GMT
server: cloudflare
etag: "b8b47-3644-5c857574e1c00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OOgvkxcMlHjxZc%2BQ4qkjMv%2FlqcD%2BHLEAGqdWT0ejw1J4DSalXIk2pbkZPvUi9DtA8z0ISl4Ychu0RT%2FqfUqkSMQfuxcyie9rs0bsOIYB3o0PlICUSwy97QMLGpyeWZKOZG0f4YLP3w%2FKmrBB9vLOPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b66215a6b121786-FRA

GET
H2 200 left_leave.png
ar.buddysecret.com/public/images/surpriseforu/ 6 KB
6 KB 41ms
40ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/left_leave.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e8ff9d08b89fbc34c9f5276f7fca3e6b35158a9ecb46ebfb02c2091f8c9ee3e

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-241-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4884
content-length: 5685
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d34-1635-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DLb5jGGoqbf8kG1VU4J%2BfYlxldFgcOI1D%2FgGwno5OJAdRkP4fQ4T2u0YjccRBD6aq%2F0ubVYl3q%2BUoP38D7qMKK66u88z1MZ4mtcmdPOmM1j%2F%2BohgPQY5evs7RAo4Wxkf4%2BfgfjzXRnllJIlQPQPkFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b66215a6b151786-FRA

GET
H2 200 right_leave.png
ar.buddysecret.com/public/images/surpriseforu/ 6 KB
6 KB 39ms
38ms Image
image/png 2606:4700:20::ac43:47b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ar.buddysecret.com/public/images/surpriseforu/right_leave.png

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fca90ac490ef65a43a3d1d4d9d53baa42502730532c7d9570f84efc09a101746

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/public/css/surpriseforu/style.css?v=20211021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

server-host: as-hi-81-web
date: Tue, 30 Nov 2021 18:27:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4884
content-length: 5785
last-modified: Thu, 04 Mar 2021 08:53:08 GMT
server: cloudflare
etag: "b8d3d-1699-5bcb218b0e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sr7vx11EJZ%2B6y3OqB4xzt7z1QRYX3KqKNmgpdQuHyw%2FcK%2ByinoTLYSUF6CSNz0epREoXw6FgUU8VcTrh95jDdDkfcOi2Dr4hsrLTjqAJvF8lBSbhtgRuNtZyKKmHmBIxxCdT92eZLg7BfSdaBPyXDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 6b66215a6b161786-FRA

GET
H2 200 JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
20 KB 63ms
22ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13eb615165c92892fcd46e01782dd0fc52d36f236f883aad488c2cf4dcf9206e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ar.buddysecret.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 21:15:27 GMT
x-content-type-options: nosniff
age: 76324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19868
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:31 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 29 Nov 2022 21:15:27 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
19 KB 68ms
28ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ar.buddysecret.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 10:02:14 GMT
x-content-type-options: nosniff
age: 548717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19824
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 24 Nov 2022 10:02:14 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 40ms
16ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ar.buddysecret.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 13:18:02 GMT
x-content-type-options: nosniff
age: 364169
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 26 Nov 2022 13:18:02 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_epG3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
19 KB 44ms
25ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_epG3gnD_g.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ce2f8643f80018e1c4f5dae8adadbd552256fbab5e4409672cb2e060aada574

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ar.buddysecret.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 18:06:39 GMT
x-content-type-options: nosniff
age: 519652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:21:29 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 24 Nov 2022 18:06:39 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 15ms
14ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1255180167&t=event&ni=0&_s=1&dl=https%3A%2F%2Far.buddysecret.com%2Fs%2Fsync-quiz%2FbYV7&ul=en-us&de=UTF-8&dt=%D9%8A%D9%88%D9%85%D9%8A%D8%A7%D8%AA%20%D8%A7%D9%84%D8%B5%D8%AF%D8%A7%D9%82%D8%A9%202021.%20%D8%A7%D8%AF%D8%B9%20%D8%A7%D9%84%D8%A3%D8%B5%D8%AF%D9%82%D8%A7%D8%A1%20%D9%84%D9%83%D8%AA%D8%A7%D8%A8%D8%A9%20%D9%8A%D9%88%D9%85%D9%8A%D8%A7%D8%AA%D9%83%20%D8%A7%D9%84%D8%B3%D8%B1%D9%8A%D8%A9%20%D8%A7%D9%84%D8%A2%D9%86.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=New%20-%20User%20Friend%20Side&ea=New%20-%20%20Instruction%20Page%20Visit&el=%2Fs%2Fsync-quiz%2FbYV7&_u=aEDAAUABAAAAAC~&jid=580847417&gjid=62335211&cid=2141826429.1638296851&tid=UA-126527512-14&_gid=1988784163.1638296851&_r=1&gtm=2wgba1MBZ4PJR&z=1949119995

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ar.buddysecret.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ar.buddysecret.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 42ms
21ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-126527512-14&cid=2141826429.1638296851&jid=580847417&gjid=62335211&_gid=1988784163.1638296851&_u=aEDAAUABAAAAAC~&z=991281204

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ar.buddysecret.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 30 Nov 2021 18:27:31 GMT
content-type: text/plain
access-control-allow-origin: https://ar.buddysecret.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 23ms
23ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211111&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

b1db2e66d8877975bef3afeaf21d5ebb4cfae604af1b4df53025553b4ef76e31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9259
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 42ms
18ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 0E83 12 KB
5 KB 27ms
6ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Tue, 30 Nov 2021 18:24:09 GMT
expires: Wed, 30 Nov 2022 18:24:09 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 202
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5108 783 B
1 KB 40ms
17ms Document
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0a493eb1e92e6053cdd32039a38f2359742cf660c9bf396288b8e9deeb6cf114

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-peHwglyKmclNzErmecskgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 30 Nov 2021 18:27:31 GMT
date: Tue, 30 Nov 2021 18:27:31 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-peHwglyKmclNzErmecskgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 509
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 0E83 35 KB
13 KB 7ms
7ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 12:27:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 12:27:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5108 0
0 72ms
72ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211111&jk=2971943970888554&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 container.html Show response
156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 11D2 6 KB
3 KB 23ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 30 Nov 2021 18:27:31 GMT
expires: Wed, 30 Nov 2022 18:27:31 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0155 624 B
297 B 21ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNX0wxeEidOtToWPor9zhGuaTewQEYES40Ler3Tcccdyw4S4gPqR6UNNNLcZ9B7qyDrgXJtziZqb0467tzaPZdfQsrzfcmmE16XfUvv5s6tE1OTQgOyBUpHYg9Q0xN-kaDBqQmisOgnZMmCXhks6r5PpcWtvSFgTVsNgqi7rJiXL21jEtKI

