leekduck.com Open in urlscan Pro
2606:4700:3032::6812:3a7e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://leek.gg/
Effective URL:
https://leekduck.com/
Submission: On April 07 via manual (April 7th 2020, 7:13:20 am UTC) from GB

Summary HTTP 84 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 32 IPs in 6 countries across 26 domains to perform 84 HTTP transactions. The main IP is 2606:4700:3032::6812:3a7e, located in United States and belongs to CLOUDFLARENET, US. The main domain is leekduck.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 31st 2020. Valid for: 8 months.

This is the only time leekduck.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.64.116.170 192.64.116.170	22612 (NAMECHEAP...) (NAMECHEAP-NET)
22	2606:4700:303... 2606:4700:3032::6812:3a7e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:84e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
2	2600:9000:21f... 2600:9000:21f3:4600:4:164e:ca00:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
6	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	52.9.196.177 52.9.196.177	16509 (AMAZON-02) (AMAZON-02)
3	52.15.219.226 52.15.219.226	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
2	23.239.15.111 23.239.15.111	63949 (LINODE-AP...) (LINODE-AP Linode)
1	35.157.254.243 35.157.254.243	16509 (AMAZON-02) (AMAZON-02)
3	52.48.220.157 52.48.220.157	16509 (AMAZON-02) (AMAZON-02)
2	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
1	23.213.165.44 23.213.165.44	16625 (AKAMAI-AS) (AKAMAI-AS)
1	213.19.147.210 213.19.147.210	26120 (RHYTHMONE) (RHYTHMONE)
1	52.17.116.207 52.17.116.207	16509 (AMAZON-02) (AMAZON-02)
1	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
1	185.33.223.209 185.33.223.209	29990 (ASN-APPNEX) (ASN-APPNEX)
1	216.52.2.19 216.52.2.19	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:821::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:0:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE)
1	63.33.80.49 63.33.80.49	16509 (AMAZON-02) (AMAZON-02)
84	32

1 192.64.116.170 (Los Angeles, United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

leek.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2606:4700:3032::6812:3a7e (United States)

ASN13335 (CLOUDFLARENET, US)

leekduck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21f3:4600:4:164e:ca00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.thisiswaldo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.9.196.177 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-9-196-177.us-west-1.compute.amazonaws.com

ipfind.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.15.219.226 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-15-219-226.us-east-2.compute.amazonaws.com

thisiswaldo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.239.15.111 (Newark, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li723-111.members.linode.com

bidder.rtk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.rtk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.254.243 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-254-243.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.48.220.157 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-220-157.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.213.165.44 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-165-44.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.210 (United Kingdom)

ASN26120 (RHYTHMONE, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.116.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-116-207.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.120.147 (United States)

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

the-eighth-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.223.209 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 314.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.19 (United States)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:821::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:0:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.80.49 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-80-49.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	leekduck.com leekduck.com	319 KB
12	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	233 KB
10	ampproject.org cdn.ampproject.org	305 KB
8	doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	113 KB
5	thisiswaldo.com cdn.thisiswaldo.com thisiswaldo.com	126 KB
3	gumgum.com g2.gumgum.com	2 KB
3	gstatic.com fonts.gstatic.com	42 KB
2	google.com 1 redirects adservice.google.com www.google.com	280 B
2	rubiconproject.com fastlane.rubiconproject.com	5 KB
2	rtk.io bidder.rtk.io sync.rtk.io	826 B
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	googleapis.com fonts.googleapis.com ajax.googleapis.com	30 KB
1	adsrvr.org match.adsrvr.org	541 B
1	consensu.org vendorlist.consensu.org	18 KB
1	google.de adservice.google.de	171 B
1	lijit.com ap.lijit.com	700 B
1	adnxs.com ib.adnxs.com	708 B
1	openx.net the-eighth-d.openx.net	570 B
1	yieldmo.com ads.yieldmo.com	222 B
1	1rx.io tag.1rx.io	267 B
1	casalemedia.com as-sec.casalemedia.com	3 KB
1	3lift.com tlx.3lift.com	293 B
1	ipfind.co ipfind.co	417 B
1	googletagmanager.com www.googletagmanager.com	28 KB
1	cloudflare.com ajax.cloudflare.com	4 KB
1	leek.gg 1 redirects leek.gg	731 B
84	26

	Domain	Requested by
22	leekduck.com	leekduck.com ajax.cloudflare.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
8	tpc.googlesyndication.com	securepubads.g.doubleclick.net leekduck.com tpc.googlesyndication.com cdn.ampproject.org
6	securepubads.g.doubleclick.net	cdn.thisiswaldo.com securepubads.g.doubleclick.net leekduck.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
3	g2.gumgum.com	cdn.thisiswaldo.com
3	thisiswaldo.com	cdn.thisiswaldo.com thisiswaldo.com
3	fonts.gstatic.com	leekduck.com
2	fastlane.rubiconproject.com	cdn.thisiswaldo.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	cdn.thisiswaldo.com	ajax.cloudflare.com cdn.thisiswaldo.com
1	sync.rtk.io	cdn.thisiswaldo.com
1	match.adsrvr.org	cdn.thisiswaldo.com
1	googleads.g.doubleclick.net	leekduck.com
1	www.google.com	1 redirects
1	vendorlist.consensu.org	thisiswaldo.com
1	stats.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	ap.lijit.com	cdn.thisiswaldo.com
1	ib.adnxs.com	cdn.thisiswaldo.com
1	the-eighth-d.openx.net	cdn.thisiswaldo.com
1	ads.yieldmo.com	cdn.thisiswaldo.com
1	tag.1rx.io	cdn.thisiswaldo.com
1	as-sec.casalemedia.com	cdn.thisiswaldo.com
1	tlx.3lift.com	cdn.thisiswaldo.com
1	bidder.rtk.io	cdn.thisiswaldo.com
1	ipfind.co	cdn.thisiswaldo.com
1	ajax.googleapis.com	ajax.cloudflare.com
1	www.googletagmanager.com	ajax.cloudflare.com
1	ajax.cloudflare.com	leekduck.com
1	fonts.googleapis.com	leekduck.com
1	leek.gg	1 redirects
84	33

This site contains links to these domains. Also see Links.

Domain
shop.leekduck.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-01-31` - `2020-10-09`	8 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
cdn.thisiswaldo.com Go Daddy Secure Certificate Authority - G2	`2019-06-16` - `2020-06-16`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
ipfind.co Amazon	`2020-03-02` - `2021-04-02`	a year	crt.sh
thisiswaldo.com Go Daddy Secure Certificate Authority - G2	`2018-09-19` - `2020-11-18`	2 years	crt.sh
*.rtk.io DigiCert SHA2 Secure Server CA	`2020-02-29` - `2022-03-04`	2 years	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.gumgum.com Amazon	`2019-07-31` - `2020-08-31`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2019-06-28` - `2021-06-27`	2 years	crt.sh
*.yieldmo.com Amazon	`2019-12-11` - `2021-01-11`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2019-03-11` - `2020-05-10`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
vendorlist.consensu.org Amazon	`2020-02-07` - `2021-03-07`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh

This page contains 5 frames:

Primary Page: https://leekduck.com/
Frame ID: D3ED52090153BDB792EF6880412BF179
Requests: 63 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Frame ID: 622855D65D3153E0C6E5CE0A4440B6C7
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Frame ID: 47E236235B24D4CBB1145DA6EEB61176
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: D37559E91A06997702759644E6EC41E6
Requests: 1 HTTP requests in this frame

Frame: https://sync.rtk.io/cs
Frame ID: B9A79754968C8086CE21B99206AE6B4C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://leek.gg/ HTTP 301
https://leekduck.com/ Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Hammer.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /hammer(?:\.min)?\.js/i

Moment Timezone (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /moment-timezone(?:-data)?(?:\.min)?\.js/i

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /moment(?:\.min)?\.js/i
script /moment-timezone(?:-data)?(?:\.min)?\.js/i

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /\/prebid\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

84
Requests

100 %
HTTPS

55 %
IPv6

26
Domains

33
Subdomains

32
IPs

6
Countries

1250 kB
Transfer

2941 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://shop.leekduck.com/
Title: Shop

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://leek.gg/ HTTP 301
https://leekduck.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1751583248&t=pageview&_s=1&dl=https%3A%2F%2Fleekduck.com%2F&ul=en-us&de=UTF-8&dt=Leek%20Duck%20%7C%20Pok%C3%A9mon%20GO%20News%20and%20Resources&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1323206847&gjid=164766815&cid=431789722.1586243585&tid=UA-96155731-1&_gid=2041104104.1586243585&_r=1&gtm=2ou3p1&z=2020440567 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-96155731-1&cid=431789722.1586243585&jid=1323206847&_gid=2041104104.1586243585&gjid=164766815&_v=j81&z=2020440567

Request Chain 77

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

84 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
leekduck.com/
Redirect Chain

http://leek.gg/
https://leekduck.com/

17 KB
4 KB

79ms
25ms

Document
text/html

2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e563b2f383442d5c6d9a095ffe3e427abbec08cba3b782ef91291de97fb512a

Request headers

:method: GET
:authority: leekduck.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 07 Apr 2020 07:13:04 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d63d6e1fe560c2d37babdfc88524f12e21586243584; expires=Thu, 07-May-20 07:13:04 GMT; path=/; domain=.leekduck.com; HttpOnly; SameSite=Lax; Secure
last-modified: Tue, 07 Apr 2020 03:51:40 GMT
access-control-allow-origin: *
expires: Tue, 07 Apr 2020 04:02:55 GMT
cache-control: max-age=600
x-proxy-cache: HIT
x-github-request-id: D44E:404E:470A2:5BAF3:5E8BFA67
via: 1.1 varnish
age: 297
x-served-by: cache-fra19121-FRA
x-cache: HIT
x-cache-hits: 1
x-timer: S1586243584.457413,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: ad33b53da49a1d1f43183d2b4084f11bd07ef2b2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5801f1a2bc526437-FRA
content-encoding: br

Redirect headers

Server: nginx
Date: Tue, 07 Apr 2020 07:13:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 96
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Download-Options: noopen
X-Content-Type-Options: nosniff nosniff
X-XSS-Protection: 1; mode=block 1; mode=block
Location: https://leekduck.com
Vary: Accept
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'

GET
H2 200 css
fonts.googleapis.com/ 2 KB
595 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,400i,700&display=block

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

247ef949c0a24051a9d02737c3e29dbac3220660fb2adc770a09c92264316191

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Apr 2020 07:13:04 GMT
server: ESF
date: Tue, 07 Apr 2020 07:13:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Apr 2020 07:13:04 GMT

GET
H2 200 font-awesome.min.css
leekduck.com/assets/fonts/font-awesome/css/ 4 KB
1 KB 18ms
18ms Stylesheet
text/css 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/assets/fonts/font-awesome/css/font-awesome.min.css?v=0.01
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c390b1351c7752b8455cc0c855476583e636d592d10b596853724470c29ccd15

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

x-fastly-request-id: 176570b6e89e0d5894e297c894bf03fbce69f3a1
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-encoding: br
x-served-by: cache-fra19122-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: BE1E:2130:85B36:AC713:5E8BFA68
x-timer: S1586231913.929679,VS0,VE95
etag: W/"5e8bf8bb-f5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=432000
cf-ray: 5801f1a2ec826437-FRA
x-proxy-cache: MISS
expires: Tue, 07 Apr 2020 06:42:59 GMT

GET
H2 200 main.css
leekduck.com/assets/css/ 52 KB
10 KB 27ms
26ms Stylesheet
text/css 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/assets/css/main.css?=v0.15
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73948e58baf457f5691c3e99747384875000c60c3ff366d1b7370ddd92b10e66

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

x-fastly-request-id: 3e0a36b60457be59a370a6b9fcd4e8802c6861ff
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
cf-polished: origSize=73411
x-cache: MISS
status: 200
x-cache-hits: 0
content-encoding: br
x-served-by: cache-fra19160-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 8CC4:404E:470A9:5BAFF:5E8BFA68
x-timer: S1586231913.932754,VS0,VE92
etag: W/"5e8bf8bb-11ec3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Tue, 07 Apr 2020 04:08:32 GMT
cache-control: max-age=432000
cf-ray: 5801f1a2ec836437-FRA
x-proxy-cache: MISS
cf-bgj: minify

GET
H2 200 logo.svg
leekduck.com/assets/img/ 923 B
648 B 19ms
18ms Image
image/svg+xml 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/logo.svg
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1da35eb7e055683416c2c58726f5a0554b4d2483bb4c1fe69c9681570ddb44f

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 4033399cd1f0d8775013e9d468c522930049bd19
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-encoding: br
x-served-by: cache-fra19167-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: E04C:1372:42F4D:56EAC:5E8BFA68
x-timer: S1586231913.932822,VS0,VE92
etag: W/"5e8bf8bb-39b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=432000
cf-ray: 5801f1a2ec846437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:06:22 GMT

GET
H2 200 shiny.png
leekduck.com/assets/img/events/icons/ 1005 B
1 KB 21ms
20ms Image
image/png 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/events/icons/shiny.png
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c87e544c65fde7aa943f8c67947c13fdfc9e398701ff3343d3afbcc797aaa1ea

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 0d9538255682f3585cda78d7c1bc9a9503156260
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 1005
x-served-by: cache-fra19167-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 5C4A:72ED:8D9EB:B5507:5E8BFA69
x-timer: S1586231913.932800,VS0,VE353
etag: "5e8bf8bb-3ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a2ec856437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:24:21 GMT

GET
H2 200 raids.png
leekduck.com/assets/img/events/icons/ 1 KB
2 KB 34ms
34ms Image
image/png 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/events/icons/raids.png
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fda7a324a8cf9997293573aeccad5d7292055d1f1e9b5486f829f60f3b4b64d3

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: edbbead7c9ed5c0d8806d86e8d7615abafa259f9
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 1454
x-served-by: cache-fra19146-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 98CA:5CA2:47AD5:5C65A:5E8BFA68
x-timer: S1586231913.946333,VS0,VE90
etag: "5e8bf8bb-5ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a2ec876437-FRA
x-proxy-cache: MISS
expires: Tue, 07 Apr 2020 04:08:32 GMT

GET
H2 200 eggs.png
leekduck.com/assets/img/events/icons/ 1 KB
2 KB 18ms
17ms Image
image/png 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/events/icons/eggs.png
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10364c3dbb0b026b500ecfac49d1038bb85a78eff84feb5cbb924bd4e63f2537

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 149a8daf80e55ad3f3e1292974776fce3b891d44
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 1381
x-served-by: cache-fra19139-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 1108:4BBE:8CEEA:B5572:5E8BFA68
x-timer: S1586231913.948473,VS0,VE89
etag: "5e8bf8bb-565"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a2ec896437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 06:28:39 GMT

GET
H2 200 research.png
leekduck.com/assets/img/events/icons/ 2 KB
2 KB 25ms
24ms Image
image/png 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/events/icons/research.png
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ac6739ea9e0ac3eacb814306e2d68e723cd7ece97bf642281eba5980fb002c3

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 7e7848dded46497cea4f11625aea10325f71db94
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 1647
x-served-by: cache-fra19173-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 25A8:286B:471E2:5C113:5E8BFA68
x-timer: S1586231913.945840,VS0,VE93
etag: "5e8bf8bb-66f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a2ec8a6437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:05:31 GMT

GET
H2 200 sales.png
leekduck.com/assets/img/events/icons/ 764 B
965 B 20ms
19ms Image
image/png 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/events/icons/sales.png
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b98b78aa63bdb0bcc91b4538b2cacc424d6f6d9f628d19260f631c03a3efbf9

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 4bc73e33b5c4e2a82ec7ef0248bfc38b6a0b21b8
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 764
x-served-by: cache-fra19151-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 3D40:089F:87F80:AE410:5E8BFA65
x-timer: S1586231913.947786,VS0,VE87
etag: "5e8bf8bb-2fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a2ec8b6437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 05:36:25 GMT