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 30 Nov 2021 18:27:32 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 11D2 25 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcHDVOj6cUX_w5YrbsEQa5UE2PPut9g_ZWoBL_TxvN7IgSMC2cEavY5GM6t7zpK4Y8Mz_mkzoRJ0F7_zt0vy5JtBlxLRPoZU4dr_mGSmhJLug3Z6ne9j0B6uPGN_zr2QRFWAv30A99tdRNCNUJneY2qeLpOw&cry=1&dbm_d=AKAmf-C7bGXO9EcG20LGKQ6uyrWtLKx5pDei47K9Z-A64k_U9TphDV4QJyXwGRomIEv-sLZYda1yQDaO27qsLH-NpBu0ZdlIo5Uqr8tidyD58NY3cpot6LjRbivfPcv_0O47ujyLgQyvw4AmX1VgX6wgva4iYMIJRAyUl5SQ34UAO492-y_cSDH_SoMVSCQ9Bhy2PnV9cgMVXS7426uIW4gPKiXcR8SyMFbTel3kR8cZ3Q2KDStiuj4n3Epgcg6OtYRuaPBQxHXzVWtG6izNRiReBsw2X1D13UgiHkFFtvmMp3VA5ivJnjAhkklM4XIpSPQxHL2-u_tSfY51dEvaZgrWn8BB9kOlBoMyVNyxQ2tcb-yh4jyqIVbYOoUYUjVRU9rd13M1KCYDf4Szfj_aLqeR5USMr5OS2kfsMFs1hBmLa2CR4399StxyPinGMkgfKmMDmPECb_5oqjHABmTDAJD3PTL98tMjpBGZNiHf3yj92j6z5Xe_-cZGg-diaA24Bu3jS_RykVZO1fcB6ylfHYswWgf_Vk2I74d8V3aWtHxKAefVTy3tOgI8RBJVzZkO3XzDNr4ylElTuKRT7w1z1g1NnN6dUSV_nzCisozCx0KOQTUWxAYh22MgQ0y48NJizOoOHu3qBKXmwdK7n_8Iz0Wga0E1dDzpblgra_HN2f5EBIzOs4YYIQslRVbxFAg8KBntcFbHuMXt6RXe5OeJrH6SyNojvJNmWcGsIeJzz0s0uC7xIWjAL2puC9yOdTwi5Z2zFtLTHDYokmeOHvESV0bphSwznWuUAynS1VmzE74x3xwkfexRA2O9i4ifPK7rLxrLQoTNnzgHajL4no0hwmD010TfvfGdWjkapO0CxscLy3XVT_iDVcifSZyWK3mYctFACDNDksoLxxsM7vz6GOwZD2cqixnH6pDselnvNl_tjBTmikrIir248K3c4l8C3eZzVTNGYSXiwVGJROxV_XrqmjYg9akrwiq_R1mSQRh7LKzUKgolOm4RVdn8beVcEvJEyS5vFC-u-zP8PHeuewOF4pHRHmnlfnfOhV_P87lPFxsGvymF1NpyImTTJquCEQdRGvzAV_-5f9IwcWdo9y4Dx-FQiWeY4Z_BaiJj_FVsBOTqf4-Az-cb588lK4IwGIClS3cbUBaAINQXQjnunM7pR1GP9ppYxbOMiWD9qIBdPyiUde5PxLvuVvKxR5ZgjXjOJCCnUEEvcXNkjufaRcvOzWfBNwwLU94bOy0hP1IOAQ3q_uGj1pMg2pn2MeWrEq8dHR4Rm0HJsiyFJ87ulWPl0OlckS36888mgqQsbLJEGhd_N_uJMM9_dc91p_OBnr-HmbFZSV_SNAdOro1x6e27mpqZWVClKsTpGAt_B0GDAlUqxr5p6T7kyu9qodaIS45lXi9TEm2QV7EdYC6FbGJz7lg4M-PmeFL_ymY1aNLkBBV6NHcfyJ19mWMTrxetRf-z-jsv0KujXhwei-v4O0vLRNMBkjC1yCB_pX0RFaT8-jz9IdtMPBpoiKISRwhfzJhpOVFKSsVe-udMtNdDx5EIXkpI26JoogNvGKHa5J7LjehgSIOu6olXkAN3ZPvhKgg1bVmuAuKyXr9sCbgZMtCVFsyeGFJQfn1S0u0XZaOsOiPeTUv78rrT_yAYQKkIdoHB2e1WpL3VueOrcZn5C8pJY6F9c8YIVqwthOarMtysEdTsw3I-d3y3BPwWnmpHkKfmhonotzpTRZQzYfmYJjYB2Jwx9LUbgEStwRcoijMDbPu_wH33fGlmOvLCtFCjQWZtoZ0_JWyOvM31VG-gltBQjCAneLPZMCTlZyoMKLu-6tGTWaoahZENrfqpKDiDoAY-YXJlUUC5aX7iFr5aKrEjVesregsYi0lT3ryBX_V8KjRZ-TdOrXDL3EN_guSj5tLYmyFhzqLzzhk-_C1pJkeQTalvydXZmmiIZNmqWnT7ae4splY6eNCAkWC_lhHGf-MqAgdpsTtxDXx7zF9rC1CIR4yAnO4bLHUzdlz8YL3CN3qJkju4TmQwuNEZjCiXEkqkODcdN9qplqXkJ4frdxVaG4ssQJFh6nI6hLR7LPevtJrRirTcGziY9PxJFZwJJhz_rsPCBdhqwHeWJG0IuKH_dj_-vVCGO_SMeHa_X4Wnp_J7M2RgJyQQJQqZPWW8iYWGnELMrKuFQg9KX25836ZReeOfJ92CvVhXRvKrW5pS7hmc_mgljYhDKl4WwCcXdlVmYnN_CrldFwclqslS6Blep99iAosFJBESiVUhdNZB3yeDkFpVcJ_9HKn7racxQy9C4QFaOjgojkHlIQRxwP1kyHrpYFdOQVvLRIaRQq98L9M-JEqg9jtA7Zm9UGC_kUReiFOtykNcePqpbEoxpTFDNTGoS_895_JSBSdKzIayn0rokiwMozf9OkLbdn7jiAFyMbamOATpvrKKkDRRu6a6wPHd64v92S1DS6zv5fJvk5nc7wXgVBJXhb7-aZbt0XnSFGcUvXFw2XrDU3o1Df24HlokfLEqV148vqYAx4pdrMbnjBz6xNx7GH2yf63y3V0yuyrndkcMYAkUJzcqj0YGqTgCi0BdlFoKdr5aq0A9n_flBMmbeXZiYiJcbaKRcRV8RWPmPasTi_HADBOoUivQFRzDHObTzuDS1T80IZUH7oMGT0dLOUU_NABiqPCD6p8-WblOymoSWUgWffryvRFQjrgNfNSIkwVMSjimtKne9zYvDSyEu-dgaEKEAdbYeS_KWCqC9ijRVDnfwkvdl-x31bUwjdZ-rm2ddSJx94TIYOumEFbtOmHslyKc1Evr95I0QxiVTlVoLMNkgAB3iG1pt-W2CSa2PdhkZuESR9W4ZMhzF1vFMXI7M93gvfF8V06MOhcKkg6rk0Nfzy_oIazT4KZTiQX95r-wS40EIy3bA5uU_zM0Rv-cQFFr6taAcM0R0Nc7F451R5G-QJAyqZaQS9FkiAQz6oLvmaqSnwwZ6xIQHq6ZlGetqjiaqeb2G_FYfZYuiJz1PLSmo58Sv_Jx5LY6nC5AUJuW34OjrgD9rLjG6B5Nr7VQWz_oIXNYsYzAgQQDk1ILQOk9ZwYq_qB0xoG5VxS2OzW0M9FeLbSw7t48MJU8WyjHeHQtfc878yoZwLSQkFYuSYWnJ4Nu3A0y7tS6dtwNd7xVjqeGB4K4IjpNY_X99UEGXpVeSmaLtxUsbL1rbTS-Sy4XnRve6b9-OD4-Pa4nP_py-hNs1qXR5k3IdQVU1ckx--64MVXXsITeB-Ip4SPLQWH4Yi6pNEcbRLTFigvc01rMyAZW31meaccyFZbalkuzX1o-m5HFZByuI8i9tkSiRaJ1QTGIUiEm7N5_tDuiKsDVWYiSNHBqy2Qf2hUG4PLDSyAWxUNvcgROHdf0AMurze5jxhDJUR-OMB6Q0HHtlOfkTBAIzYtzoy0j7Kb1mFIKsIcYVvRsk1ndNMFYF5fO7c2MESJD177K07xlrvD1uQ&cid=CAASEuRoU-nC4rvncEFlwEfB-2Y1pA&rfl=1%2Chttps%253A%252F%252Far.buddysecret.com%252F%240

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfc9985969537ed029862d2d7a223fae3343ac3de9da596a13073354876dca83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14872
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 11D2 42 B
63 B 42ms
41ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DE6M3VYX7z2jGFqHnapkxBLYxgkaUBxCCpHbR4nry9DkJna84YxWOUp62mmHqDOf0Iy7ij0Nf2CaNKEEHAtiGqKaFx259shl4s4hLwEr83HfOwznk