GET
H2 200 events.png
leekduck.com/assets/img/events/icons/ 883 B
1 KB 19ms
19ms Image
image/png 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/events/icons/events.png
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcbb1651a93937332a975c645034305e2498db5fc9d3c3e8941792d6c8d40718

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 8268de8cfb1efdd78dc10a9912cea58ac05ea351
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 883
x-served-by: cache-fra19180-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 8F26:54ED:21E1F:2C371:5E8BFA68
x-timer: S1586231913.946433,VS0,VE93
etag: "5e8bf8bb-373"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a2ec8d6437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:06:56 GMT

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
4 KB 8ms
7ms Script
application/javascript 2606:4700::6810:84e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 02 Apr 2020 11:45:47 GMT
server: cloudflare
etag: W/"5e85d06b-3016"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 5801f1a2ef9c1776-FRA
expires: Thu, 09 Apr 2020 07:13:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 76 KB
28 KB 16ms
14ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-96155731-1

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c1eea7fa42a86e8507c3938acb1c697615e9f5ab26a374a71e5fa478b7df896b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 29062
x-xss-protection: 0
last-modified: Tue, 07 Apr 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Apr 2020 07:13:04 GMT

GET
H2 200 main.js Show response
leekduck.com/assets/js/ 4 KB
1 KB 23ms
21ms Script
application/javascript 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/assets/js/main.js?v=0.27
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 313af5ef5365674608381fb4aeb29a91858232b3655ab93198185215f206a690

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-fastly-request-id: f745ee8c5c09de46943fce6323468d1742fe3a13
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
cf-polished: origSize=4720
x-cache: HIT
status: 200
x-cache-hits: 1
content-encoding: br
x-served-by: cache-fra19128-FRA
last-modified: Tue, 07 Apr 2020 03:51:24 GMT
server: cloudflare
x-github-request-id: 7C88:51BD:844FC:AAEBE:5E8BFA68
x-timer: S1586241965.991894,VS0,VE89
etag: W/"5e8bf8bc-1270"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 07 Apr 2020 04:05:02 GMT
cache-control: max-age=432000
cf-ray: 5801f1a30c9d6437-FRA
x-proxy-cache: HIT
cf-bgj: minify

GET
H2 200 hammer.min.js Show response
leekduck.com/assets/js/ 20 KB
7 KB 25ms
23ms Script
application/javascript 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/assets/js/hammer.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a1b58d624eeb47e9e3073531a5d364e41a2e7853c052873a79917f97dd0bb44

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-fastly-request-id: 5aa6a06300abb110242b2064e404f7cb82214cdc
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-encoding: br
x-served-by: cache-fra19124-FRA
last-modified: Tue, 07 Apr 2020 03:51:24 GMT
server: cloudflare
x-github-request-id: 1108:4BBE:8CEED:B557A:5E8BFA68
x-timer: S1586231913.168158,VS0,VE89
etag: W/"5e8bf8bc-511d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=432000
cf-ray: 5801f1a30ca16437-FRA
x-proxy-cache: MISS
expires: Tue, 07 Apr 2020 04:08:33 GMT

GET
H2 200 list.min.js Show response
leekduck.com/assets/js/ 18 KB
6 KB 19ms
17ms Script
application/javascript 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/assets/js/list.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62a388a7833280dc7dfe5716af9969711f3c2a2fcc34c5af249907d1e2be7c73

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-fastly-request-id: 904fec7fe2c9f2d638265f1bf71ad64c9a37be49
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-encoding: br
x-served-by: cache-fra19136-FRA
last-modified: Tue, 07 Apr 2020 03:51:24 GMT
server: cloudflare
x-github-request-id: 1950:54EA:2D57:4F50:5E8BFA68
x-timer: S1586231913.195329,VS0,VE90
etag: W/"5e8bf8bc-46b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=432000
cf-ray: 5801f1a30ca46437-FRA
x-proxy-cache: MISS
expires: Tue, 07 Apr 2020 04:08:33 GMT

GET
H2 200 moment-timezone.js Show response
leekduck.com/assets/js/ 32 KB
9 KB 32ms
30ms Script
application/javascript 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/assets/js/moment-timezone.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eab684eb76b05b5ca8a953efb67f14a7ebc4691f78fd6d1c29171354b93eb85a

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-fastly-request-id: 38c2fd85dc0b5e40fa4b3a7f06eaf8d2789594e5
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-encoding: br
x-served-by: cache-fra19178-FRA
last-modified: Tue, 07 Apr 2020 03:51:24 GMT
server: cloudflare
x-github-request-id: B6B2:4395:8907D:B023D:5E8BFA69
x-timer: S1586231913.196416,VS0,VE352
etag: W/"5e8bf8bc-800e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 07 Apr 2020 04:07:29 GMT
cache-control: max-age=432000
cf-ray: 5801f1a30ca66437-FRA
x-proxy-cache: HIT
cf-bgj: minify

GET
H2 200 moment.min.js Show response
leekduck.com/assets/js/ 52 KB
17 KB 32ms
30ms Script
application/javascript 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/assets/js/moment.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-fastly-request-id: 54dd49afea510e10595f1b22c6a5f3c049485fd6
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-encoding: br
x-served-by: cache-fra19141-FRA
last-modified: Tue, 07 Apr 2020 03:51:24 GMT
server: cloudflare
x-github-request-id: 903A:212E:1FF91:2A4A3:5E8BFA68
x-timer: S1586231913.196083,VS0,VE94
etag: W/"5e8bf8bc-d04c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=432000
cf-ray: 5801f1a30ca76437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:08:02 GMT

GET
H2 200 jquery.countdown.min.js Show response
leekduck.com/assets/js/ 5 KB
2 KB 23ms
22ms Script
application/javascript 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leekduck.com/assets/js/jquery.countdown.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-fastly-request-id: a45895b9422e964acdc39ec8b49135441ab337c1
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-encoding: br
x-served-by: cache-fra19120-FRA
last-modified: Tue, 07 Apr 2020 03:51:24 GMT
server: cloudflare
x-github-request-id: 9984:11E5:46699:5AA21:5E8BFA68
x-timer: S1586231913.196753,VS0,VE94
etag: W/"5e8bf8bc-14db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=432000
cf-ray: 5801f1a30ca96437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:05:03 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 85 KB
30 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 09 Mar 2020 15:36:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2475381
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 30306
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Mar 2021 15:36:43 GMT

GET
H2 200 6972.js Show response
cdn.thisiswaldo.com/static/js/ 35 KB
9 KB 36ms
7ms Script
application/javascript 2600:9000:21f3:4600:4:164e:ca00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.thisiswaldo.com/static/js/6972.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:21f3:4600:4:164e:ca00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache/2.4.29 (Ubuntu) /

Resource Hash

dbccfb387db5542b65b78eefc60b5a190d2961e9b7d7f0f22f3927e05ffb362a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 06 Apr 2020 15:01:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58268
x-cache: Hit from cloudfront
status: 200
content-length: 8606
last-modified: Mon, 06 Apr 2020 13:47:15 GMT
server: Apache/2.4.29 (Ubuntu)
etag: "8a1c-5a29f8138b54d-gzip"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: z0QvrrnVZWKvA-UeXsNNsCIZqJAZSkrGMOMPMgyfst3OgAUXeiYvDA==

GET
H2 200 dittodisguises.jpg
leekduck.com/assets/img/ 4 KB
4 KB 20ms
18ms Image
image/jpeg 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/dittodisguises.jpg
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4510f72a1e5c09c982cc6a5a88aca4f4b764aa1a8ef758994dcc1d33f59a03b7

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 7fb225a1885a273d3f5e64a1e0c9ceaf072ab5ac
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 4232
x-served-by: cache-fra19137-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: CB74:7E41:8AA97:B25E1:5E8BFA64
x-timer: S1586231913.228102,VS0,VE89
etag: "5e8bf8bb-1088"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a30cab6437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:07:37 GMT