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 11D2 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:23:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 271
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Dec 2021 18:23:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 11D2 119 KB
37 KB 45ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 18:27:32 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 11D2 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Dec 2021 18:26:33 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 11D2 0
0 32ms
15ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR1pMMJqrb4jIsQEaVRJBoo_KONlAbyMwXnr5R43MvWlOewadeiFDk6R_sz2Zy-Ea7xvG704zAFdEmUms2bX98lYuPCNw
Requested by: Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 11D2 24 KB
9 KB 7ms
7ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcHDVOj6cUX_w5YrbsEQa5UE2PPut9g_ZWoBL_TxvN7IgSMC2cEavY5GM6t7zpK4Y8Mz_mkzoRJ0F7_zt0vy5JtBlxLRPoZU4dr_mGSmhJLug3Z6ne9j0B6uPGN_zr2QRFWAv30A99tdRNCNUJneY2qeLpOw&cry=1&dbm_d=AKAmf-C7bGXO9EcG20LGKQ6uyrWtLKx5pDei47K9Z-A64k_U9TphDV4QJyXwGRomIEv-sLZYda1yQDaO27qsLH-NpBu0ZdlIo5Uqr8tidyD58NY3cpot6LjRbivfPcv_0O47ujyLgQyvw4AmX1VgX6wgva4iYMIJRAyUl5SQ34UAO492-y_cSDH_SoMVSCQ9Bhy2PnV9cgMVXS7426uIW4gPKiXcR8SyMFbTel3kR8cZ3Q2KDStiuj4n3Epgcg6OtYRuaPBQxHXzVWtG6izNRiReBsw2X1D13UgiHkFFtvmMp3VA5ivJnjAhkklM4XIpSPQxHL2-u_tSfY51dEvaZgrWn8BB9kOlBoMyVNyxQ2tcb-yh4jyqIVbYOoUYUjVRU9rd13M1KCYDf4Szfj_aLqeR5USMr5OS2kfsMFs1hBmLa2CR4399StxyPinGMkgfKmMDmPECb_5oqjHABmTDAJD3PTL98tMjpBGZNiHf3yj92j6z5Xe_-cZGg-diaA24Bu3jS_RykVZO1fcB6ylfHYswWgf_Vk2I74d8V3aWtHxKAefVTy3tOgI8RBJVzZkO3XzDNr4ylElTuKRT7w1z1g1NnN6dUSV_nzCisozCx0KOQTUWxAYh22MgQ0y48NJizOoOHu3qBKXmwdK7n_8Iz0Wga0E1dDzpblgra_HN2f5EBIzOs4YYIQslRVbxFAg8KBntcFbHuMXt6RXe5OeJrH6SyNojvJNmWcGsIeJzz0s0uC7xIWjAL2puC9yOdTwi5Z2zFtLTHDYokmeOHvESV0bphSwznWuUAynS1VmzE74x3xwkfexRA2O9i4ifPK7rLxrLQoTNnzgHajL4no0hwmD010TfvfGdWjkapO0CxscLy3XVT_iDVcifSZyWK3mYctFACDNDksoLxxsM7vz6GOwZD2cqixnH6pDselnvNl_tjBTmikrIir248K3c4l8C3eZzVTNGYSXiwVGJROxV_XrqmjYg9akrwiq_R1mSQRh7LKzUKgolOm4RVdn8beVcEvJEyS5vFC-u-zP8PHeuewOF4pHRHmnlfnfOhV_P87lPFxsGvymF1NpyImTTJquCEQdRGvzAV_-5f9IwcWdo9y4Dx-FQiWeY4Z_BaiJj_FVsBOTqf4-Az-cb588lK4IwGIClS3cbUBaAINQXQjnunM7pR1GP9ppYxbOMiWD9qIBdPyiUde5PxLvuVvKxR5ZgjXjOJCCnUEEvcXNkjufaRcvOzWfBNwwLU94bOy0hP1IOAQ3q_uGj1pMg2pn2MeWrEq8dHR4Rm0HJsiyFJ87ulWPl0OlckS36888mgqQsbLJEGhd_N_uJMM9_dc91p_OBnr-HmbFZSV_SNAdOro1x6e27mpqZWVClKsTpGAt_B0GDAlUqxr5p6T7kyu9qodaIS45lXi9TEm2QV7EdYC6FbGJz7lg4M-PmeFL_ymY1aNLkBBV6NHcfyJ19mWMTrxetRf-z-jsv0KujXhwei-v4O0vLRNMBkjC1yCB_pX0RFaT8-jz9IdtMPBpoiKISRwhfzJhpOVFKSsVe-udMtNdDx5EIXkpI26JoogNvGKHa5J7LjehgSIOu6olXkAN3ZPvhKgg1bVmuAuKyXr9sCbgZMtCVFsyeGFJQfn1S0u0XZaOsOiPeTUv78rrT_yAYQKkIdoHB2e1WpL3VueOrcZn5C8pJY6F9c8YIVqwthOarMtysEdTsw3I-d3y3BPwWnmpHkKfmhonotzpTRZQzYfmYJjYB2Jwx9LUbgEStwRcoijMDbPu_wH33fGlmOvLCtFCjQWZtoZ0_JWyOvM31VG-gltBQjCAneLPZMCTlZyoMKLu-6tGTWaoahZENrfqpKDiDoAY-YXJlUUC5aX7iFr5aKrEjVesregsYi0lT3ryBX_V8KjRZ-TdOrXDL3EN_guSj5tLYmyFhzqLzzhk-_C1pJkeQTalvydXZmmiIZNmqWnT7ae4splY6eNCAkWC_lhHGf-MqAgdpsTtxDXx7zF9rC1CIR4yAnO4bLHUzdlz8YL3CN3qJkju4TmQwuNEZjCiXEkqkODcdN9qplqXkJ4frdxVaG4ssQJFh6nI6hLR7LPevtJrRirTcGziY9PxJFZwJJhz_rsPCBdhqwHeWJG0IuKH_dj_-vVCGO_SMeHa_X4Wnp_J7M2RgJyQQJQqZPWW8iYWGnELMrKuFQg9KX25836ZReeOfJ92CvVhXRvKrW5pS7hmc_mgljYhDKl4WwCcXdlVmYnN_CrldFwclqslS6Blep99iAosFJBESiVUhdNZB3yeDkFpVcJ_9HKn7racxQy9C4QFaOjgojkHlIQRxwP1kyHrpYFdOQVvLRIaRQq98L9M-JEqg9jtA7Zm9UGC_kUReiFOtykNcePqpbEoxpTFDNTGoS_895_JSBSdKzIayn0rokiwMozf9OkLbdn7jiAFyMbamOATpvrKKkDRRu6a6wPHd64v92S1DS6zv5fJvk5nc7wXgVBJXhb7-aZbt0XnSFGcUvXFw2XrDU3o1Df24HlokfLEqV148vqYAx4pdrMbnjBz6xNx7GH2yf63y3V0yuyrndkcMYAkUJzcqj0YGqTgCi0BdlFoKdr5aq0A9n_flBMmbeXZiYiJcbaKRcRV8RWPmPasTi_HADBOoUivQFRzDHObTzuDS1T80IZUH7oMGT0dLOUU_NABiqPCD6p8-WblOymoSWUgWffryvRFQjrgNfNSIkwVMSjimtKne9zYvDSyEu-dgaEKEAdbYeS_KWCqC9ijRVDnfwkvdl-x31bUwjdZ-rm2ddSJx94TIYOumEFbtOmHslyKc1Evr95I0QxiVTlVoLMNkgAB3iG1pt-W2CSa2PdhkZuESR9W4ZMhzF1vFMXI7M93gvfF8V06MOhcKkg6rk0Nfzy_oIazT4KZTiQX95r-wS40EIy3bA5uU_zM0Rv-cQFFr6taAcM0R0Nc7F451R5G-QJAyqZaQS9FkiAQz6oLvmaqSnwwZ6xIQHq6ZlGetqjiaqeb2G_FYfZYuiJz1PLSmo58Sv_Jx5LY6nC5AUJuW34OjrgD9rLjG6B5Nr7VQWz_oIXNYsYzAgQQDk1ILQOk9ZwYq_qB0xoG5VxS2OzW0M9FeLbSw7t48MJU8WyjHeHQtfc878yoZwLSQkFYuSYWnJ4Nu3A0y7tS6dtwNd7xVjqeGB4K4IjpNY_X99UEGXpVeSmaLtxUsbL1rbTS-Sy4XnRve6b9-OD4-Pa4nP_py-hNs1qXR5k3IdQVU1ckx--64MVXXsITeB-Ip4SPLQWH4Yi6pNEcbRLTFigvc01rMyAZW31meaccyFZbalkuzX1o-m5HFZByuI8i9tkSiRaJ1QTGIUiEm7N5_tDuiKsDVWYiSNHBqy2Qf2hUG4PLDSyAWxUNvcgROHdf0AMurze5jxhDJUR-OMB6Q0HHtlOfkTBAIzYtzoy0j7Kb1mFIKsIcYVvRsk1ndNMFYF5fO7c2MESJD177K07xlrvD1uQ&cid=CAASEuRoU-nC4rvncEFlwEfB-2Y1pA&rfl=1%2Chttps%253A%252F%252Far.buddysecret.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 720
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Dec 2021 18:15:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 11D2 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 12:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 29 Nov 2022 12:44:40 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0155
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1&C=1

43 B
1014 B

27ms
27ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNX0wxeEidOtToWPor9zhGuaTewQEYES40Ler3Tcccdyw4S4gPqR6UNNNLcZ9B7qyDrgXJtziZqb0467tzaPZdfQsrzfcmmE16XfUvv5s6tE1OTQgOyBUpHYg9Q0xN-kaDBqQmisOgnZMmCXhks6r5PpcWtvSFgTVsNgqi7rJiXL21jEtKI
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 18:27:32 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 30 Nov 2021 18:27:32 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 18:27:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 30 Nov 2021 18:27:32 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0155
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaZtFGsV3yXtMq8dZuGxEwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1