GET
H2 200 genesect.jpg
leekduck.com/assets/img//events/ 86 KB
86 KB 29ms
27ms Image
image/jpeg 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img//events/genesect.jpg
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6c5591cb33c255da855f3c58e6869b003f3d51e5a5874146d563aee22ebde2c

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 81185124ba87b378b5cf3cf398ba8efafd8c66c5
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 87579
x-served-by: cache-fra19171-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 9946:136F:6C81:9E92:5E8BFA5D
x-timer: S1586231913.235638,VS0,VE269
etag: "5e8bf8bb-1561b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a30cad6437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:05:02 GMT

GET
H2 200 splash_feb2020.jpg
leekduck.com/assets/img/events/monthly/ 8 KB
8 KB 18ms
17ms Image
image/jpeg 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/events/monthly/splash_feb2020.jpg
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 585d0bd585f61920cdb7fb2be7b7d1dde61d0d343d358c90de24a2ac447af2e3

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 709ce03142109a56898bf2b6e49bd962d66aaed9
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 8320
x-served-by: cache-fra19125-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: F05C:41FF:8A0DF:B15B7:5E8BFA67
x-timer: S1586231913.234488,VS0,VE89
etag: "5e8bf8bb-2080"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a30cae6437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 06:03:19 GMT

GET
H2 200 shiny-december-field-research.jpg
leekduck.com/assets/img/shiny/ 7 KB
7 KB 22ms
21ms Image
image/jpeg 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/shiny/shiny-december-field-research.jpg
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 522cafaa0624f5413aa5e9a47c32b327df6474af31ffe70712d058f47272250f

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: be53be45b1dc19187a8b2a9bbe330ab4c7c51a9b
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 6758
x-served-by: cache-fra19153-FRA
last-modified: Tue, 07 Apr 2020 03:51:24 GMT
server: cloudflare
x-github-request-id: C1D8:2F10:43551:57671:5E8BFA62
x-timer: S1586231913.234351,VS0,VE96
etag: "5e8bf8bc-1a66"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a30caf6437-FRA
x-proxy-cache: HIT
expires: Tue, 07 Apr 2020 04:06:56 GMT

GET
H2 200 gear.jpg
leekduck.com/assets/img/gear/ 91 KB
92 KB 117ms
115ms Image
image/jpeg 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/gear/gear.jpg
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c3329280080e085e2df89ced30fa55072c3397bc55503301841f51d6a0d2273

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 7564ce5d93f6aed59120bce8b58a0365e035c3c0
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 93381
x-served-by: cache-fra19137-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: FCE6:5CA2:47AD7:5C65D:5E8BFA68
x-timer: S1586231913.232744,VS0,VE272
etag: "5e8bf8bb-16cc5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a30cb06437-FRA
x-proxy-cache: MISS
expires: Tue, 07 Apr 2020 04:08:33 GMT

GET
H2 200 giovanni.jpg
leekduck.com/assets/img/ 55 KB
55 KB 135ms
134ms Image
image/jpeg 2606:4700:3032::6812:3a7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leekduck.com/assets/img/giovanni.jpg
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6812:3a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26eb1ac7f702c0b63111367b5272297ecbb7fca834273d95a1fb9b2a2bfdf3e0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-fastly-request-id: 47beddba7a854e9cb4aa53d162c914bba4c2d44c
date: Tue, 07 Apr 2020 07:13:04 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 56187
x-served-by: cache-fra19126-FRA
last-modified: Tue, 07 Apr 2020 03:51:23 GMT
server: cloudflare
x-github-request-id: 3DD8:5CA4:8A8E7:B1FD3:5E8BFA68
x-timer: S1586231913.232677,VS0,VE94
etag: "5e8bf8bb-db7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5801f1a30cb26437-FRA
x-proxy-cache: MISS
expires: Tue, 07 Apr 2020 04:08:33 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700&display=block
Origin: https://leekduck.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 01 Apr 2020 22:55:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:54 GMT
server: sffe
age: 461868
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14176
x-xss-protection: 0
expires: Thu, 01 Apr 2021 22:55:16 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v16/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700&display=block
Origin: https://leekduck.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 04 Apr 2020 04:48:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:51 GMT
server: sffe
age: 267889
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14864
x-xss-protection: 0
expires: Sun, 04 Apr 2021 04:48:15 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700&display=block
Origin: https://leekduck.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 04 Apr 2020 10:25:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:55 GMT
server: sffe
age: 247652
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14044
x-xss-protection: 0
expires: Sun, 04 Apr 2021 10:25:32 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 44 KB
15 KB 32ms
17ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/6972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

b9226bc66b1c761e576d0849b134c39c5c4bbd96293704d028d76eb923c3838f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "479 / 721 of 1000 / last-modified: 1586189351"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 14694
x-xss-protection: 0
expires: Tue, 07 Apr 2020 07:13:04 GMT

GET
H2 200 prebid.js Show response
cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/ 240 KB
76 KB 13ms
12ms Script
application/javascript 2600:9000:21f3:4600:4:164e:ca00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js

Requested by

Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/6972.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:21f3:4600:4:164e:ca00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache/2.4.29 (Ubuntu) /

Resource Hash

ac889c35993990066adb5a10cc22e87910fe773b33e4c01dd8491b8444196b2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 05:25:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Apr 2020 14:42:45 GMT
server: Apache/2.4.29 (Ubuntu)
age: 6450
etag: "3c094-5a2a047bd28f7-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: _heaFIW3tlKCgfBokRdCyg9de9Uv808ELeWcyb6GBPnlq3ugELZWvw==
via: 1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)

GET
H2 200 me Show response
ipfind.co/ 296 B
417 B 514ms
188ms XHR
application/json 52.9.196.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfind.co/me?auth=3757a9b9-5759-4813-bc1a-7fa0b8ba94c1
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/6972.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.9.196.177 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-9-196-177.us-west-1.compute.amazonaws.com
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: ad09a308af56ded031e3eafcd6be0919504a7e2566bfedba78b024e6cc1b087a

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 07 Apr 2020 07:13:05 GMT
content-encoding: gzip
server: Apache/2.4.18 (Ubuntu)
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://leekduck.com
cache-control: no-cache, private
access-control-allow-credentials: true
content-length: 198

POST
H/1.1 200
OK new-impression Show response
thisiswaldo.com/ 1 B
384 B 355ms
124ms XHR
text/html 52.15.219.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://thisiswaldo.com/new-impression

Requested by

Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/6972.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.15.219.226 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-15-219-226.us-east-2.compute.amazonaws.com

Software

Apache/2.4.29 (Ubuntu) /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Tue, 07 Apr 2020 07:13:04 GMT
X-Content-Type-Options: nosniff, nosniff
Server: Apache/2.4.29 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 1
Expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-96155731-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 2372
date: Tue, 07 Apr 2020 06:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Tue, 07 Apr 2020 08:33:32 GMT

GET
H/1.1 200
OK aardvark Show response
bidder.rtk.io/hnKM/wSH3_DWrW_z06k_kDDi/ 544 B
826 B 760ms
477ms XHR
text/html 23.239.15.111
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.rtk.io/hnKM/wSH3_DWrW_z06k_kDDi/aardvark?version=1&jsonp=false&rtkreferer=https%3A%2F%2Fleekduck.com%2F&w=1600&h=1200&schain=1.0%2C1!newormedia.com%2C6972%2C1%2C%2C%2C&wSH3=28d6982610a7f7&DWrW=3946a8ed71af99&z06k=414ca561b92ac1&kDDi=5f1249ee3080cf&
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.239.15.111 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li723-111.members.linode.com
Software: RTK AdStorm/1.0 /
Resource Hash: 0c871325270c461157c398216fa74cd6022eac01219f9b37eca1cb96d48de621

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 07:13:05 GMT
Content-Encoding: gzip
Server: RTK AdStorm/1.0
Etag: "8f47761a6b97da13781211e95e8d2cd47fc9c19b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://leekduck.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
X-Rtk-Nid: li137-225.members.linode.com:117
Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, Access-Control-Allow-Origin
Content-Length: 198
Expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
293 B 24ms
8ms XHR
application/json 35.157.254.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.5.0&referrer=https%3A%2F%2Fleekduck.com%2F&tmax=3000