43 B
894 B

28ms
25ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNX0wxeEidOtToWPor9zhGuaTewQEYES40Ler3Tcccdyw4S4gPqR6UNNNLcZ9B7qyDrgXJtziZqb0467tzaPZdfQsrzfcmmE16XfUvv5s6tE1OTQgOyBUpHYg9Q0xN-kaDBqQmisOgnZMmCXhks6r5PpcWtvSFgTVsNgqi7rJiXL21jEtKI
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 18:27:32 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 30 Nov 2021 18:27:32 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPBrtfI9ojzklrEFrfMRIqw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 0155
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEA2LGfwGWQa9ZXecbijgTXA&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEA2LGfwGWQa9ZXecbijgTXA%26google_cver%3D1

43 B
1 KB

13ms
13ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEA2LGfwGWQa9ZXecbijgTXA%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNX0wxeEidOtToWPor9zhGuaTewQEYES40Ler3Tcccdyw4S4gPqR6UNNNLcZ9B7qyDrgXJtziZqb0467tzaPZdfQsrzfcmmE16XfUvv5s6tE1OTQgOyBUpHYg9Q0xN-kaDBqQmisOgnZMmCXhks6r5PpcWtvSFgTVsNgqi7rJiXL21jEtKI

Protocol

HTTP/1.1

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 18:27:32 GMT
X-Proxy-Origin: 193.27.14.24; 193.27.14.24; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4a8da925-f0bd-4af0-94e3-cfff5578ee15
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 18:27:32 GMT
X-Proxy-Origin: 193.27.14.24; 193.27.14.24; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c3e7330c-6fa7-46e6-8fe1-84a034bbc852
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEA2LGfwGWQa9ZXecbijgTXA%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0155
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzYwNzMzNTU0NTAxMTcyNzQyMQ%3D%3D

170 B
188 B

36ms
21ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzYwNzMzNTU0NTAxMTcyNzQyMQ%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 18:27:32 GMT
X-Proxy-Origin: 193.27.14.24; 193.27.14.24; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 5ad650ee-37b2-4fff-9272-27b625d027d8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzYwNzMzNTU0NTAxMTcyNzQyMQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK kumirww3i0oj Show response
hal9000.redintelligence.net/zone/ Frame 11D2 11 KB
4 KB 45ms
12ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/kumirww3i0oj?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUmtrE22mYdmhJIysgQfT05eAB92t6Khgz-rP5J8K8C4QASCUq4FoYJXaooKwB8gBCakCokL3i4Hfsj6oAwGqBOMBT9Ch1TrYmRDXKEW53OvjdOcdrzxQlti9CVkwI5PotEgNjSJLO2HFZEQmCJ5_6yj1_jb1qx-6KplpJhuYZwXqxGNguuDDdv-6eJUe9Xc7YO5QbBNW0YYXsAOJLpbp3xmT94DMBTAz7e1_UZbUlq-ZUhpaLfNjCPy5FcRY6BofJgqQOvNGEbyAmZzF4ckR81vOMoHLbKx0n33LlgXgN0XftdzoER0nYrnV5je_i8-TcCIw_59QmCQUtR8-MSpushoSRQIJszHMF7Nh8AtPpDLLH3Kk1hPE509aa5CMm-3yNU9Rz-XABM6Ou7GWAuAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjg4Mjg5NDI5Njk1MzMxN4AKA5gLAcgLAYAMAbATnuXsDNATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoU-nC4rvncEFlwEfB-2Y1pA%26sig%3DAOD64_147tb0AQpzTG415R5Xyn3PqcOMkg%26client%3Dca-pub-3775738955018489%26dbm_c%3DAKAmf-AmvgkM-9MFGsGQd7FRvixqYTORBbgoatLZYPim-OVXKpPO_Bcap6ISjA9ebV08PVJgx8ba8xUzUJWCFiW19N8HLaZmryeKp8Toaz7qHSDKOgd4-QoxFYGKT4bxSv7AGZkB-O2zEv9UFjuMVz-SCdK5_dwDsA%26cry%3D1%26dbm_d%3DAKAmf-DHwsNbVVoGSDLSDdGMgJCM6CduhjO20lZti61wKSJF2ZZ3WUP34C42aJ7wvtpW6m6UgU0PtO-wVPdAGObD9TDosnRFnA1DANNXpIRwFz7ROdaja4WcWCkYfSLb7P3PCHhV3K6ecdYJmPWewfrz7XFDA6pxnGJaCMyEoyvRISywCWlwueMinFY51pd_bFZzrekDMs04LrZdrly1mzDYpF-nerMxjuvdy6gLBkQBJo_I2N6Nw2xpTfPmawHXo_PO0dhazKqPy5VeUluQ6VzgOZKs2qW5vEqdizlNUj6lRoTGck6zZAPYkMbLGDJL2R473sdiN2JTroCFxkxUs4fNKsg6dHCWmB3fK4VJk7JUYK-8-vkXM4tyjv1STxvcjlFXeEXoQGALpW_to5PLJBy9Bh9jWEisFXrYe4tOe-rIwxS2-iPw9dEBSHpL5mt2Byt80oc1fEuKOgj-4uCneeLhxCldCCYEiw%26adurl%3D
Requested by: Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: ffab1c056a0254369097b76c22faef063a67f8fb8fd1bd69d42fd304a2aa1e0d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 18:27:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3935
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E6E4 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Mon, 29 Nov 2021 12:44:40 GMT
expires: Tue, 29 Nov 2022 12:44:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 106972
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211111&jk=2971943970888554&bg=!9vWl9bHNAAZQLpa_UC47ACkAdvg8Wl0M6TSpqK5w58H38XJf22yuIm-KKfJPkvdKlDAgvBhEaXg9WgIAAADQUgAAAAxoAQcKAAQ8sQNBmQKHtEwGazGtUi1sTI23buZYQeKPWgVSsRkoaBkpBKhKqxxM0EIlIsql-7_JdIo7NXWW1rcwrWHQNX28WWq9Vb4CkuDKzUHgJt3ZAy3y_eYxtF1NG77cc28xZYkmJ50FhES2VeMBB7wJWcq_UQPJl68WokFWKlve6YrXWmqqZ2Oao92WOdRtjV_TgH3a0jWv7H5z2coDlsfm9dZ-sfHupO7of5VeyA95EwA8KdL5P7xI8txAY9FXWdVxNG08jlaD2-6-Qgix2g25F0x_2u92lhh4R-XHMq2IwPK4f0JaQ0pOstzvjZRsysln4ru9xT5bLJ9OKsvIuDok4nZLMCHPzCtkrddVy0clIdOYbuSx4tNY5nSwc969I7W66Okn9pNPoIbfLwCC__JW3tBnjQAyL4_ILFCKs6TP5PqS5NE58AqVoj8zHsIGSFL-423LPaRoh1TW0EW-8H-FqaxGHO8YKILJdwVll8PGLBarsaj5RiaSzig15kvg4xKCaUh3-OqSmqlYpZvjdW560sTfIkCSoz55pQRQAYnCDh9VLBL9r79onldCGfpu3t-FIlGwJh4M-rR8QChUjPdMDA2A6ORyqQjLaTn5EIN7DIsIm1DPZpF70znMQQEsXWVRjyUlXitZeMxRb644N0IilLxjc9hnErFD4ZRCnF5R6GuVVm01QEKm3E9AY9n2OZ3OzOTCxp-KX3ea54HIl9i6Fuo9YiBJdDRjhVOpL_W_P3OIg8CTzP5wtBYXzVD7oWwAG2txsc77BsO3lQO3kK5Y1gornJB5rZuWTxAVGK3hn8VrMHPcL-itfuV6eiV6XipNuINxWhTFr62f9HRdFOKL6TEsgxxzSlmvCdIZ8mzPefQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar.buddysecret.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response
pagead2.googlesyndication.com/bg/ Frame E6E4 35 KB
13 KB 8ms
7ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 15:56:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13508
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 15:56:39 GMT

GET
H/1.1

200
OK

request.php Show response
hal90007.redintelligence.net/ Frame 11D2
Redirect Chain

https://hal90007.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=2c09712867&subid=&uid=49850c06687ad951&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90007.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=2c09712867&subid=&uid=49850c06687ad951&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