Requested by

Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.254.243 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-254-243.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:04 GMT
x-auction-status: 12, 12
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leekduck.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 122 B
542 B 97ms
38ms XHR
application/json 52.48.220.157
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=7726&pi=3&schain=1.0%2C1!newormedia.com%2C6972%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fleekduck.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fleekduck.com%2F&ns=9728&
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.220.157 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-220-157.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 45d266c790c3dd2f8fa4c4995824ecc9144a4192a7e7fce3fd8b65978dbda7ee

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://leekduck.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 122 B
541 B 109ms
50ms XHR
application/json 52.48.220.157
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=7726&pi=3&schain=1.0%2C1!newormedia.com%2C6972%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fleekduck.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fleekduck.com%2F&ns=9728&
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.220.157 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-220-157.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4090129b101fd73c2645e722c876e0ef7845784091143491d48ed8d43905dfb9

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://leekduck.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 122 B
540 B 94ms
35ms XHR
application/json 52.48.220.157
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=7722&pi=3&schain=1.0%2C1!newormedia.com%2C6972%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fleekduck.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fleekduck.com%2F&ns=9728&
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.220.157 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-220-157.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3bd5272f7a9996e2ded128b4d6a0eb97edfaae55617a65ebe68768e5565ca2ec

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://leekduck.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 153ms
117ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17822&site_id=305358&zone_id=1540592&size_id=2&rp_schain=1.0,1!newormedia.com,6972,1,,,&rf=https%3A%2F%2Fleekduck.com%2F&tk_flint=pbjs_lite_v3.5.0&x_source.tid=03cf43f8-28cd-4389-8c90-61535381608e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.300388642510232
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: c6ede07681335fc17a8e7d4b6cab33fbd8a2422790bab70e78cdd21f2610189b

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 07:13:04 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://leekduck.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=458
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 143ms
108ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17822&site_id=305358&zone_id=1540592&size_id=15&alt_size_ids=2%2C57&rp_schain=1.0,1!newormedia.com,6972,1,,,&rf=https%3A%2F%2Fleekduck.com%2F&tk_flint=pbjs_lite_v3.5.0&x_source.tid=a4f467db-dbad-4eca-80bd-0bd2e8ced958&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.09678609514095116
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 06841464dab31e3b8f40b0701cf07e4d8aa241ff83fa7a1840fe81ab4b9e7f59

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 07:13:04 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://leekduck.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=224
Content-Length: 1421
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 3 KB
3 KB 120ms
105ms XHR
application/json 23.213.165.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=296677&v=7.2&r=%7B%22id%22%3A%22160ad411267f234%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22176c61f83f3a9b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22296677%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2218ce306f510b6a1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22296681%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221980a72e45edd06%22%2C%22ext%22%3A%7B%22siteID%22%3A%22296679%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2220e67a0151dace5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22296667%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fleekduck.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22newormedia.com%22%2C%22sid%22%3A%226972%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1&
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.44 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-44.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 476848b0f6b535b028321625a8db16b6a231823637fc942a0914ec29ad79d3ca

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 07:13:04 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://leekduck.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 2138
Expires: Tue, 07 Apr 2020 07:13:04 GMT

POST
H/1.1 204
No Content mvo Show response
tag.1rx.io/rmp/204847/0/ 0
267 B 94ms
47ms XHR
text/plain 213.19.147.210
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/204847/0/mvo?z=1r&hbv=3.5,2.1
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.19.147.210 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://leekduck.com
Pragma: no-cache
Date: Tue, 07 Apr 2020 07:13:04 GMT
Cache-Control: private, max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
222 B 106ms
38ms XHR
text/plain 52.17.116.207
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22waldo-tag-6973%22%2C%22callback_id%22%3A%2225e2c4b2dfb903e%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%222424008570308600581%22%7D%2C%7B%22placement_id%22%3A%22waldo-tag-6975%22%2C%22callback_id%22%3A%2226122cdb2cb7e2%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C250%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222424008570308600581%22%7D%5D&page_url=https%3A%2F%2Fleekduck.com%2F&bust=1586243584688&pr=https%3A%2F%2Fleekduck.com%2F&scrd=1&dnt=false&e=0&description=Get%20the%20latest%20info%20on%20Shiny%20Pok%C3%A9mon%2C%20Raid%20Bosses%2C%20Research%2C%20and%20more%20in%20Pok%C3%A9mon%20GO%20from%20Leek%20Duck%2C%20a%20Trainer%20from%20NYC.%20Train%20to%20be%20the%20very%20best.&title=Leek%20Duck%20%7C%20Pok%C3%A9mon%20GO%20News%20and%20Resources&w=1600&h=1200&userConsent=%7B%7D&us_privacy=undefined&pubcid=951d0473-3a88-4c92-9bd2-5cbc98e41fd5&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22newormedia.com%22%2C%22sid%22%3A%226972%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.116.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-116-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:04 GMT
status: 204
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://leekduck.com
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-request-headers: Cache-Control, Pragma

GET
H2 200 arj Show response
the-eighth-d.openx.net/w/1.0/ 175 B
570 B 203ms
176ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://the-eighth-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fleekduck.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=03cf43f8-28cd-4389-8c90-61535381608e%2Ca4f467db-dbad-4eca-80bd-0bd2e8ced958&nocache=1586243584698&pubcid=951d0473-3a88-4c92-9bd2-5cbc98e41fd5&schain=1.0%2C1!newormedia.com%2C6972%2C1%2C%2C%2C&aus=728x90%7C728x90%2C970x250%2C300x250&divIds=waldo-tag-6973%2Cwaldo-tag-6975&auid=540958144%2C540958148&
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.182.1 /
Resource Hash: 16cf8d9108d29d466c850177e3197593b78da50e7630d42f14311ab2aac83cc7

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
server: OXGW/16.182.1
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://leekduck.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
708 B 44ms
15ms XHR
application/json 185.33.223.209
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.209 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

314.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 07 Apr 2020 07:13:06 GMT
X-Proxy-Origin: 83.143.245.69; 83.143.245.69; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.242:80
AN-X-Request-Uuid: 7f1912b3-4118-45c2-9ae5-5a4bcf4fcb0e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://leekduck.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
700 B 64ms
25ms XHR
application/json 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.5.0
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 1e4aae48d24ccd6013a5459e5fbd22a6c8b1b66dbfb86132dab594d99767eab6

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 07 Apr 2020 07:13:04 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://leekduck.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 44

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 18ms
18ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=leekduck.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leekduck.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020032401.js Show response
securepubads.g.doubleclick.net/gpt/ 168 KB
62 KB 16ms
15ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

123d4b411f97e36f72e2f44be0b18944489e908ff159f59ab8aba984c69517fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 07:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 24 Mar 2020 13:43:01 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 62966
x-xss-protection: 0
expires: Tue, 07 Apr 2020 07:13:04 GMT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1751583248&t=pageview&_s=1&dl=https%3A%2F%2Fleekduck.com%2F&ul=en-us&de=UTF-8&dt=Leek%20Duck%20%7C%20Pok%C3%A9mon%20GO%20News%20and%20Resourc...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-96155731-1&cid=431789722.1586243585&jid=1323206847&_gid=2041104104.1586243585&gjid=164766815&_v=j81&z=2020440567

35 B
113 B

16ms
15ms

Image
image/gif

2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-96155731-1&cid=431789722.1586243585&jid=1323206847&_gid=2041104104.1586243585&gjid=164766815&_v=j81&z=2020440567

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Tue, 07 Apr 2020 07:13:04 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:04 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-96155731-1&cid=431789722.1586243585&jid=1323206847&_gid=2041104104.1586243585&gjid=164766815&_v=j81&z=2020440567
content-type: text/html; charset=UTF-8
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 418
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cmp.complete.bundle.js Show response
thisiswaldo.com/sites/all/modules/custom/ad_delivery/cmp/build/ 195 KB
41 KB 322ms
110ms Script
application/javascript 52.15.219.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://thisiswaldo.com/sites/all/modules/custom/ad_delivery/cmp/build/cmp.complete.bundle.js

Requested by

Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/6972.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.15.219.226 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-15-219-226.us-east-2.compute.amazonaws.com

Software

Apache/2.4.29 (Ubuntu) /

Resource Hash

4586e215e2f2314c482eddd7e97c5b30024f876c4c974aee4d180782d76e0949

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 07 Apr 2020 07:13:05 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Feb 2020 16:44:07 GMT
Server: Apache/2.4.29 (Ubuntu)
ETag: "30b03-59ef07f33e3c0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 41528

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 54 KB
12 KB 297ms
297ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=747745248300887&correlator=1310311983347609&output=ldjh&impl=fifs&adsid=NT&eid=21062833%2C21064211&vrg=2020032401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200407&iu_parts=124067137%2Cleekduck728x90FS_1%2Cleekduck728x90FL_1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=728x90%2C728x90%7C970x250%7C300x250&prev_scp=hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D3969af05056996e%26hb_bidder%3Dix%7Chb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.02%26hb_adid%3D4235923c5a0e9d6%26hb_bidder%3Drubicon&eri=1&cust_params=universal_passback%3Dyes&cookie_enabled=1&bc=31&abxe=1&lmt=1586231500&dt=1586243585453&dlt=1586243584467&idt=281&frm=20&biw=1585&bih=1200&oid=3&adxs=429%2C429&adys=1103%2C1092&adks=3183925585%2C1735718541&ucis=1%7C2&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fleekduck.com%2F&dssz=20&icsg=34602794&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1%7C960x90&msz=728x-1%7C960x90&ga_vid=431789722.1586243585&ga_sid=1586243585&ga_hid=1751583248&fws=516%2C4&ohw=1585%2C1585

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

aeba3c703e4505803536fa4a036eda959dfd5b2d00f4b7eab2e6fa0e947bfb71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 07 Apr 2020 07:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 11329
x-xss-protection: 0
google-lineitem-id: 5306225646,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138303778736,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://leekduck.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020032401.js Show response
securepubads.g.doubleclick.net/gpt/ 66 KB
24 KB 15ms
15ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

0290a012deb1b25451f5211d8cb8b40d8fa6f3942d23ecc12d96670e4c0ed7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 07:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 24 Mar 2020 13:43:01 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 24573
x-xss-protection: 0
expires: Tue, 07 Apr 2020 07:13:05 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
5ms Other
text/html 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
H/1.1 200
OK pubvendors.json Show response
thisiswaldo.com/sites/all/modules/custom/ad_delivery/cmp/build/docs/ 0
0 112ms
112ms Fetch
application/json 52.15.219.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://thisiswaldo.com/sites/all/modules/custom/ad_delivery/cmp/build/docs/pubvendors.json
Requested by: Host: thisiswaldo.com
URL: https://thisiswaldo.com/sites/all/modules/custom/ad_delivery/cmp/build/cmp.complete.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.15.219.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-15-219-226.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003171848440/ Frame 6228 200 KB
56 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8662
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 55861
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:48:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "66e23296f665ec26"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:48:43 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003171848440/ Frame 6228 200 KB
56 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8662
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 55861
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:48:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "66e23296f665ec26"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:48:43 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012003171848440/v0/ Frame 6228 92 KB
28 KB 38ms
19ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d61b6fa5a24a2cc4b7aa62a2a6271a13800b99d30016c4e09f38cf47f8490ea3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8646
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28362
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:48:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6205ff224420b8da"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:48:59 GMT

GET
DATA 200
OK truncated
/ Frame 6228 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1442b2672594503b95a4886858c657a82785f66abe2732d962124346929e9cb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012003171848440/ 20 KB
7 KB 36ms
18ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

064282bdfcb1d589a67f8940076741fd9b90c43baaae421a71a5a96a226b9e71

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3449
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 7178
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 06:15:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8728c2475be0528f"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 06:15:36 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003171848440/ Frame 47E2 200 KB
55 KB 28ms
13ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8662
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 55861
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:48:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "66e23296f665ec26"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:48:43 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003171848440/ Frame 47E2 200 KB
55 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8662
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 55861
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:48:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "66e23296f665ec26"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:48:43 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012003171848440/v0/ Frame 47E2 16 KB
6 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15dc62e4bc865a60b64f28b5e2a71ad4837cbd10bf8c1b2b9fdff1f0e1146f8f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8621
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 5727
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:49:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3529e5e24fecb21d"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:49:24 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012003171848440/v0/ Frame 47E2 92 KB
28 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d61b6fa5a24a2cc4b7aa62a2a6271a13800b99d30016c4e09f38cf47f8490ea3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8646
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28362
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:48:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6205ff224420b8da"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:48:59 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012003171848440/v0/ Frame 47E2 3 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b815af53455dd04f265f93f1bd7c197332bd9fbfe0e5b94550c4119d4fab9dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8650
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1412
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:48:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "abf7ce2ee1482f4b"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:48:55 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012003171848440/v0/ Frame 47E2 46 KB
15 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003171848440/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

267a755fcafbf3ed5016a3ac9ee7fe833d882844c3b9cfc39de536cced29859b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8619
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 14864
x-xss-protection: 0
server: sffe
date: Tue, 07 Apr 2020 04:49:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "39ef0e7c76fb491e"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Apr 2021 04:49:26 GMT

GET
DATA 200
OK truncated
/ Frame 47E2 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7518ffb76a696026540c4cf2b4acde842ce64cf830d313004592cb78a5641353

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 10458202877642965582
tpc.googlesyndication.com/simgad/ Frame 6228 43 KB
43 KB 20ms
19ms Image
image/jpeg 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10458202877642965582

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b325bc484cc37d9797656e6090a218c2d3a48f34c26f45c2ccbfa2d503d4f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 20 Feb 2020 15:02:06 GMT
x-content-type-options: nosniff
age: 4032659
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 43822
x-xss-protection: 0
last-modified: Thu, 20 Feb 2020 14:51:29 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Feb 2021 15:02:06 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6228 0
307 B 18ms
17ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuc-eW7e13D9GhgUt_btuNkoXcOFJlWUwiIMfhQjO49FO49I8BgDiHJ2yqOyaoG3wHKihHDT1wTAOXF0NFKUK4uvMSJYCVdFWi2glk3FLQYMsF8uhk3b-MBBjT3l9bnQyw80zDfrbYqAynTIdCpuva-dpie4KkngeF6pgD6jb1rwZC672u84P11Rnx6L_PesbZbf9KlGGjL81ATx6_Ab-UGT9NmpKgLHWcLjoB6jMxb9ltbpmFxNHGZLizE4mwRB9mITCj1IUAdnbo&sai=AMfl-YSqEYuPupOPn5jGuTmXWGv8xw99KoXmLX05IwX5X8IoVBcGrn5lR9mfp-cRRzA8k9EBLuHojRQLNpTfdD8xvzvNIz8Zv7lPNxH-A3jN&sig=Cg0ArKJSzHuKmhYu-mDSEAE&adurl=

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 07 Apr 2020 07:13:05 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 07 Apr 2020 07:13:05 GMT

GET
H2 200 5620766706203014188
tpc.googlesyndication.com/daca_images/simgad/ Frame 47E2 133 KB
134 KB 8ms
7ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/5620766706203014188

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0c67e7e40d93a3f32886f48cb96f6c594ba268c48aac2ff93232a0a9fda3240