2 KB
1 KB

92ms
71ms

Script
application/x-javascript

138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=2c09712867&subid=&uid=49850c06687ad951&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUmtrE22mYdmhJIysgQfT05eAB92t6Khgz-rP5J8K8C4QASCUq4FoYJXaooKwB8gBCakCokL3i4Hfsj6oAwGqBOMBT9Ch1TrYmRDXKEW53OvjdOcdrzxQlti9CVkwI5PotEgNjSJLO2HFZEQmCJ5_6yj1_jb1qx-6KplpJhuYZwXqxGNguuDDdv-6eJUe9Xc7YO5QbBNW0YYXsAOJLpbp3xmT94DMBTAz7e1_UZbUlq-ZUhpaLfNjCPy5FcRY6BofJgqQOvNGEbyAmZzF4ckR81vOMoHLbKx0n33LlgXgN0XftdzoER0nYrnV5je_i8-TcCIw_59QmCQUtR8-MSpushoSRQIJszHMF7Nh8AtPpDLLH3Kk1hPE509aa5CMm-3yNU9Rz-XABM6Ou7GWAuAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjg4Mjg5NDI5Njk1MzMxN4AKA5gLAcgLAYAMAbATnuXsDNATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoU-nC4rvncEFlwEfB-2Y1pA%26sig%3DAOD64_147tb0AQpzTG415R5Xyn3PqcOMkg%26client%3Dca-pub-3775738955018489%26dbm_c%3DAKAmf-AmvgkM-9MFGsGQd7FRvixqYTORBbgoatLZYPim-OVXKpPO_Bcap6ISjA9ebV08PVJgx8ba8xUzUJWCFiW19N8HLaZmryeKp8Toaz7qHSDKOgd4-QoxFYGKT4bxSv7AGZkB-O2zEv9UFjuMVz-SCdK5_dwDsA%26cry%3D1%26dbm_d%3DAKAmf-DHwsNbVVoGSDLSDdGMgJCM6CduhjO20lZti61wKSJF2ZZ3WUP34C42aJ7wvtpW6m6UgU0PtO-wVPdAGObD9TDosnRFnA1DANNXpIRwFz7ROdaja4WcWCkYfSLb7P3PCHhV3K6ecdYJmPWewfrz7XFDA6pxnGJaCMyEoyvRISywCWlwueMinFY51pd_bFZzrekDMs04LrZdrly1mzDYpF-nerMxjuvdy6gLBkQBJo_I2N6Nw2xpTfPmawHXo_PO0dhazKqPy5VeUluQ6VzgOZKs2qW5vEqdizlNUj6lRoTGck6zZAPYkMbLGDJL2R473sdiN2JTroCFxkxUs4fNKsg6dHCWmB3fK4VJk7JUYK-8-vkXM4tyjv1STxvcjlFXeEXoQGALpW_to5PLJBy9Bh9jWEisFXrYe4tOe-rIwxS2-iPw9dEBSHpL5mt2Byt80oc1fEuKOgj-4uCneeLhxCldCCYEiw%26adurl%3D&documentReferer=https%3A%2F%2Far.buddysecret.com%2F&ancestorOrigins=https%3A%2F%2Far.buddysecret.com&random=1319110856295&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.157 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 39cb70bbd6f7b2c6c6960a8872b696c1845650953dcfcd9f98de3070e48e04a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 18:27:32 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 77556500164123400757617011794007
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 894
Expires: Tue, 30 Nov 2021 18:27:32 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 18:27:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=2c09712867&subid=&uid=49850c06687ad951&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUmtrE22mYdmhJIysgQfT05eAB92t6Khgz-rP5J8K8C4QASCUq4FoYJXaooKwB8gBCakCokL3i4Hfsj6oAwGqBOMBT9Ch1TrYmRDXKEW53OvjdOcdrzxQlti9CVkwI5PotEgNjSJLO2HFZEQmCJ5_6yj1_jb1qx-6KplpJhuYZwXqxGNguuDDdv-6eJUe9Xc7YO5QbBNW0YYXsAOJLpbp3xmT94DMBTAz7e1_UZbUlq-ZUhpaLfNjCPy5FcRY6BofJgqQOvNGEbyAmZzF4ckR81vOMoHLbKx0n33LlgXgN0XftdzoER0nYrnV5je_i8-TcCIw_59QmCQUtR8-MSpushoSRQIJszHMF7Nh8AtPpDLLH3Kk1hPE509aa5CMm-3yNU9Rz-XABM6Ou7GWAuAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjg4Mjg5NDI5Njk1MzMxN4AKA5gLAcgLAYAMAbATnuXsDNATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoU-nC4rvncEFlwEfB-2Y1pA%26sig%3DAOD64_147tb0AQpzTG415R5Xyn3PqcOMkg%26client%3Dca-pub-3775738955018489%26dbm_c%3DAKAmf-AmvgkM-9MFGsGQd7FRvixqYTORBbgoatLZYPim-OVXKpPO_Bcap6ISjA9ebV08PVJgx8ba8xUzUJWCFiW19N8HLaZmryeKp8Toaz7qHSDKOgd4-QoxFYGKT4bxSv7AGZkB-O2zEv9UFjuMVz-SCdK5_dwDsA%26cry%3D1%26dbm_d%3DAKAmf-DHwsNbVVoGSDLSDdGMgJCM6CduhjO20lZti61wKSJF2ZZ3WUP34C42aJ7wvtpW6m6UgU0PtO-wVPdAGObD9TDosnRFnA1DANNXpIRwFz7ROdaja4WcWCkYfSLb7P3PCHhV3K6ecdYJmPWewfrz7XFDA6pxnGJaCMyEoyvRISywCWlwueMinFY51pd_bFZzrekDMs04LrZdrly1mzDYpF-nerMxjuvdy6gLBkQBJo_I2N6Nw2xpTfPmawHXo_PO0dhazKqPy5VeUluQ6VzgOZKs2qW5vEqdizlNUj6lRoTGck6zZAPYkMbLGDJL2R473sdiN2JTroCFxkxUs4fNKsg6dHCWmB3fK4VJk7JUYK-8-vkXM4tyjv1STxvcjlFXeEXoQGALpW_to5PLJBy9Bh9jWEisFXrYe4tOe-rIwxS2-iPw9dEBSHpL5mt2Byt80oc1fEuKOgj-4uCneeLhxCldCCYEiw%26adurl%3D&documentReferer=https%3A%2F%2Far.buddysecret.com%2F&ancestorOrigins=https%3A%2F%2Far.buddysecret.com&random=1319110856295&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 30 Nov 2021 18:27:32 +0100

GET
H3

200

activityi;dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674 Show response
5994599.fls.doubleclick.net/ Frame 9C28
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674?

391 B
345 B

44ms
28ms

Document
text/html

142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674?

Requested by

Host: ar.buddysecret.com
URL: https://ar.buddysecret.com/s/sync-quiz/bYV7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

046759a2f48ccea4ca166724194b93faa95f6cd510f3c68f33789e0234619057

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 30 Nov 2021 18:27:32 GMT
expires: Tue, 30 Nov 2021 18:27:32 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 30 Nov 2021 18:27:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame 40F3 4 KB
2 KB 34ms
12ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=77556500164123400757617011794007&a=2506e051
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=2c09712867&subid=&uid=49850c06687ad951&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCUmtrE22mYdmhJIysgQfT05eAB92t6Khgz-rP5J8K8C4QASCUq4FoYJXaooKwB8gBCakCokL3i4Hfsj6oAwGqBOMBT9Ch1TrYmRDXKEW53OvjdOcdrzxQlti9CVkwI5PotEgNjSJLO2HFZEQmCJ5_6yj1_jb1qx-6KplpJhuYZwXqxGNguuDDdv-6eJUe9Xc7YO5QbBNW0YYXsAOJLpbp3xmT94DMBTAz7e1_UZbUlq-ZUhpaLfNjCPy5FcRY6BofJgqQOvNGEbyAmZzF4ckR81vOMoHLbKx0n33LlgXgN0XftdzoER0nYrnV5je_i8-TcCIw_59QmCQUtR8-MSpushoSRQIJszHMF7Nh8AtPpDLLH3Kk1hPE509aa5CMm-3yNU9Rz-XABM6Ou7GWAuAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNjg4Mjg5NDI5Njk1MzMxN4AKA5gLAcgLAYAMAbATnuXsDNATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoU-nC4rvncEFlwEfB-2Y1pA%26sig%3DAOD64_147tb0AQpzTG415R5Xyn3PqcOMkg%26client%3Dca-pub-3775738955018489%26dbm_c%3DAKAmf-AmvgkM-9MFGsGQd7FRvixqYTORBbgoatLZYPim-OVXKpPO_Bcap6ISjA9ebV08PVJgx8ba8xUzUJWCFiW19N8HLaZmryeKp8Toaz7qHSDKOgd4-QoxFYGKT4bxSv7AGZkB-O2zEv9UFjuMVz-SCdK5_dwDsA%26cry%3D1%26dbm_d%3DAKAmf-DHwsNbVVoGSDLSDdGMgJCM6CduhjO20lZti61wKSJF2ZZ3WUP34C42aJ7wvtpW6m6UgU0PtO-wVPdAGObD9TDosnRFnA1DANNXpIRwFz7ROdaja4WcWCkYfSLb7P3PCHhV3K6ecdYJmPWewfrz7XFDA6pxnGJaCMyEoyvRISywCWlwueMinFY51pd_bFZzrekDMs04LrZdrly1mzDYpF-nerMxjuvdy6gLBkQBJo_I2N6Nw2xpTfPmawHXo_PO0dhazKqPy5VeUluQ6VzgOZKs2qW5vEqdizlNUj6lRoTGck6zZAPYkMbLGDJL2R473sdiN2JTroCFxkxUs4fNKsg6dHCWmB3fK4VJk7JUYK-8-vkXM4tyjv1STxvcjlFXeEXoQGALpW_to5PLJBy9Bh9jWEisFXrYe4tOe-rIwxS2-iPw9dEBSHpL5mt2Byt80oc1fEuKOgj-4uCneeLhxCldCCYEiw%26adurl%3D&documentReferer=https%3A%2F%2Far.buddysecret.com%2F&ancestorOrigins=https%3A%2F%2Far.buddysecret.com&random=1319110856295&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8c7a4bc4313721daa7163444715bb99cc1e078b9b6f44ec02f59fa19bf829e6f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/