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 29 Jan 2020 18:37:32 GMT
x-content-type-options: nosniff
age: 5920533
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 136599
x-xss-protection: 0
last-modified: Fri, 11 Jan 2019 20:57:52 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Jan 2021 18:37:32 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 47E2 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 06 Apr 2020 11:08:58 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 72247
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Tue, 07 Apr 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 47E2 295 B
522 B 7ms
6ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: leekduck.com
URL: https://leekduck.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 06 Apr 2020 12:55:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 65864
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 07 Apr 2020 12:55:21 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 47E2 0
0 18ms
18ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CW8XeASiMXp-eHtLi7gP59azYDL_x9L9chaelydsI_b6yxc8OEAEg1bSZe2CV-vCBjAegAdrxgfUCyAEC4AIAqAMByAMIqgTRAU_QKq2s7N2Wls8IqSb7T3zQItZS8iKKNXQ-yiQ-qrJALAmBuLXvNK3PZ_CwDL4Zm7esnat5CwI473lg80QifMysaVf6bvXM9GFAEQ4flE-_HNjEFDIuZ2KY-IbwbIRtCHfLwFERgIwAxaFMXE5S1aSd9kkmmnjbgnWVR0SJ0DDzNi89b9qQOxIriQKunqeM6aoeZUqfP-Cdx2g9XrByGkYyX2f5obV3j6Nyi7NmTD6ZhBlNfFSvzDsNy2t_WxbIybbPGaR_odpFQl8x_-1QihDwwATB9oX-ggLgBAGSBQQIBBgBkgUECAUYBKAGAoAHjo7-igGoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQ-agB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi00NzI5OTkzMTY3ODE1Mjk4gAoDyAsB2BMM&sigh=tf8HF2iK8Kg&tpd=AGWhJmuuypOih0sMlhRFRWOA5bo8Cd-RO99gbAYPvaoWxbMueg
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
5 KB 17ms
17ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020032401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4481225d36db2bafc798220cbf1526aadd58c805a1bc11b03d9a526921ea55d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Apr 2020 07:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 5228
x-xss-protection: 0

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 96 KB
18 KB 29ms
8ms Fetch
application/json 2600:9000:2156:0:1:af78:4c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: thisiswaldo.com
URL: https://thisiswaldo.com/sites/all/modules/custom/ad_delivery/cmp/build/cmp.complete.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:0:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 21160938cd464f39641a3b344ad089f979242f7694a49e5616d10c4c65152e71

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 03 Apr 2020 02:23:19 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 362987
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 02 Apr 2020 16:00:36 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: DeJMvCxi75SjwcUdTNOaQvs7.jhGJpqv
via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: tRH0HqtdvAWcYHjc1MHC2hDGZ6kLDb9SEApWLpjoYK8E7yDYvtgdqQ==

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
5 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 07 Apr 2020 07:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582746470043195"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 5456
x-xss-protection: 0
expires: Tue, 07 Apr 2020 07:13:05 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 47E2
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

48ms
47ms

Image
text/html

2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: leekduck.com
URL: https://leekduck.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 07 Apr 2020 07:13:05 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame D375 0
0 6ms
6ms Document
text/html 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://leekduck.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://leekduck.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Tue, 07 Apr 2020 06:15:59 GMT
expires: Wed, 07 Apr 2021 06:15:59 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3426
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 10458202877642965582
tpc.googlesyndication.com/simgad/ Frame 6228 43 KB
43 KB 6ms
5ms Image
image/jpeg 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10458202877642965582

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b325bc484cc37d9797656e6090a218c2d3a48f34c26f45c2ccbfa2d503d4f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 20 Feb 2020 15:02:06 GMT
x-content-type-options: nosniff
age: 4032659
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 43822
x-xss-protection: 0
last-modified: Thu, 20 Feb 2020 14:51:29 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Feb 2021 15:02:06 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
58 B 14ms
14ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020032401&jk=747745248300887&bg=!8POl8-tYvTbP4pS601MCAAAAMVIAAAAJmQFYke-EhDxeohd9yLziFQMfrTQ2QD_ihgoG97Xdc6-qRmxqE5tsahbmj2TfSDIByWIvn_zC20qSvwFH-k80XGT-7dIUUk051Ueg_awJfRRSfdQQhkz3qFgnp_lIbiFrkEMTkMYnbIGIvBQrYhNcT63CdqVnMvqwSxc9QGlz75VSoqJo_9AnhmfcAZsbkyMksz0-WvDgnx_lBBB0KakGHG7egVVgoKnHK7PAs5GK8HHoJNflWfqCHxPaSmgezhZogrfz6lfrSbEnTto1XszOTRFVWxJYGuD1lgMJv0hFFoxzXiycxtlMl0gHOYSTDDc6pUPVeTiR_-AkpQTEOpfQ7dFnYOmdLIzd5ra93H1-T_-7wvau_mY-FAe5YUbT-mIpQ-Cnr9ViVkG924UYQo4fQnpbo-6VOuBeqTWiVJzo-hBayf81MUzzNA6o5IUBor40ddQ6gVuF0KzqjP4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:05 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 6228 42 B
110 B 14ms
14ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstSA-d59rXpA4te1QLJMyI11eFF7u2CcRhUErv-GXHRlVQMpV7B4x7ixmCYqpv-VvPtFcVQGnfldHHp4JnpjwjW0Zxl47sj_BjhHnqptR4&sig=Cg0ArKJSzOSSCAQbfplvEAE&id=ampim&o=429,1110&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=92&tls=1092&g=100&h=100&tt=1092&r=v&adk=3183925585&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:06 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 47E2 42 B
110 B 17ms
17ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvj0qUXPOLeORYI3Gw0ejTaCEQuRnoZLNyvQ8rhTGiYLpWnddWuP45IavpAAAo_ug4sDfik0GCleCaHn4_96cooJpuPgmRwhmKBtMVr07Ok8oFzbVK8ugvYE1CSGA&sai=AMfl-YSgqJ_yICjdnUlyjXIqYmTRJJAsgSCDajCMfgw0rwROx5au3y7OGUuYqraIllNL-_sF6PMuVUN29fvRnbPSDl5Cf3RabRDFKz4-ou3t&sig=Cg0ArKJSzKIuf-jseRlGEAE&id=ampim&o=313,1092&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=96&tls=1097&g=43.20000112056732&h=43.20000112056732&tt=1097&r=v&adk=1735718541&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leekduck.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 07 Apr 2020 07:13:06 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
541 B 101ms
33ms XHR
application/json 63.33.80.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=9zrfwmk&fmt=json
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.80.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-80-49.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 429ec02c94b207fd1d789a981d3f6221319bb2722ba9a663947f32e495df01bf

Request headers

Referer: https://leekduck.com/
Origin: https://leekduck.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Apr 2020 07:13:08 GMT
x-aspnet-version: 4.0.30319
status: 200
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leekduck.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Thu, 07 May 2020 07:13:08 GMT

GET
H/1.1 200
OK Cookie set cs
sync.rtk.io/ Frame B9A7 0
0 403ms
95ms Document
text/html 23.239.15.111
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.rtk.io/cs
Requested by: Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/sites/all/modules/custom/ad_delivery/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.239.15.111 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li723-111.members.linode.com
Software: RTK CookiePixel/v1.2.0 /
Resource Hash

Request headers

Host: sync.rtk.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://leekduck.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://leekduck.com/

Response headers

Date: Tue, 07 Apr 2020 07:13:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Server: RTK CookiePixel/v1.2.0
Set-Cookie: rtkuuid=03b85012-2c85-48b9-b487-99f5c171cfa7; Path=/; Domain=rtk.io; Expires=Mon, 06 Jul 2020 07:13:08 GMT; Secure; SameSite=None
X-Rtk-Nid: li912-69.members.linode.com:8002
Content-Encoding: gzip

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.leekduck.com/	1970-01-19 09:20:35	Name: __cfduid Value: d63d6e1fe560c2d37babdfc88524f12e21586243584

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.thisiswaldo.com/static/js/6972.js(Line 2) Message: triggered on event listener
console-api	log	(Line 4) Message: Service Worker registration successful with scope: https://leekduck.com/
console-api	warning	URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at HTMLAnchorElement.<anonymous> (https://leekduck.com/assets/js/main.js?v=0.27:11:303) at Function.each (https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js:2:2715) at r.fn.init.each (https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js:2:1003) at HTMLDocument.<anonymous> (https://leekduck.com/assets/js/main.js?v=0.27:11:55) at j (https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js:2:29999) at k (https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js:2:30313) undefined
console-api	log	URL: https://cdn.thisiswaldo.com/static/js/6972.js(Line 1) Message: sending ad server request
console-api	info	URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js(Line 407) Message: Powered by AMP ⚡ HTML – Version 2003171848440 https://leekduck.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js(Line 407) Message: Powered by AMP ⚡ HTML – Version 2003171848440 https://leekduck.com/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yieldmo.com
adservice.google.com
adservice.google.de
ajax.cloudflare.com
ajax.googleapis.com
ap.lijit.com
as-sec.casalemedia.com
bidder.rtk.io
cdn.ampproject.org
cdn.thisiswaldo.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
ib.adnxs.com
ipfind.co
leek.gg
leekduck.com
match.adsrvr.org
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
stats.g.doubleclick.net
sync.rtk.io
tag.1rx.io
the-eighth-d.openx.net
thisiswaldo.com
tlx.3lift.com
tpc.googlesyndication.com
vendorlist.consensu.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
172.217.18.98
185.33.223.209
192.64.116.170
213.19.147.210
216.52.2.19
23.213.165.44
23.239.15.111
2600:9000:2156:0:1:af78:4c0:93a1
2600:9000:21f3:4600:4:164e:ca00:93a1
2606:4700:3032::6812:3a7e
2606:4700::6810:84e5
2a00:1450:4001:800::2008
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:808::2004
2a00:1450:4001:808::200a
2a00:1450:4001:814::2002
2a00:1450:4001:814::2003
2a00:1450:4001:816::2002
2a00:1450:4001:817::2002
2a00:1450:4001:81c::200e
2a00:1450:4001:820::2002
2a00:1450:4001:820::200a
2a00:1450:4001:821::2001
2a00:1450:400c:c00::9d
34.95.120.147
35.157.254.243
52.15.219.226
52.17.116.207
52.48.220.157
52.9.196.177
63.33.80.49
69.173.144.141
0290a012deb1b25451f5211d8cb8b40d8fa6f3942d23ecc12d96670e4c0ed7a5
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
064282bdfcb1d589a67f8940076741fd9b90c43baaae421a71a5a96a226b9e71
06841464dab31e3b8f40b0701cf07e4d8aa241ff83fa7a1840fe81ab4b9e7f59
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c871325270c461157c398216fa74cd6022eac01219f9b37eca1cb96d48de621
10364c3dbb0b026b500ecfac49d1038bb85a78eff84feb5cbb924bd4e63f2537
123d4b411f97e36f72e2f44be0b18944489e908ff159f59ab8aba984c69517fe
15dc62e4bc865a60b64f28b5e2a71ad4837cbd10bf8c1b2b9fdff1f0e1146f8f
16cf8d9108d29d466c850177e3197593b78da50e7630d42f14311ab2aac83cc7
1e4aae48d24ccd6013a5459e5fbd22a6c8b1b66dbfb86132dab594d99767eab6
21160938cd464f39641a3b344ad089f979242f7694a49e5616d10c4c65152e71
2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f
247ef949c0a24051a9d02737c3e29dbac3220660fb2adc770a09c92264316191
267a755fcafbf3ed5016a3ac9ee7fe833d882844c3b9cfc39de536cced29859b
26eb1ac7f702c0b63111367b5272297ecbb7fca834273d95a1fb9b2a2bfdf3e0
2b325bc484cc37d9797656e6090a218c2d3a48f34c26f45c2ccbfa2d503d4f65
2b815af53455dd04f265f93f1bd7c197332bd9fbfe0e5b94550c4119d4fab9dd
313af5ef5365674608381fb4aeb29a91858232b3655ab93198185215f206a690
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3b98b78aa63bdb0bcc91b4538b2cacc424d6f6d9f628d19260f631c03a3efbf9
3bd5272f7a9996e2ded128b4d6a0eb97edfaae55617a65ebe68768e5565ca2ec
3e563b2f383442d5c6d9a095ffe3e427abbec08cba3b782ef91291de97fb512a
4090129b101fd73c2645e722c876e0ef7845784091143491d48ed8d43905dfb9
429ec02c94b207fd1d789a981d3f6221319bb2722ba9a663947f32e495df01bf
4481225d36db2bafc798220cbf1526aadd58c805a1bc11b03d9a526921ea55d1
4510f72a1e5c09c982cc6a5a88aca4f4b764aa1a8ef758994dcc1d33f59a03b7
4586e215e2f2314c482eddd7e97c5b30024f876c4c974aee4d180782d76e0949
45d266c790c3dd2f8fa4c4995824ecc9144a4192a7e7fce3fd8b65978dbda7ee
476848b0f6b535b028321625a8db16b6a231823637fc942a0914ec29ad79d3ca
522cafaa0624f5413aa5e9a47c32b327df6474af31ffe70712d058f47272250f
585d0bd585f61920cdb7fb2be7b7d1dde61d0d343d358c90de24a2ac447af2e3
62a388a7833280dc7dfe5716af9969711f3c2a2fcc34c5af249907d1e2be7c73
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
73948e58baf457f5691c3e99747384875000c60c3ff366d1b7370ddd92b10e66
7518ffb76a696026540c4cf2b4acde842ce64cf830d313004592cb78a5641353
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8a1b58d624eeb47e9e3073531a5d364e41a2e7853c052873a79917f97dd0bb44
8ac6739ea9e0ac3eacb814306e2d68e723cd7ece97bf642281eba5980fb002c3
8c3329280080e085e2df89ced30fa55072c3397bc55503301841f51d6a0d2273
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
ac889c35993990066adb5a10cc22e87910fe773b33e4c01dd8491b8444196b2d
ad09a308af56ded031e3eafcd6be0919504a7e2566bfedba78b024e6cc1b087a
aeba3c703e4505803536fa4a036eda959dfd5b2d00f4b7eab2e6fa0e947bfb71
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b9226bc66b1c761e576d0849b134c39c5c4bbd96293704d028d76eb923c3838f
c1eea7fa42a86e8507c3938acb1c697615e9f5ab26a374a71e5fa478b7df896b
c390b1351c7752b8455cc0c855476583e636d592d10b596853724470c29ccd15
c6ede07681335fc17a8e7d4b6cab33fbd8a2422790bab70e78cdd21f2610189b
c87e544c65fde7aa943f8c67947c13fdfc9e398701ff3343d3afbcc797aaa1ea
d1da35eb7e055683416c2c58726f5a0554b4d2483bb4c1fe69c9681570ddb44f
d61b6fa5a24a2cc4b7aa62a2a6271a13800b99d30016c4e09f38cf47f8490ea3
dbccfb387db5542b65b78eefc60b5a190d2961e9b7d7f0f22f3927e05ffb362a
dcbb1651a93937332a975c645034305e2498db5fc9d3c3e8941792d6c8d40718
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eab684eb76b05b5ca8a953efb67f14a7ebc4691f78fd6d1c29171354b93eb85a
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c67e7e40d93a3f32886f48cb96f6c594ba268c48aac2ff93232a0a9fda3240
f1442b2672594503b95a4886858c657a82785f66abe2732d962124346929e9cb
f6c5591cb33c255da855f3c58e6869b003f3d51e5a5874146d563aee22ebde2c
f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004
fda7a324a8cf9997293573aeccad5d7292055d1f1e9b5486f829f60f3b4b64d3
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382

leekduck.com Open in urlscan Pro 2606:4700:3032::6812:3a7e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

84 Requests

100 %HTTPS

55 %IPv6

26 Domains

33 Subdomains

32 IPs

6 Countries

1250 kBTransfer

2941 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

84 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

leekduck.com Open in urlscan Pro
2606:4700:3032::6812:3a7e Public Scan

Screenshot
Live screenshot

Full Image

84
Requests

100 %
HTTPS

55 %
IPv6

26
Domains

33
Subdomains

32
IPs

6
Countries

1250 kB
Transfer

2941 kB
Size

1
Cookies

84 HTTP transactions
2 data transactions