Response headers

Date: Tue, 30 Nov 2021 18:27:32 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 30 Nov 2021 18:27:32 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1422
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 27E7 1 KB
749 B 8ms
7ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 30 Nov 2021 13:26:12 GMT
expires: Wed, 01 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 18080
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 11D2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9021363a69a975f8fb97029c697f5b80c41a2d1ea74fc9099bb025846092fb41

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E6E4 0
20 B 42ms
42ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDBMkFG2mYaiGAeamx_APkNaXGAAAAAA4AeAEAg&bg=!ICOlI2fNAAZQLpa_UC47ACkAdvg8WnA4osb-NF-l-9e7idBbFU-ZAbnq_zpTBx9cX_QLes3alM3vswIAAACCUgAAAA1oAQeZAsxuBWZmKhNSSpehRrrMUJvizEQrtSrX8LdoQash-SOw-O5n1fu22FDDVi1UTPS9qcRjioZn97nOX1jMiik2rPUR-3wM2XE1OXFMfyfm8S5XM2sKMyPEh17VjYegSwLyXRlaSMd-TLoLXMxOrtchnZc6QKPcjdw5hNvr_smrFvWofceHqzVxVKTO12ySPRUs7t4zVuFTcrAlCBNn8hR5dLz9U7nIch9pigCt0-6jTheT0w95zmMMsiannqWM_DQGgImQ2zWJaqHNqwiZtkOmxFsPlCCtRvE8huJhAjI9wCY9wmb3na1GntYIi4fUhAgkTnT3qEj1r7oVI-Z2fQiQVsuMC6hEcxqnT8xZZViV3D3H2gSAf1rI33tmeM8cWOYK5DZiAmXyf6lpbOgARBgJl-L2WMONmxpydqxpCic8jmLFp4NU4lrRWuT6zEderJI46ix3UNcXsN-gpZEsuh6B3Lj5RXCFxedmLB4PCtC7KjrkKXQyfq-PWro6ZaIAbnOZD29z9zgCCRr1PXvSod_OFRaA8HxhLOdgsdPKBlM7xro38C7N6-AvNsYfTnSlpfYp1znV1vn18L0m8whbGf5_Ij2Wm8_2jmNxnyXi0We5d_V6ilTIjEU6O4btY9FDmNcfWkGrlL0hnBcAW4l7haaC1ak7Krhg5DSe5-QimZq17nas8DeAvFFwndDdddhhB_5vYjcTwBDM0L8LAMQu-0E1qAh2EqIs-j9UPAEVObaVmLB6T4timlUg_Pp7jzvT5LGsDnIMrOnL3YkhHJd5uyR4ELRw5sNeXT6-dFdJIIwexKe6ylg58mBf1o0y9lJVK40WH2tgBUCX63OPF5crE807wwjBCQbBgeA6oWD3KypKsFK3Kp2g9CTax0DyPlW0uEknsjgMDCiRL2vG5Bx-Jdf-2gSnNU4CXbTc34qZlNcRYMAlGEsGirwqGQ2jXq_VBw

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK office-320.jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame 40F3 19 KB
19 KB 78ms
23ms Image
image/jpeg 88.99.65.215
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/office-320.jpg
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=77556500164123400757617011794007&a=2506e051
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.65.215 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.215.65.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 1c27476657b3842d8dec949b6ce5bc724f099bfa8f6f54ef5e31d8fb96aa50d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 18:27:32 GMT
Last-Modified: Tue, 11 Apr 2017 16:07:59 GMT
Server: nginx
ETag: "58ecff5f-4cfa"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 19706

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 40F3 0
150 B 34ms
12ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=77556500164123400757617011794007&a=6f77bcae&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=77556500164123400757617011794007&a=2506e051
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=77556500164123400757617011794007&a=2506e051
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 18:27:32 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 40F3 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E7
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHmUMl7WebjpeDTB5-EdSIE&google_cver=1&google_push=AYg5qPLCi6qEKgrVQlS8kXlGV_ECg7-Vv6QGh1ntUjq8Bfqi3wqGkOhuDyVACYhBYHPjZjMD3_B04cnmlrJGWjkZ...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLCi6qEKgrVQlS8kXlGV_ECg7-Vv6QGh1ntUjq8Bfqi3wqGkOhuDyVACYhBYHPjZjMD3_B04cnmlrJGWjkZzcpyBS76Efpv

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLCi6qEKgrVQlS8kXlGV_ECg7-Vv6QGh1ntUjq8Bfqi3wqGkOhuDyVACYhBYHPjZjMD3_B04cnmlrJGWjkZzcpyBS76Efpv

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 30 Nov 2021 18:27:32 GMT
Server: MT3 4103 f8fad19 master cdg-pixel-x31 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLCi6qEKgrVQlS8kXlGV_ECg7-Vv6QGh1ntUjq8Bfqi3wqGkOhuDyVACYhBYHPjZjMD3_B04cnmlrJGWjkZzcpyBS76Efpv
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 30 Nov 2021 18:27:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E7
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEEaGkAUXDZwAZ7ZwNt6PRxc&google_cver=1&google_push=AYg5qPKz3irO3z9fpsb9b2_SxDAdq0sUUlS25rSOGl3_YHSMdcGE_hb_-abm6GEF7qX8T8y0jG6LzyFqSp5...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKz3irO3z9fpsb9b2_SxDAdq0sUUlS25rSOGl3_YHSMdcGE_hb_-abm6GEF7qX8T8y0jG6LzyFqSp5T2K5VwOxCNeDWkF0HUA&google_hm=OLCegjSrReeBkXME62...

170 B
188 B

19ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKz3irO3z9fpsb9b2_SxDAdq0sUUlS25rSOGl3_YHSMdcGE_hb_-abm6GEF7qX8T8y0jG6LzyFqSp5T2K5VwOxCNeDWkF0HUA&google_hm=OLCegjSrReeBkXME62P9oxg

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:31 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKz3irO3z9fpsb9b2_SxDAdq0sUUlS25rSOGl3_YHSMdcGE_hb_-abm6GEF7qX8T8y0jG6LzyFqSp5T2K5VwOxCNeDWkF0HUA&google_hm=OLCegjSrReeBkXME62P9oxg
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E7
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEPOvQDN1CDPuMX6gJ9Dja_Y&google_cver=1&google_push=AYg5qPLJdx-bk_LhN9QXJMYH0P1SPjE_ifOhjEWBz8okZHMzYhccLzSlJcRW9fJpPAoSETiydvz...
https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEPOvQDN1CDPuMX6gJ9Dja_Y&google_cver=1&google_push=AYg5qPLJdx-bk_LhN9QXJMYH0P1SPjE_ifOhjEWBz8okZHMzYhccLzSlJcRW9fJpPAoSETiydvz...
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=tZsgSftEQhKgjxUGvvGqIA&gdpr=1&gdpr_consent=

170 B
188 B

35ms
34ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=tZsgSftEQhKgjxUGvvGqIA&gdpr=1&gdpr_consent=

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
server: Apache-Coyote/1.1
location: https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=tZsgSftEQhKgjxUGvvGqIA&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET google
pix.impdesk.com/csync/ Frame 27E7 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E7
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEF5B6M8o9PoqRGT_cfvfvdw&google_cver=1&google_push=AYg5qPKpP3sEpmurQ5l-GfAIfmrp2F2_MXI-NddWNzCShkuRn9g_VQLX0ngVZGbJqIxKgQ8oW909jUCFf-LpVMuOM...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEF5B6M8o9PoqRGT_cfvfvdw&google_cver=1&google_push=AYg5qPKpP3sEpmurQ5l-GfAIfmrp2F2_MXI-NddWNzCShkuRn9g_VQLX0ngVZGbJqIxKgQ8oW909jUCFf-LpVMuOM...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKpP3sEpmurQ5l-GfAIfmrp2F2_MXI-NddWNzCShkuRn9g_VQLX0ngVZGbJqIxKgQ8oW909jUCFf-LpVMuOM8P-fXNxulLX8Q&google_hm=eec61d92bf1f03f21274...

170 B
188 B

36ms
35ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKpP3sEpmurQ5l-GfAIfmrp2F2_MXI-NddWNzCShkuRn9g_VQLX0ngVZGbJqIxKgQ8oW909jUCFf-LpVMuOM8P-fXNxulLX8Q&google_hm=eec61d92bf1f03f21274c3da

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 30 Nov 2021 18:27:32 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKpP3sEpmurQ5l-GfAIfmrp2F2_MXI-NddWNzCShkuRn9g_VQLX0ngVZGbJqIxKgQ8oW909jUCFf-LpVMuOM8P-fXNxulLX8Q&google_hm=eec61d92bf1f03f21274c3da
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27E7
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEB1ltPrlRcf7u5TjCwT7a5A&google_cver=1&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riB...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEB1ltPrlRcf7u5TjCwT7a5A&google_cver=1&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riB...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEB1ltPrlRcf7u5TjCwT7a5A&google_cver=1&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7r...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEB1ltPrlRcf7u5TjCwT7a5A&google_cver=1&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7r...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAyZWMxMjM1Yi01MjBiLTExZWMtYTM1OS0wNmRiOTY5YjRjMjQ%3D&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riBwOkhX3GxbQ...

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAyZWMxMjM1Yi01MjBiLTExZWMtYTM1OS0wNmRiOTY5YjRjMjQ%3D&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riBwOkhX3GxbQij18wVCChrwHIsWYFHSz7jbMgOpIgDaeRgffc

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAyZWMxMjM1Yi01MjBiLTExZWMtYTM1OS0wNmRiOTY5YjRjMjQ%3D&google_push=AYg5qPIhixFsWSm8Ez3cL7uCvKZ0nFMouVuTDRdkM782mujBi1Gm7riBwOkhX3GxbQij18wVCChrwHIsWYFHSz7jbMgOpIgDaeRgffc
date: Tue, 30 Nov 2021 18:27:32 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 27E7 43 B
586 B 39ms
16ms Image
image/gif 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEFx5Y14LZBMIpqudRl2WOFg&google_cver=1&google_push=AYg5qPKPCDiAyuGTgKq1jqLt4CK0zZiJJs83TZp2GW2eLzyP2UyaNWpA3rAA4JBB1N7KAMly_BrWl35Wqnm1fZtoDLcImoweE3J9aA

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 01 Dec 2021 18:27:32 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 27E7 0
12 B 17ms
16ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LDxaIbYrynUrMemdhLQBciR3R-WtrIZH5uSwikC3CCb83a301L6UpO_fwet9TwMVTathqvk7g

Requested by

Host: 156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
URL: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:27:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674
adservice.google.com/ddm/fls/z/ Frame 9C28 42 B
63 B 46ms
43ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIXjrq_bwPQCFbkRBgAdH44Ipw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7913425322447.674?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 11D2 42 B
64 B 42ms
42ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-jsBbZO859hLvrhF_HsYfQR0iBZc49JV6aVi5K_gzP9hAPV7jgzGQbyzpegHURCAl5fN-u2gfcnKxOORViSuM0Lki1lJa441yvwRG&sai=AMfl-YSylt4n8PvywUi2DM92Bo90fYHLovMgDqNaSWtWnCMjrIDMLaz1IO0vIcltJLtsNEfkenp6yJe6onpck8qxAUX7h4-wVHaaUKSdRXteLVfS-jGpcuZSSrKC-tc&sig=Cg0ArKJSzGcOw14zNw7TEAE&cid=CAASEuRoU-nC4rvncEFlwEfB-2Y1pA&id=lidar2&mcvt=1000&p=1150,640,1200,960&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4166104311&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638296851951&rpt=396&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 18:27:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 40F3 0
150 B 35ms
12ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=77556500164123400757617011794007&a=6f77bcae&vb=v
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=77556500164123400757617011794007&a=2506e051
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=77556500164123400757617011794007&a=2506e051
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 18:27:33 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pix.impdesk.com
URL: https://pix.impdesk.com/csync/google?google_gid=CAESEM9KTZdMk-054xXyo21vEyY&google_cver=1&google_push=AYg5qPJjlEwRJEEjLdG856b1etOBlOBLCeHIT5q66rtwBNAOpv7okNyd9zqtmb_O-M0GdQgT6s_Hs-7oOQqVeeNOPky-1vM3J6OvCg

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.buddysecret.com/	1970-01-20 16:36:08	Name: _ga Value: GA1.2.2141826429.1638296851
.buddysecret.com/	1970-01-19 23:06:23	Name: _gid Value: GA1.2.1988784163.1638296851
.buddysecret.com/	1970-01-19 23:04:56	Name: _gat_gtag_UA_192512597_3 Value: 1
.buddysecret.com/	1970-01-19 23:04:56	Name: _gat_gtag_UA_126527512_14 Value: 1
.buddysecret.com/	1970-01-19 23:04:56	Name: _gat_UA-126527512-14 Value: 1
.doubleclick.net/	1970-01-20 08:26:32	Name: IDE Value: AHWqTUm_OSA2YgyAYt9MC1MzXqZf4e0p7aOaUk8ClYFgUtILOCI0rdgOsH47DbVyBVA
.buddysecret.com/	1970-01-20 08:26:32	Name: __gads Value: ID=65d087dcc9da94dc:T=1638296851:S=ALNI_MZZOSJPkaYgTAMbJX_U-67jr33ilw
.casalemedia.com/	1970-01-20 01:14:32	Name: CMPS Value: 3228
.redintelligence.net/	1970-01-20 01:14:32	Name: 8lcfmzhxc8d6_uid Value: c98947a3538d10f0
.casalemedia.com/	1970-01-19 23:06:23	Name: CMST Value: YaZtFGGmbRQA
.casalemedia.com/	1970-01-20 07:50:32	Name: CMID Value: YaZtFE5Tj5Q-KPvODZ-MrAAA
.casalemedia.com/	1970-01-20 01:14:32	Name: CMPRO Value: 1140
.casalemedia.com/	1970-01-20 07:50:32	Name: CMRUM3 Value: 2d61a66d142760CAESEPBrtfI9ojzklrEFrfMRIqw
.adnxs.com/	1970-01-20 01:14:32	Name: uuid2 Value: 5549152049651312388
.adnxs.com/	1970-01-20 01:14:32	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTtgR?vn!]tbPl1M>e)ZlrFUfJ+tGXxp:ShSnraY2V2Y4M>qG6!6f@iM?nYZR-z4SMj$bpRzqF1`*b^Hr)qxCX
.ctnsnet.com/	1970-01-20 07:50:32	Name: cid_38b09e8234ab45e781917304eb63fda3 Value: 1
.advertising.com/	1970-01-20 07:51:59	Name: APID Value: UP2ec1235b-520b-11ec-a359-06db969b4c24
.lijit.com/	1970-01-20 07:50:32	Name: ljt_reader Value: eec61d92bf1f03f21274c3da
.mathtag.com/	1970-01-20 08:30:52	Name: uuid Value: dfde61a6-6d14-4c00-98e0-1a1545732ee9
.mathtag.com/	1970-01-19 23:48:08	Name: mt_mop Value: 4:1638296852
.yahoo.com/	1970-01-20 07:50:54	Name: A3 Value: d=AQABBBRtpmECEPVeq6DO30Cv-XqpZEdEmOgFEgEBAQG-p2GwYQAAAAAA_eMAAA&S=AQAAAuvmIcGMjDwATBvmmL9YV5g
.analytics.yahoo.com/	1970-01-20 07:51:59	Name: IDSYNC Value: 18wq~21tu
.yahoo.com/	1970-01-19 23:49:55	Name: APID Value: UP2ec1235b-520b-11ec-a359-06db969b4c24
.yahoo.com/	1970-01-19 23:06:23	Name: APIDTS Value: 1638296852
.tidaltv.com/	1970-01-20 07:50:32	Name: tidal_ttid Value: b59b2049-fb44-4212-a08f-1506bef1aa20
.tidaltv.com/	1970-01-20 07:50:32	Name: sync-his Value: "H4sIAAAAAAAAADM0sjQ1sjI0sgAAy3JL1QkAAAA="

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7003191985075097&output=html&adk=1812271804&adf=3025194257&lmt=1638296851&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32&format=0x0&url=https%3A%2F%2Far.buddysecret.com%2Fs%2Fsync-quiz%2FbYV7&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638296851316&bpp=2&bdt=172&idt=90&shv=r20211111&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5032859781382&frm=20&pv=2&ga_vid=2141826429.1638296851&ga_sid=1638296851&ga_hid=1255180167&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063792%2C31063835&oid=2&pvsid=2971943970888554&pem=13&tmod=1807876480&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=113 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://pix.impdesk.com/csync/google?google_gid=CAESEM9KTZdMk-054xXyo21vEyY&google_cver=1&google_push=AYg5qPJjlEwRJEEjLdG856b1etOBlOBLCeHIT5q66rtwBNAOpv7okNyd9zqtmb_O-M0GdQgT6s_Hs-7oOQqVeeNOPky-1vM3J6OvCg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

156e407f5226af72f623f413a2573f2a.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
adservice.google.com
adservice.google.de
ap.lijit.com
ar.buddysecret.com
cdn.contentspread.net
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90007.redintelligence.net
ib.adnxs.com
img.buddysecret.com
img.holaquiz.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.impdesk.com
pixel.advertising.com
s0.2mdn.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
sync.mathtag.com
sync.tidaltv.com
tpc.googlesyndication.com
ups.analytics.yahoo.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
pix.impdesk.com
138.201.63.157
142.250.184.226
142.250.186.70
142.250.186.98
18.158.154.136
185.29.134.244
185.33.221.90
2.18.234.21
2606:4700:20::ac43:474a
2606:4700:20::ac43:47b7
2a00:1450:4001:801::2002
2a00:1450:4001:801::2006
2a00:1450:4001:803::2002
2a00:1450:4001:808::2003
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:811::2002
2a00:1450:4001:811::200a
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:400c:c08::9a
2a03:2880:f01c:216:face:b00c:0:3
2a05:d018:24:b002:dccc:4b37:dddb:cf1e
3.126.56.137
35.186.193.173
72.251.249.13
88.99.65.215
94.130.102.164
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
03f404aa4c570a01e0b56ce048442dbdf0197f867a9be770ad11e744f2ca1494
046759a2f48ccea4ca166724194b93faa95f6cd510f3c68f33789e0234619057
057b7168c0101329e2eb13ed62e1e0aeea75b85bb79869639f39cff092b52474
06c7180ddf0e87166652edd905f3b793105243452b007373848beeced42d8ec0
091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed
0a493eb1e92e6053cdd32039a38f2359742cf660c9bf396288b8e9deeb6cf114
0aa797faa0078de54dd4e36f71084a713aa078d9c703ea68ef8251f64c1042c6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e8ff9d08b89fbc34c9f5276f7fca3e6b35158a9ecb46ebfb02c2091f8c9ee3e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13eb615165c92892fcd46e01782dd0fc52d36f236f883aad488c2cf4dcf9206e
1a4086f6b01ea01e73f42b352500e1ee3fc4a3dba5a50ecd41485f70d661dc30
1c27476657b3842d8dec949b6ce5bc724f099bfa8f6f54ef5e31d8fb96aa50d6
25675789a795caac5b8f160dae95ebdc63f2489f88895bb1428754509c4c9edb
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2704ff90667427020bf5fbeceb2e833cd788f48f264fafda22f849720fd5d96d
2a0182d790fb030792d5172ed46e0c8f17cedea697937210c6401f2ebafbe54e
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2b6abb0dadb9863be72d7a9deed67bc2094ca99135c5896d8150596b695b5b17
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
39cb70bbd6f7b2c6c6960a8872b696c1845650953dcfcd9f98de3070e48e04a7
3e3b1ad125d4c3daef55da2885c835d550290f32d836aa736585726964f11551
41d86f1b17cef4e47ca9fd5b4820fe692bf76857dcadcbf6fc801537de9dc699
47bf6b2e0bb21849f205a4f2d90c8e40b2773f3fdf4c764471cd050ef0a87378
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e6a925c14514938af5f2a7ac3aa70c29303ee4fc774297f041b0d6c54aa4f96
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
545c4f635d9b7adc66a5d435227d5982d2cf1722cd19be7652d7d35da7f9298b
59b93c82b31f94350aed274ec1f3f7bf3b0f561950cd72fe503e8b205de8fec8
5c65cb87e28c4ce2f1a9c66b6086c4607f24e7e90b5978b20668e45930a5794d
5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274
61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3
617c5e5c66e961c0c071829a62b53de51201104b5fa8cf40e65e4a2f770be30d
61c3fd2c64523bd96f296343d66705a0f7310da8838d04a8203eebded15a2c12
6331c5900664a5587812ca27b9e8c52f122e8a8653578c8911e2994d822d7b6f
63995e4b40ac12c30e1f77b63427b60cc3f613a1c441ee31d706b77e19c7d10d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
78ca0005131ba25ff6cd2b6c2f9c877550411b65ce8d3ea2dfd5853f97ed70ad
7ce2f8643f80018e1c4f5dae8adadbd552256fbab5e4409672cb2e060aada574
817c8ade77fb6fbef328182d26d157ab3143d161586ec8beeab61ac3c95947a8
83f9ce2e0b4d93d550ba7e04ab39028d6c34ddb98ec6f0d80aa1095a5b1f5902
867a3dfd0f24bdafb2d1ddc6ba4378a3f9a86a237ca1f87d09431e897b689b5e
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8c7a4bc4313721daa7163444715bb99cc1e078b9b6f44ec02f59fa19bf829e6f
8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911
9021363a69a975f8fb97029c697f5b80c41a2d1ea74fc9099bb025846092fb41
94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a174ccf426d2ec1fff5142f3c80d81af9374161d70a37c2f1b4f1d1ba56484dc
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a37ddc4e7e30ec2675c6d2e628b57efee02b9f3ed430e7172946bf04c1744648
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1db2e66d8877975bef3afeaf21d5ebb4cfae604af1b4df53025553b4ef76e31
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
bf5694b365ccfafd151d2195c9aa52e16a58f65fb5121f5aeabcb1863002a740
c478e1a238f508f9be64174da98bfd96c82ed2883e5fad80c3161e4b2adea1ea
c72c5cdb8ee97ed1e23f49f9cc0884c795f9c70e85a566453d9701f12cebfe9f
ca4163da428c2b23783996707b6ec9ee047c4ebf7c74678309b6eb6a31714662
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d76195d14edb2e4ff1482ec8fc09b9a0c7478cb78a6eefe681679a81e2a13489
d99a9d19d0eb3e8981ded12b6101f63860b1514ac1f2f34a1ba33933127afd83
db668b70fd0021a224a50338fc80f62881fc5e678e84987ff62785d86ab3f320
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfc9985969537ed029862d2d7a223fae3343ac3de9da596a13073354876dca83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
e9c2df2904ee0ac9a0dcc01dbb90666d1c1fd659891fcecba4aa7f64ee0406c1
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef46993c81da652e3c2581d2adab6051e1bd0570d7ce80f5e3ac2c6221a37a97
f2dbe2f39143df839ba93ee3e1efb66efef7a5643533418cba03ea930dba3994
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
fca90ac490ef65a43a3d1d4d9d53baa42502730532c7d9570f84efc09a101746
fd69f716504125b2b566e9289774f0201621076b7b8666152a39e5f6f4f61421
ffab1c056a0254369097b76c22faef063a67f8fb8fd1bd69d42fd304a2aa1e0d

ar.buddysecret.com Open in urlscan Pro 2606:4700:20::ac43:47b7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

103 Requests

89 %HTTPS

58 %IPv6

25 Domains

34 Subdomains

26 IPs

6 Countries

2728 kBTransfer

4814 kBSize

26 Cookies

4 Outgoing links

Redirected requests

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ar.buddysecret.com Open in urlscan Pro
2606:4700:20::ac43:47b7 Public Scan

Screenshot
Live screenshot

Full Image

103
Requests

89 %
HTTPS

58 %
IPv6

25
Domains

34
Subdomains

26
IPs

6
Countries

2728 kB
Transfer

4814 kB
Size

26
Cookies

103 HTTP transactions
2 data transactions